On Fri, 01 Jan 1999 04:49:57 -0800, Jerry Preeper
<preeper(_at_)cts(_dot_)com> wrote:
I have the following rule in one of my rc. files and it doesn't
seem to be catching the junk mail
:0B:
* ^^(This is a one-time only email)
! spam(_at_)domain(_dot_)com
That would catch only occurences at the *VERY BEGINNING* of the
body. Shouldn't you be looking for it anywhere in the body? Also,
there may or may not be a hyphen in "one-time", so a dot (which
matches any 1 character) might work better. I would suggest
something like...
:0B:
* This is a one.time only (email|offer)
! spam(_at_)domain(_dot_)com
I also have a question about logging the rc file or even the
rule that denied the mail. I have set up my .procmailrc file
with a bunch of these lines to separate file making it easier
for me to add things.
INCLUDERC=$PMDIR/rc.banneddomains
I would like to be able to track which rule denied the email
so I can track this info and was wondering how I might go
about this. Anyone have any ideas if this is possible and how
to do this.
You have to make three changes to the implementation...
1) Instead of having a spam-detection rule "deliver" the
email, have it add a unique X-header to the message using
"formail". I use "X-Reject:" followed by a comment as in
the example below.
2) I prefer to let procmail put the email through all
my filters even if half-a-dozen of them find something
wrong. To avoid having a match being considered as
"delivery", you must use the "f" (filter) flag, to tell
procmail to continue processing the result. Since the
default is for formail to process the entire message,
you can save a bit of cpu by having it only work over the
headers. This requires the "h" flag. Procmail
automatically rejoins the modified headers with the
original body.
Some of the really lousy spams get 4 or 5 "X-Reject:"
headers added on by the time my filters get through
with them (see URL in my sig).
3) At the end of the of your procmail filters, the last
recipe must look for your special X-header(s), and divert the
message if it finds any.
Here's an example from my filters, modified to fit your
question...
:0fh
* ^(Date|Subject|Reply-To):(.*$)+Received:
| formail -A "X-Reject: Possible forged _Received: from_ line"
:0fh
* ^Received:.from.*.\(\[.*.by.(.*$)+Received:
| formail -A "X-Reject: No reverse DNS returned"
:0fh
* ^X-UIDL:
| formail -A "X-Reject: Invalid X-UIDL:"
:0fh
* ^Comments:.*Authenticated sender
* !^X-Mailer:.*Pegasus Mail
| formail -A "X-Reject: Authenticated sender BS"
:0
* ^X-Reject:
! spam(_at_)domain(_dot_)com
Walter Dnes <waltdnes(_at_)interlog(_dot_)com> procmail spamfilter
http://www.interlog.com/~waltdnes/spamdunk/spamdunk.htm
Why a fiscal conservative opposes Toronto 2008 OWE-lympics
http://www.interlog.com/~waltdnes/owe-lympics/owe-lympics.htm