procmail
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Some date checking code.

2003-05-13 09:15:22
from [Dallman Ross] [Permanent Link] 
On Mon, May 12, 2003 at 06:58:26PM -0600, Daryle A. Tilroe wrote:

I have seen several examples of some date checking ideas
in the archive and cobbled this together.  I believe it
is much more detailed (ie. operational recipe rather
than snippets) than anything I saw posted.  Anyhow I
am throwing it out to see if there are any comments,
corrections, insights, simplifications, etc.:

-------------------------------------
:0 H
* ^Date.*\/[+-]1[4-9]00|\
  ^Date.*\/[+-][2-9][0-9]00


More efficient:

        :0
        * ^Date:.*\/[+-](1[4-9]|2-9][0-9])00

The `H' flag is default, so you don't need it.

I'll note that +1300 is legit but not -1300.
Also, some mailers do prepend a leading zero; so your
case of 1[4-9]|[2-9] will fail in that situation.

I do something sort of similar to what you've posted,
but with a substantially different algorithm.  I do
nevertheless use scoring in a not dissimilar way, though.


* DATE_SECS ?? [^0123456789]


        * DATE_SECS ?? [^0-9]



  LOG="Weight adjusted for date more than 2 days in the future: $WEIGHT $NL"


I find that anything more than an hour in the future is almost certain
spam, after I whitelist out mailing lists and expected commercial mail.



  LOG="Weight adjusted for date more than 4 days in the past: $WEIGHT $NL"


I give six hours for delivery.  At that point in my rc, the whitelists
are over, so what's left was iffy to begin with.

I have, over the last three months, a total of 1.5% false positives
and 0.1% false negatives to all my spam recipes.

The Date: header and its cohorts are very useful for finding spam.
There was something fishy about the date in Date: or some of the
Received:s in 77 of the last 100 spam message I have (about eight
hours' worth).  (Some of the below aspersions are cast more than
once per messasge, which is another way of saying the total will
be more than 77 when one adds up the numbers represented by each
recipe assignment total.)

 5:19pm [~/Mail] 548[0]> distro | egrep 'DA?T'
  66 UBE.DT.BOGUS
   9 UBE.DT.!FR_.DATE_SPOTTY:FUTUREDAY
   3 UBE.DT.!FR_.DATE_SPOTTY:FUTUREHOUR
   3 UBE.DT.!RC.DATE_SPOTTY:0
   2 UBE.DT.!FR_.DATE_SPOTTY:PASTDAY
   2 UBE.DT.!FR_.DATE_SPOTTY:PASTHOUR
   2 UBE.DT.!RC.DATE_SPOTTY:2
   1 UBE.DT.!RC.DATE_SPOTTY:1

These are some of the reasons why I almost never even have to look
at message bodies to see if they're spam.

-- 
dman

_______________________________________________
procmail mailing list
procmail(_at_)lists(_dot_)RWTH-Aachen(_dot_)DE
http://MailMan.RWTH-Aachen.DE/mailman/listinfo/procmail
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Problems changing "From:" in header of autoreply, Dallman Ross
Next by Date:  Re: Procmail not picking up matches from Recipe, Clive Menzies
Previous by Thread:  Re: Some date checking code., fleet
Next by Thread:  Re: Some date checking code., Daryle A. Tilroe
Indexes:  [Date] [Thread] [Top] [All Lists]