procmail
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Chinese Spam Filter

2000-03-05 19:43:32
from [Bert Hiddink] [Permanent Link] 
Hello, Walter,

El 5 Mar 00, a las 19:59, Walter Dnes escribó: 


On Thu, 2 Mar 2000 07:54:45 -0800 (PST), Eric Hilding
<eric(_at_)hilding(_dot_)com> wrote:



Sorry...my inbox with over 17,000 e-mails bit the dust before I
could download and implement that last version of an anti-Chinese
Spam Filter someone had posted.  I am DELUGED with this junk, and
would sure appreciate it if whoever made that post could send it
along again.  I believe it "addressed" pulling the ".cn" from the
"Received:" lines?????  Most regular "From:" lines in these junk
mailings are bogus.

  I have a filter recipe on my site that checks for characters
with the high-bit set (CHR(128)..CHR(255)).  If an email is
more than 5% high-bit characters, it's trapped.  The filter will
count actual high-bit characters and "quoted-printable" versions
thereof.  The filter is on my website (see sig).  Click on
the item about filtering Chinese spam.

  Booby-trap warning... In order to trap high-bit characters,
the filter must list them.  Be careful that the editor you use
can handle high-bit characters.  vim in strict vi-compatable mode is
OK, but native vim mode has problems.  If you see the characters as
"\0xC0", etc, you're OK.

-- 
Walter Dnes <waltdnes(_at_)waltdnes(_dot_)org> http://www.waltdnes.org
SpamDunk Project procmail spamfilters.
A picture is worth a thousand words; unfortunately,
it consumes the bandwidth of ten thousand words.


Thanks a lot for your script! I would like to implement it, however, 
it checks for "chinese" characters in the body of the message. Since 
all the spam I receive, do have the high-bit characters in the 
subject-line and not all of them do have in the body (sometimes it is 
just an URL), my question is: how to proceed if I want to apply your 
filter just on subject-lines? IOW: How to change the line: 
 :0BD
...so that it only does egrep for the subject line?

Many thanks in advance for your help!

-brt 




   Bert Hiddink, FUNDACION GALILEO
   Correo electronico: hiddink(_at_)galileo(_dot_)or(_dot_)cr
   Sitio: http://www.galileo.or.cr
   Tel. (506) 280 8683, telefax. (506) 280 8847
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Chinese Spam Filter, Walter Dnes
Next by Date:  RE: Multiple commands in one Recipe, Alex Kusuma Tjahjana
Previous by Thread:  Re: Chinese Spam Filter, Walter Dnes
Next by Thread:  Re: procmail configurations, Holger Wahlen
Indexes:  [Date] [Thread] [Top] [All Lists]