Sean made some excellent recommendations to Deb:
| I think installing a newer version of sendmail and enabling more of the
| anti-relaying features would reduce these spams.
| Complain to corecomm.net administrators about this email, and tell them how
| you're about to block *ALL* corecomm messages because of it, or if it
| continues. Then, if you have administrative privledges for the server, set
| up an access database (not "MS Access", but "sendmail access") to refuse
| SMTP connections from "corecomm.net".
| The DUL rbl could be of use as well (dunno if this source IP would be
| listed there, but if it were, your server would refuse the message on the
| grounds that a dialup user was attempting to inject a message directly to
| your mailserver). The idea is that a dialup user should be using their own
| ISP's mailserver, not yours.
Corecomm is a local telephone company whose service includes dial-up Internet
access. So yes, if that IP is not already in the DUL, it belongs there.
| If these were FULL headers, this is notably missing the "From:" header.
No, there was one, per Deb's original post:
: From:
#1(_dot_)Internet(_dot_)Art(_dot_)and(_dot_)Entertainment(_dot_)Directory(_at_)showboat(_dot_)teradyne(_dot_)com
Clearly showboat's smtpd received it unqualified, possibly with spaces
instead of periods in "#1 Internet Art and Entertainment Directory,"
| Absense of a FROM is a near-sure indication that you're dealing
| with spam, so generic rules would have bailed this message.
|
| # From: header not even present!
| # Anybody mailing and not identifying a from, MUST be spamming.
| :0:
| * ! ^From:.*
| dump_to_your_trashfolder_or_devnull
* ! ^From:
would be enough. Unless you're extracting, a trailing .* just slows procmail
down.
| >X-Reply-To: #1 Internet Art and Entertainment Directory
| I Daresay any Reply-To type of header lacking an '@' could probably be
| flagged as junk.
| :0:
| * ^X-Reply-To:
| * ! ^X-Reply-To:.*@
| dump_to_your_trashfolder_or_devnull
The conditions can be combined, allowing procmail to scan the head only once:
* ^X-Reply-To:[^(_at_)]*$
[or in case there is a Reply-To: with no at-sign:
* ^(X-)?Reply-To:[^(_at_)]*$
instead]
Granted those aren't equivalent: if there is one X-Reply-To: line with an
at-sign and there is another without any, the message would be approved by
Sean's conditions but trashed as spam by mine.
_______________________________________________
procmail mailing list
procmail(_at_)lists(_dot_)RWTH-Aachen(_dot_)DE
http://MailMan.RWTH-Aachen.DE/mailman/listinfo/procmail