At 15:05 2003-09-25 -0500, Justin Shore wrote:
It takes the incoming message and cleanses it of any identifiable
information that could identify the actual spam recipient. This prevents
listwashing and DDoS attacks (hopefully).
Uhm, you're aware that some of those "random character spews" (either at
the end of a subject, or trailing the body) are sometimes used as database
keys?
present. The problem I'm having is with bounces. Shortly after this
auto-reporting tool went into use one of my spamtrap domains was
joe-jobbed.
Well, one approach would be to take recognized mailer-daemon messages and
file them away for potential carbon lifeform review.
know annoys all of us). My recipe didn't know how to handle the bounces.
I never told it to filter them out. Therefore my recipe forwarded the
bounces to the FTC and NANAS. Whoops! That was a mistake on my part.
.. and a good reason to consider _NOT_ automating reporting mechanisms,
since when they break, they're become a big problem, often setting yourself
up to be ignored.
then tried to use FROM_DAEMON to filter the bounces. It filtered some but
not all. I also tried FROM_MAILER. It too filtered some but not all of
the bounces. How do I filter out the bounces in a procmail recipe?
Some crappy mailers (predominantly, but not exclusively running on windows
OS') don't send daemon messages from recognized mailers.
You might consider scanning the body for mail-type headers, which would
typically be included in a bounce. That's not guaranteed to catch all the
daemon messages, but it should help to grab the ones which bounce back
transaction headers within the body.
:0 H:
FTR, 'H' is a default flag, so you don't need to specify it. See 'man
procmailrc'
#:0 H:
#* ^FROM_DAEMON
#DAEMON
This certainly won't catch anything if it's commented out.
-e 's/munge1.net/reportingdomain.com/gI' \
[snip, much repetition]
Might be a bit easier if you use a regexp, like so (note also that dots in
the LHS of the expression are ESCAPED). This could be optimized further by
grouping .com/.net/.org together, but it is so not worth my time to do that
on a munged string:
-e
's/(munge1\.net|munge2\.org|munge3\.net|munge4\.com|munge5\.net|munge6\.net|munge7\.net|munge8\.com)/reportingdomain.com/gI'
\
-e
's/(mungeuser1|mungeduser2|mungeduser3|mungeduser4|mungeduser5|mungeduser6)/mungeduserid/gI'
\
# Hopefully this will prevent mail loops.
* $ ! ^X-Spam-Loop: $BOUNCER
Hopefully, if you're going to bother with all the munging, you'd consider
checking for this BEFOREHAND, so that you don't do all that extra work if
the message is eventually going to be ignored.
| sed -e "s/munge1.net/reportingdomain.com/gI" \
[snip, but even more expressions than before]
You're munging again?
| $FORMAIL -I ReSent-Date: \
[snip]
If you're going to remove these headers, consider removing them BEFORE you
do all the regexp changes, since this will reduce the volume of material
which the other expressions must reprocess over and over.
---
Sean B. Straw / Professional Software Engineering
Procmail disclaimer: <http://www.professional.org/procmail/disclaimer.html>
Please DO NOT carbon me on list replies. I'll get my copy from the list.
_______________________________________________
procmail mailing list
procmail(_at_)lists(_dot_)RWTH-Aachen(_dot_)DE
http://MailMan.RWTH-Aachen.DE/mailman/listinfo/procmail