procmail
[Top] [All Lists]

RE: Follow: Recipe woes

2003-06-01 17:07:10
On Sun, 1 Jun 2003, Dallman Ross wrote:

Justin Shore wrote:

On Sun, 1 Jun 2003, Dallman Ross wrote:

  SUBJECT = "`echo $SUBJECT | sed 's/\*\*\*SPAM\*\*\*//g'`

(And I forgot the trailing quotation mark, but okay.)

I caught that.

That would probably work.  I wasn't sure if procmail would 
let me work with a variables in that fashion.  Do you know of 

Have you read `man procmailex'?

I haven't installed the man pages yet.  After recompiling it to suit my 
needs, I never installed them.  I have read them before though.

I'm not forwarding mail with a score >= 10 from a production MTA to a 
single mailbox on this machine.  It took a while to make it 
work believe it or not.

Might have made your life easier if you'd searched the procmail list
archives.  We discussed this (again) only last month, iirc.  There
are a number of easy ways to do it using scoring.  For example,

      * -9^0 ^X-Spam-Score: \/.*
      *  1^1 MATCH ?? [*]
      { we are here if there are 10+ stars }

I'll have to give that a try.  The other one is working fine though.

BTW, your message was flagged as spam by SA.  I couldn't for the life of
me find the message that another list member relied to.  I thought I
didn't get it until I checked one of my spam mboxs.  It appears you made a
direct-to-MX connection to send this one message.  Your dynamically
assigned IP is in dialups.relays.osirusoft.com, dialups.visi.com, and
dnsbl.njabl.org (note that the last two DNSBLs were added by me manually
and the score I chose for all those DNSBLs was 1).  The kicker though is
that SA also believes your MUA was forging an LookOut(tm) MUA.  I don't
know if that's true or not.  Perhaps their latest rule doesn't account for
whatever version of Outlook you're using.  I thought I'd pass that along
though.

This also points out something worth noting in my SA config.  I probably 
shouldn't use more than one DNSBL of the same type.  IE I shouldn't check 
4 BLs of dialup/dynamic IPs or 5 BLs of open relays.  Doing so can easily 
put a message over the threshold just by being direct-to-mx.  I suppose I 
should point out that I generally reject direct-to-mx mail from Sendmail 
with the DUL.


X-Spam-Score: ***** (5.787) FORGED_MUA_OUTLOOK,RCVD_IN_NJABL,RCVD_IN_OSIRU,
    RCVD_IN_VISI_DIALUPS
X-Spam-Report: 
        -------------------- Start SpamAssassin results
    ----------------------
        This message header has had lines added to help you recognize, block,
        or filter similar unwanted mail in the future.
        See http://spamassassin.org/tag/ for more details.
        
        Content analysis details:   (5.79 points, 0 required)
         0.6 RCVD_IN_OSIRU          RBL: Received via a relay in
    relays.osirusoft.com
                                   [217.228.130.124 listed in
    relays.osirusoft.com]
         1.0 RCVD_IN_VISI_DIALUPS   RBL: DNSBL: sender has a dynamically
    assigned IP
                                   [217.228.130.124 listed in
    dialups.visi.com]
         1.0 RCVD_IN_NJABL          RBL: Received via a relay in
    dnsbl.njabl.org
                                   [217.228.130.124 listed in
    dnsbl.njabl.org]
         3.3 FORGED_MUA_OUTLOOK     Forged mail pretending to be from MS
    Outlook
        
        -------------------- End of SpamAssassin results


Thanks for the reply
 Justin


_______________________________________________
procmail mailing list
procmail(_at_)lists(_dot_)RWTH-Aachen(_dot_)DE
http://MailMan.RWTH-Aachen.DE/mailman/listinfo/procmail

<Prev in Thread] Current Thread [Next in Thread>