procmail
[Top] [All Lists]

Re: MATCH problem

2003-01-19 14:47:35
On Sun, 19 Jan 2003, Professional Software Engineering wrote:

That's not necessarily a good test.  Lots of home and small business users
(dialup or DSL) will have a From: address that points to their private
domain, but a Message-ID: that has their ISP's SMTP gateway domain (or no
domain at all, if they're using a sufficiently broken MUA that tries to
generate its own message-id).  People using web mailer interfaces, too.

Additionally, there are hostname issues - a From: domain may be
"@fubar.org", and the messageid may end with "@mail.fubar.org".  But, the
simple fact that most hosted domains are going to have the ISP's mailserver
in the messageid should be ample reason.

I'm finding out about these issues now using the recipes from Bart
Schaefer and Ruud.  I thank you very much for the recipe below and will
implement it in a few days - in the meantime, the version I have is
teaching me a LOT about this business I wasn't aware of.

FTR, I do a _similar_ test, but it is limited to a handful of freemail-type
services:

:0
* ^From:.*@(.*\.|)\/(juno\.com|hotmail\.com|yahoo\.co\.jp|lycosemail\.com|\
         mailcity\.com|altavista\.com|webmail\.com|email\.com|myrealbox\.com)
* $ ! ^Message-Id:.*@(.*\.|)$MATCH
{
         LOG="SPAM: forged $MATCH$SPAMVER"

         :0:
         |gzip -9fc >> spam.gz
}

These *are* the guys I'm after.

Thanks again!

                                - fleet -


_______________________________________________
procmail mailing list
procmail(_at_)lists(_dot_)RWTH-Aachen(_dot_)DE
http://MailMan.RWTH-Aachen.DE/mailman/listinfo/procmail

<Prev in Thread] Current Thread [Next in Thread>