At 09:21 1999-03-06 +0200, Liviu Daia wrote:
Any idea how to catch this one?
From my twits filters:
:0
* ^From.*@(.*\.|)usa\.com
* ! ^Message-[Ii][Dd]:.*usa\.com
{
LOG="SPAM: forged usa.com$TWITVER"
:0:
|gzip -9fc>>$MAILDIR/twits.gz
}
or:
:0
* ^From.*@(.*\.|)usa\.com
* ! ^Message-[Ii][Dd]:.*usa\.com
/dev/null
The idea here being that certain large services _should_ be injecting their
OWN messageid. If not, then you're generally looking at a spam. I archive
this (rather than strict dev/nul), and get a cron-generated report
periodically to ensure I'm not trashing real mail.
This check BTW, *WILL* screw up if someone uses the usa.com address, but
doesn't use their server...
From: <auser2(_at_)mail(_dot_)usa(_dot_)com>
Message-ID: <36124076(_at_)asudfha(_dot_)com>
---
Please DO NOT carbon me on list replies. I'll get my copy from the list.
Sean B. Straw / Professional Software Engineering
Post Box 2395 / San Rafael, CA 94912-2395