procmail
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: aol spam - forgeries?

1999-02-20 13:22:05
from [Professional Software Engineering] [Permanent Link] 
At 10:41 1999-02-20 -0800, Jerry Preeper wrote:


kind of recipe I might add to stop this junk.  I know I can keep adding
info from the body of the message but it keeps seeming to change.


If you can help it, avoid needing to filter on the body - constraining
yourself to the headers is much faster (at least, do those checks first).
Having a healthy collection of subject phrases used for spam is a good
generic check.


Received: from imo25.mx.aol.com (imo25.mx.aol.com [198.81.17.69])
      by machine.domain.com (8.9.1/8.9.1) with ESMTP id JAA27814
      for <saints(_at_)domain(_dot_)com>; Sat, 20 Feb 1999 09:34:00 -0800 
(PST)
From: Toadtt17(_at_)aol(_dot_)com
Received: from Toadtt17(_at_)aol(_dot_)com
      by imo25.mx.aol.com (IMOv18.1) id UTUTa20271;
      Sat, 20 Feb 1999 11:31:55 -0500 (EST)
Message-ID: <e1861dac(_dot_)36cee37b(_at_)aol(_dot_)com>
X-Mailer: AOL 3.0 for Windows 95 sub 64

[snip - all the others share the same key characteristics]

Abusers.  Looks like kosher AOL headers (INCLUDING the From: being before
the initial recieved).

If you don't normally communicate with AOL users, you might find it easier
to whitelist those who you do communicate with, and blacklist the entire
domain (AFTER filtering mailing lists), checking your spam logs
periodically, and revising your whitelist as appropriate.

Here's a pretty generic pair of AOL filters (ignore the LOG stuff, and the
gzip is how I archive my messages on the server - you could copy directly
to a mailbox file).  I use this sort of stuff for all the national players
(Netcom, AOL, Earthlink, Prodigy, etc).  I use variants on just the first
one on a number of freebie type accounts (yahoo, netscape, excite, hotmail,
etc).


:0
* ^From:(_dot_)*(_at_)aol\(_dot_)com
* ! ^Message-Id:(_dot_)*[(_at_)(_dot_)]aol\(_dot_)com>$
{
        LOG="SPAM: forged AOL$TWITVER"

        :0:
        |gzip -9fc>>$MAILDIR/twits.gz
}

:0
* ^Message-Id:(_dot_)*[(_at_)(_dot_)]aol\(_dot_)com>$
* ! ^From:(_dot_)*(_at_)aol\(_dot_)com
{
        LOG="SPAM: forged AOL (messageID but not From)$TWITVER"

        :0:
        |gzip -9fc>>$MAILDIR/twits.gz
}


---
 Please DO NOT carbon me on list replies.  I'll get my copy from the list.

 Sean B. Straw / Professional Software Engineering
 Post Box 2395 / San Rafael, CA  94912-2395
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  aol spam - forgeries?, Jerry Preeper
Next by Date:  Re: aol spam - forgeries?, Liviu Daia
Previous by Thread:  aol spam - forgeries?, Jerry Preeper
Next by Thread:  Re: aol spam - forgeries?, Bill McClatchie
Indexes:  [Date] [Thread] [Top] [All Lists]