On Mon, Jul 07, 2003 at 10:58:17AM +0200, Eric Smith wrote:
I know I am being lazy, but what are people using fro a regex
to detect spam targetting this kind of harvested address:
To: 19990619103238.F8070 <19990619103238(_dot_)F8070(_at_)fruitcom(_dot_)com>
These "addresses" are actually Message-ID lines from various lists.
Blocking such mail could probably be done more efficiently by your MTA
rather than by procmail. Since most of these "addresses" will not
exist, the only time you'll see them is if you have a "global" address
collecting mail for addresses otherwise unconfigured in your MTA.
Sendmail has the ability to block messages based on regexp matches in
the headers. Documentation on this is at the Sendmail web site. If
you're using some other MTA, check its documentation or mailing list.
This spam comes in groups and one of the messages is usually
your regular address (no surprises there) - anyone figured
a nice way to detect the entire group once a numerical address
is detected?
If you really want a procmail recipe for this, something like:
TWO="[0-9][0-9]"
:0
* $
^To:.*[^0-9](199[89]|200[0-9])$TWO$TWO$TWO$TWO$TWO\(_dot_)[a-z0-9](_at_)$HOST
action
(untested, no guarantee, YMMV, etc.)
And of course, the recipe will never be run if you don't forward these
bogus messages to an actual mailbox.
--
Paul Chvostek
<paul(_at_)it(_dot_)ca>
Operations / Abuse / Whatever
it.canada, hosting and development http://www.it.ca/
_______________________________________________
procmail mailing list
procmail(_at_)lists(_dot_)RWTH-Aachen(_dot_)DE
http://MailMan.RWTH-Aachen.DE/mailman/listinfo/procmail