At 22:13 2000-09-22 -0700, Deb Heller-Evans wrote:
Gawd I hate spam. It triggers a viceral reaction in me. Puts
Gawd I hate spam. Especially when it gets forwarded via lists.
[snip - you've repented, but I wrote a response I didn't queue right
away. Had half a mind to chew you out anyway for including the body.]
>From
#1(_dot_)Internet(_dot_)Art(_dot_)and(_dot_)Entertainment(_dot_)Directory(_at_)showboat(_dot_)teradyne(_dot_)com Fri
Sep 22 20:33:21 2000
[snip]
I think installing a newer version of sendmail and enabling more of the
anti-relaying features would reduce these spams.
Received: from 216.214.206.65 (tnt13a-65.focal-chi.corecomm.net
[216.214.206.65])
by showboat.teradyne.com (8.8.8+Sun/8.8.8) with SMTP id XAA16874
for <deb(_at_)beaux(_dot_)atwc(_dot_)teradyne(_dot_)com>; Fri, 22 Sep 2000 23:30:32
-0400 (EDT)
Complain to corecomm.net administrators about this email, and tell them how
you're about to block *ALL* corecomm messages because of it, or if it
continues. Then, if you have administrative privledges for the server, set
up an access database (not "MS Access", but "sendmail access") to refuse
SMTP connections from "corecomm.net".
The DUL rbl could be of use as well (dunno if this source IP would be
listed there, but if it were, your server would refuse the message on the
grounds that a dialup user was attempting to inject a message directly to
your mailserver). The idea is that a dialup user should be using their own
ISP's mailserver, not yours.
If these were FULL headers, this is notably missing the "From:"
header. Absense of a FROM is a near-sure indication that you're dealing
with spam, so generic rules would have bailed this message.
# From: header not even present!
# Anybody mailing and not identifying a from, MUST be spamming.
:0:
* ! ^From:.*
dump_to_your_trashfolder_or_devnull
To: International(_at_)showboat(_dot_)teradyne(_dot_)com,
Art(_at_)showboat(_dot_)teradyne(_dot_)com,
and(_at_)showboat(_dot_)teradyne(_dot_)com,
Entertainment(_at_)showboat(_dot_)teradyne(_dot_)com
They addressed it as "To: International Art and Entertainment", your own
SMTP servers "expanded" this to local adressees. Not directly useful for
flagging it as a spam, just explaining why this field appears this way.
X-Reply-To: #1 Internet Art and Entertainment Directory
I Daresay any Reply-To type of header lacking an '@' could probably be
flagged as junk. Except for rare cases (X.400 ?), this should be
fine. Something like the following should catch this particular header -
we check that the header EXISTS, then check that it DOESN'T contain an
'@'. If you simply checked that the header didn't have an '@' without also
confirming that the header even existed, then the fact that the header
doesn't exist in most messages would cause the rule to match (on the
inverted condition), and everything would get dumped.
:0:
* ^X-Reply-To:
* ! ^X-Reply-To:.*@
dump_to_your_trashfolder_or_devnull
---
Please DO NOT carbon me on list replies. I'll get my copy from the list.
Sean B. Straw / Professional Software Engineering
Post Box 2395 / San Rafael, CA 94912-2395
_______________________________________________
procmail mailing list
procmail(_at_)lists(_dot_)RWTH-Aachen(_dot_)DE
http://MailMan.RWTH-Aachen.DE/mailman/listinfo/procmail