At 15:17 2002-02-15 -0500, Ruben I Safir wrote:
Subject: some message like this SECRETCODE
Most of the time I've seen this sort of stuff, the code has been numeric.
Perhaps you might want to experiment with something like:
:0
* ^Subject:.*[ ][ ][ ][ ][ ][^ ]+$
{
LOG="NOTE: this looks suspiciously like a secretcode spam
"
}
This should match lines containing at least five (spaces or tabs) followed
by one or more nonwhitespace chars before the end of line, and emit a note
to your logfile. After a while, you can examine the logfile and see how
well it works in matching this type of spam, or if if mis-identifies other
messages. THIS RULE AS WRITTEN, does not do anything to your message - it
merely emits this informational message to the log.
Note that I don't use the above rule, instead, I have an item (one of many)
in a _scoring_ recipe:
* 120^0 SUBJECT ?? [ ][ ]+(\[\(<)?[0-9][0-9][0-9]+(\]\)>)?[ ]*$
This looks for (optionally bracketed) codenumbers at the end of lines. it
works as a weighted rule -- alone, this doesn't flag it as spam, but it
DOES bump it way up - all it takes is a single minour keyword, and poof,
the message is tossed.
If you're interested in scoring, see 'man procmailsc' (note that there are
SEVERAL procmail manpages - see the "SEE ALSO" at the bottom of 'man
procmail').
As long as the nature of your subject line processing has shifted to it
actually being SPAM, you should note that bothering to REPLY to it is a
worthless endeavour, if that's what your perl script does.
[big 'ol snip - lotsa previous message content we don't need to see again]
---
Sean B. Straw / Professional Software Engineering
Procmail disclaimer: <http://www.professional.org/procmail/disclaimer.html>
Please DO NOT carbon me on list replies. I'll get my copy from the list.
_______________________________________________
procmail mailing list
procmail(_at_)lists(_dot_)RWTH-Aachen(_dot_)DE
http://MailMan.RWTH-Aachen.DE/mailman/listinfo/procmail