Re: Problems with tonns (!!!) of spam

At 16:17 2003-04-23 +0200, Michelle Konzack wrote:

> I am subscribed to 37 Mailinglist and get arround 2 MByte Messages
> per day. Now I have the problem that I do this with a MobilTelephone
> (Siemens S40 with HSCSD), fetchmail and procmail.
Seems a bit extreme.

Perhaps you can clarify whether your mail is fetchmail'ed on a machine 
which has a non-cell connection to the world, and then from THERE, you 
acces it via cell, or if you're downloading the messages to that host via 
the cellular.
In the latter case, you've got serious problems, since in order for 
procmail to process the messages, you'll need to have downloaded them to 
the machine where procmail is running.  Also, if the three accounts you 
mention (further down) are on different ISPs, you'll need to arrange 
running procmail on each of those hosts, to pre-screen your email before 
depositing it into your mailbox on each of those hosts, from which you 
would be downloading _ALL_ of the remaining mail.
More clarity please.  I don't plan to cover all of the various 
possibilities and then find out you've got some squirrelly configuration to 
which it all doesn't apply.
> Since around 7 weeks I become spamed with around 1-4 MByte per day
> and I need to block this at all, because it does not come from the
> mailinglists !!!
Easy: sort the known mailing lists first, delivering them, then apply 
whitelist and extended spam checking rules to the remaining email (which 
should mostly be direct email).
That's basically how I handle my mail - anything that doesn't get sorted is 
rather suspect.  While my email server still gets a certain amount of spam 
(a lot of which is rejected via use of DNSRBLs at the MTA level), virtually 
none of it finds its way into my mailspool, where my mail client retrieves it.
For an example of extended spam tests, see my post from yesterday "Freemail 
/ Large ISP Received: checking", which details just one spam test.
> I use three different e-Mails to get the Messages from the list and
> I do not use it for replay... (but in the past)
I presume you meant list to be 'lists' (plural), and not that you have some 
addresses multiply-subscribed to some list.  Dupes would be something I 
think you'd want to avoid.
To that end, you might check 'man procmailex' and note the recipe there 
which shows how to set up a message-id cache, to eliminate duplicated 
messages.  While not really intended for spam, it would potentially 
eliminate dupes which you download because someone say, sent you a message 
cc'd from a discussion list, so you receive one directly from them and one 
directly from the mail list server.  If you're on a thin line (after 
procmail), eliminating that extra copy would be a good idea.
If your fetchmail is THROUGH the cellphone, you _might_ consider setting up 
fetchmail on one of the remote hosts to pull the mail from the other 
accounts to _there_, running it all through procmail in that one account, 
and having your thin fetchmail retrieve messages from just the one remote 
account.
That approach would allow you to consolodate to one procmail configuration 
instead of one for each of the remote hosts, not all of which may even 
support shell services and procmail to begin with.
> How can I setup my system to refuse Mails which do not come from
> registerd Mailinglists ???
"registered" mailinglists?  There is no such thing at this 
time.  "recognized" mailinglists - those meeting certain criteria, can 
certainly be checked for.  Examine the headers of the messages you receive, 
and certain headers will become apparent on some mailing lists.  Sender:, 
X-Mailinglist:, X-BeenThere:, etc.  Find some that uniquely identify each 
list, and home in on them.
Note that after filtering recognized mailing lists, and doing whitelist 
processing (lists of addresses you know - friends and family), you could 
dump the remaining messages into a web archive and access that via your 
thin client.  Do it right, and the web archive could deposit individual 
messages into your mailspool and then purge them from the webarchive.  It 
could even auto-whitelist the sender/from address so that further messages 
from that sender automatically get through.
If the workload seems high, it is.  If that's a problem, you could also 
consider installing a managed spam package such as SpamAssassin.
I would suggest that if you're not already using procmail (I'm not clear on 
this, but I'd think if you were, most of the above would have been 
understood before you posted), you should start at Nancy's Procmail 
quickstart (see the link from the procmail homepage, 
<http://www.procmail.org/>).  Get at least a basic understanding of 
procmail before you start diving into rejecting email.
---
 Sean B. Straw / Professional Software Engineering

 Procmail disclaimer: <http://www.professional.org/procmail/disclaimer.html>
 Please DO NOT carbon me on list replies.  I'll get my copy from the list.


_______________________________________________
procmail mailing list
procmail(_at_)lists(_dot_)RWTH-Aachen(_dot_)DE
http://MailMan.RWTH-Aachen.DE/mailman/listinfo/procmail