procmail
[Top] [All Lists]

Re: Filtering bounces for auto-wording recipes

2003-09-25 15:28:31
At 15:05 2003-09-25 -0500, Justin Shore wrote:

It takes the incoming message and cleanses it of any identifiable
information that could identify the actual spam recipient.  This prevents
listwashing and DDoS attacks (hopefully).

Uhm, you're aware that some of those "random character spews" (either at the end of a subject, or trailing the body) are sometimes used as database keys?

present.  The problem I'm having is with bounces.  Shortly after this
auto-reporting tool went into use one of my spamtrap domains was
joe-jobbed.

Well, one approach would be to take recognized mailer-daemon messages and file them away for potential carbon lifeform review.

know annoys all of us).  My recipe didn't know how to handle the bounces.
I never told it to filter them out.  Therefore my recipe forwarded the
bounces to the FTC and NANAS.  Whoops!  That was a mistake on my part.

.. and a good reason to consider _NOT_ automating reporting mechanisms, since when they break, they're become a big problem, often setting yourself up to be ignored.

then tried to use FROM_DAEMON to filter the bounces.  It filtered some but
not all.  I also tried FROM_MAILER.  It too filtered some but not all of
the bounces.  How do I filter out the bounces in a procmail recipe?

Some crappy mailers (predominantly, but not exclusively running on windows OS') don't send daemon messages from recognized mailers.


You might consider scanning the body for mail-type headers, which would typically be included in a bounce. That's not guaranteed to catch all the daemon messages, but it should help to grab the ones which bounce back transaction headers within the body.


:0 H:

FTR, 'H' is a default flag, so you don't need to specify it. See 'man procmailrc'

#:0 H:
#* ^FROM_DAEMON
#DAEMON

This certainly won't catch anything if it's commented out.

                                -e 's/munge1.net/reportingdomain.com/gI' \
[snip, much repetition]

Might be a bit easier if you use a regexp, like so (note also that dots in the LHS of the expression are ESCAPED). This could be optimized further by grouping .com/.net/.org together, but it is so not worth my time to do that on a munged string:

-e 's/(munge1\.net|munge2\.org|munge3\.net|munge4\.com|munge5\.net|munge6\.net|munge7\.net|munge8\.com)/reportingdomain.com/gI' \ -e 's/(mungeuser1|mungeduser2|mungeduser3|mungeduser4|mungeduser5|mungeduser6)/mungeduserid/gI' \


# Hopefully this will prevent mail loops.
* $ ! ^X-Spam-Loop: $BOUNCER

Hopefully, if you're going to bother with all the munging, you'd consider checking for this BEFOREHAND, so that you don't do all that extra work if the message is eventually going to be ignored.


        | sed -e "s/munge1.net/reportingdomain.com/gI" \
[snip, but even more expressions than before]

You're munging again?

                | $FORMAIL -I ReSent-Date: \
[snip]

If you're going to remove these headers, consider removing them BEFORE you do all the regexp changes, since this will reduce the volume of material which the other expressions must reprocess over and over.

---
 Sean B. Straw / Professional Software Engineering

 Procmail disclaimer: <http://www.professional.org/procmail/disclaimer.html>
 Please DO NOT carbon me on list replies.  I'll get my copy from the list.


_______________________________________________
procmail mailing list
procmail(_at_)lists(_dot_)RWTH-Aachen(_dot_)DE
http://MailMan.RWTH-Aachen.DE/mailman/listinfo/procmail