I liked Christopher Neil's method, though I took a little more
draconian approach, and look at both the headers and the body of the
message:
# Remove spammers
#
:0 HB:
* ! Content-Type:.*multipart
* ? /usr/local/bin/fgrep -i -q -f ~/.spammers
dumpster
The check to make sure that there are no mulitpart MIME headers in the
mesage is a hack made necessary by some of the shorter patterns
sometimes finding a match in a 'base64' or similar encoded attachment.
Above, the script is calling the GNU version of 'fgrep' which is the
default on Linux, but not on the system that I'm using (an SGI). I
found that some Unix's didn't implement fgrep well, when a large number
of strings are provided as input, and the script would miss on
messsages where it should have found a hit. The GNU implementation of
fgrep is fast and reliable.
Using this method, I can check just about whatever I want
to screen for (domains, user-ids, and commonly used SPAM
phrases). When a new one comes in, that isn't in the database,
I just edit the .spammers file, and at least will catch the
culprit the next time around. I should probably add a list
of users that it is okay to accept from, some day, because
my .spammer patterns sometimes err on the safe side, and
pick off an innocent message from a friend. I used to have
the filter at the top of .procmailrc file, before screening
for mailing lists, but found it to be a pain adding a message
back into my mail list archives that had been inadvertently
directed to the dumpster. Now, the spam screen is at the
end of the .procmailrc file, after all mail list messages
have been filed.