Appended is the "report" for the first 83 messages received today (since
midnight). 56 messages were spam. One (not included in the report) is a
probable spam; but I have to verify it.
FROMLIST is a list of known spammer domains - I'm trying to get rid of it.
(The hits are only if the domain is in the ^From line.)
Any one of these hits (in my limited experience) is sufficient to
designate a message as spam. (It has been pointed out to me that that is
not necessarily so in at least a couple of instances.)
I won't do this again - so please don't holler at me. If you see anything
interesting; I'm willing to discuss it.
=========================================================
4 SPAM: ADV - Subject: begins with ADV:
1 SPAM: BASE64 - base64 encoded html
5 SPAM: BLANKS - Subject: contains excess spaces
1 SPAM: FROMLIST - Return-Path=123winners.com
1 SPAM: FROMLIST - Return-Path=astronet.com
3 SPAM: FROMLIST - Return-Path=currentmail.com
1 SPAM: FROMLIST - Return-Path=e-clk.com
1 SPAM: FROMLIST - Return-Path=emailfactory.com
2 SPAM: FROMLIST - Return-Path=emailwow.com
1 SPAM: FROMLIST - Return-Path=enhancedemailmarketing.com
1 SPAM: FROMLIST - Return-Path=hyper-mail.com
1 SPAM: FROMLIST - Return-Path=joefuzz.com
6 SPAM: FROMLIST - Return-Path=mb00.net
1 SPAM: FROMLIST - Return-Path=mxdat.com
1 SPAM: FROMLIST - Return-Path=opti9.com
1 SPAM: FROMLIST - Return-Path=play4keeps.com
1 SPAM: FROMLIST - Return-Path=purepost.com
1 SPAM: FROMLIST - Return-Path=pxlg.com
1 SPAM: FROMLIST - Return-Path=qualityemail.com
1 SPAM: FROMLIST - Return-Path=savingssentinel.com
1 SPAM: FROMLIST - Return-Path=sbase30.com
3 SPAM: FROMLIST - Return-Path=servitall.com
1 SPAM: FROMLIST - Return-Path=unBEElievableOffers.net
1 SPAM: FROMVSDOM - from aol.com with non-matching message-id
2 SPAM: FROMVSDOM - from hotmail.com with non-matching message-id
3 SPAM: FROMVSDOM - from yahoo.com with non-matching message-id
2 SPAM: MSGID - contains no domain (lacking @)
14 SPAM: MSGID - message-id assigned by raq2.paxp.com
2 SPAM: MSGID - message-id assigned by something.localdomain
1 SPAM: MSGID - message-id starts with MID
2 SPAM: MSGID - pattern 01 - nnnnnnhnhhnn$hhhnnnnn$nnnnnnnn@
11 SPAM: MSGID - pattern 04 - nnnnnnnnnn.nnn(n|nn|nnn)@
1 SPAM: MSGID - pattern 10 - aaaaaa$aaaaaa@
3 SPAM: MSGID - pattern 12 - nnnnn_nnnnn_nnnnnnnnnnnn~
1 SPAM: MSGID - pattern 14 - nnnnnnnn.nn(n).nnnnnnnnn(n)@
1 SPAM: MSGID - pattern 19 - nnnn.nn.nn.mmmmmmmmmmmmmmmm@
1 SPAM: MSGID - pattern 20 - aaaaaaaaaaaaaaaaaaannnnnbbb@
1 SPAM: MSGID - pattern 22 - lllllll(l)(l)@
1 SPAM: NOBODY - Received: from Anonymous
7 SPAM: NOBODY - Received: from daemon(_at_)localhost
1 SPAM: NOBODY - Received: from unknown [127.0.0.1]
3 SPAM: NOTME - Not addressed to me or any of my domains
1 SPAM: RTRNPTH - pattern 1 - Return-Path: <bb-b
2 SPAM: STDERR - From contains fleet(_at_)stderr
1 SPAM: UNDISCLOSED - addressed to
Undisclosed(_dot_)Recipients(_at_)durendal(_dot_)skynet(_dot_)be>
1 SPAM: XTRACK - contains X-flag Source
2 SPAM: XTRACK - contains X-flag XTRACK
PS: in the patterns -
n = [0-9]
a = [A-Za-z0-9]
m = [A-Z0-9]
b = [a-z0-9]
l = [a-z]
_______________________________________________
procmail mailing list
procmail(_at_)lists(_dot_)RWTH-Aachen(_dot_)DE
http://MailMan.RWTH-Aachen.DE/mailman/listinfo/procmail