procmail
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Blacklists

2002-02-13 18:46:37
from [Nelson Henry Eric] [Permanent Link] 
On Wed, Feb 13, 2002 at 02:43:31PM -0800, Agustin Rivera wrote:

Two questions

1)I am having trouble finding blacklists on the internet.  Can anyone
assist?


Can't help you with your question; sorry.  Since giving advice is free ...
Five years ago or so, I tried the same thing, i.e., use a couple of blacklists
off of the Internet.  Thing is, I never got a hit, not even once!  But I sure
got my fill of spam.  All of those spams, however, were harvested for loose
relays or outright spammers -- people who *in fact* had targeted me or my
domain.  Now the logs record about 3-4 messages/week going to /dev/null based
on that database of IP addresses.  This is the second to the last recipe in
my string of INCLUDERC files, so getting false positives is no worry to me.


2) I was contemplating using a combination of images+html tags+the word
"remove" to determine if an email is spam.  Does anyone think this might be
a bad idea?


Not a bad idea, but depending on your way of thinking, you might find it
easier to "debug" and maintain your recipes if you divide them up into little
ones with specific goals.  I have 30 some anti-spam recipes.  My "remove"
recipe includes 101 lines of regular expressions, and is my most powerful
anti-spam recipe by far, accounting for nearly 80% of the hits.  I have never
gotten a false positive with it, although I still divert it to a $SPAM file
just in case.  My "html" recipe relies on numbers rather than specific
matches on many variations.  In the past 6 months, it has become a very
important anti-spam recipe.  I'll share it here (sorry, less one card-up-the-
sleeve) for comments by the gurus:

* H ?? -999^0 ^From owner-(put your mailing lists which deal with html here)
* -10^1 ^.+$
*  14^1 ^.*(<|=3C)/?[a-zA-Z].*(>|=3E).*$
* 100^1 [Tt]ype="hidden".*[Vv]alue="Merchant Response"
*  50^1 (<(BODY|Body|body|STYLE|Style|style))
*   6^1 (href|http-equiv|src|style|type)="?(Conte|font-|http:|mailt|mso-|text/)
*   5^1 &(nbsp|quot);|>[Cc]lick|(TABLE|table) (cell|heig)|<BR><BR>|color=#
*   3^1 ">|痴
*   3^1 ^[     ]+$

Good luck!  Procmail is a godsend for sure.

henry nelson
_______________________________________________
procmail mailing list
procmail(_at_)lists(_dot_)RWTH-Aachen(_dot_)DE
http://MailMan.RWTH-Aachen.DE/mailman/listinfo/procmail
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  [Q] Trying to improve procmailrc by /bin/true, Udi Mottelo
Next by Date:  Performance Considerations of a Global procmailrc, Michael J Wise
Previous by Thread:  Re: Blacklists, Michael J Wise
Next by Thread:  Performance Considerations of a Global procmailrc, Michael J Wise
Indexes:  [Date] [Thread] [Top] [All Lists]