procmail
[Top] [All Lists]

Re: How can I block this?

2000-09-23 12:01:13
Sean made some excellent recommendations to Deb:

| I think installing a newer version of sendmail and enabling more of the 
| anti-relaying features would reduce these spams.

| Complain to corecomm.net administrators about this email, and tell them how 
| you're about to block *ALL* corecomm messages because of it, or if it 
| continues.  Then, if you have administrative privledges for the server, set 
| up an access database (not "MS Access", but "sendmail access") to refuse 
| SMTP connections from "corecomm.net".

| The DUL rbl could be of use as well (dunno if this source IP would be 
| listed there, but if it were, your server would refuse the message on the 
| grounds that a dialup user was attempting to inject a message directly to 
| your mailserver).  The idea is that a dialup user should be using their own 
| ISP's mailserver, not yours.

Corecomm is a local telephone company whose service includes dial-up Internet
access.  So yes, if that IP is not already in the DUL, it belongs there. 

| If these were FULL headers, this is notably missing the "From:" header.

No, there was one, per Deb's original post:

: From: 
#1(_dot_)Internet(_dot_)Art(_dot_)and(_dot_)Entertainment(_dot_)Directory(_at_)showboat(_dot_)teradyne(_dot_)com

Clearly showboat's smtpd received it unqualified, possibly with spaces
instead of periods in "#1 Internet Art and Entertainment Directory,"

| Absense of a FROM is a near-sure indication that you're dealing 
| with spam, so generic rules would have bailed this message.
| 
| # From: header not even present!
| # Anybody mailing and not identifying a from, MUST be spamming.
| :0:
| * ! ^From:.*
| dump_to_your_trashfolder_or_devnull

  * ! ^From:

would be enough.  Unless you're extracting, a trailing .* just slows procmail
down.

| >X-Reply-To:  #1 Internet Art and Entertainment Directory

| I Daresay any Reply-To type of header lacking an '@' could probably be 
| flagged as junk.

| :0:
| * ^X-Reply-To:
| * ! ^X-Reply-To:.*@
| dump_to_your_trashfolder_or_devnull

The conditions can be combined, allowing procmail to scan the head only once:

  * ^X-Reply-To:[^(_at_)]*$

[or in case there is a Reply-To: with no at-sign:

  * ^(X-)?Reply-To:[^(_at_)]*$

 instead]

Granted those aren't equivalent: if there is one X-Reply-To: line with an
at-sign and there is another without any, the message would be approved by
Sean's conditions but trashed as spam by mine.


_______________________________________________
procmail mailing list
procmail(_at_)lists(_dot_)RWTH-Aachen(_dot_)DE
http://MailMan.RWTH-Aachen.DE/mailman/listinfo/procmail

<Prev in Thread] Current Thread [Next in Thread>