At 11:03 2003-10-30 -0600, Christopher L. Barnard wrote:
I am seeing a lot of email about how to trap spam email. I am using
procmail in the reverse: consider everything spam and only trap what I
want. I am curious to get other folks opinion of this solution. I
have only started doing this in the last week or so, but it seems to be
working very well. I have had only a handful of the 100s of daily spam
messages I get actually get through to my inbox.
Hmm, sounds like what a greenlist is for. <g>
What I do is at the top of my procmail recipes I use formail to add a
header to any email that I want to keep:
No need. Just set a variable.
:0 f
*$ ^From:.*\cbot.com
| formail -a "X-Keeplist-Member:Procmail has allowed this message through."
:0
* $ ^From:.*cbot\.com
{
KEEPER=yes
}
*MUCH* less overhead. Note also that the dot in the domain is escaped and
the bogus slash before cbot is removed (what'd you indend it to be
doing?). Of course, this might match any number of domains that END with
cbot.com. One spam source that immediatley springs to mind is "nicbot.com"
[I have about 30 of these sorts of rules, and they are growing]
You could instead grep a list of domains, rather than having individual
filters for each one.
:0
* ? formail -xFrom: | fgrep -i -f greenlist.dat
{
KEEPER=yes
}
That one invocation would be more overhead than a pile of within-procmail
constructs, but you're sort of trading it for the invocation necessary to
add a header, AND you're gaining simplicity from it, as well as the ability
to programmatically populate the external greenlist file (you could
populate it without even having to log into your server). The file can
contain specific addresses or just @domain.com type constructs.
If you're going to do it longhand, hopefully you're at least using :0E for
the flags on the subsequent greenlisting ones (so that once one of them has
flagged the message, the rest will not be checked, since there's no need).
Then the last line of my procmail recipes is
:0
* ! ^X-Keeplist-Member:Procmail has allowed this message through.
garbage/.
:0
* ! KEEPER ?? ^^yes^^
garbage/.
(Which is also a lot simpler than matching on the added header)
So anything that I do not explicitly want to keep is thrown out. It is
put in a folder named "garbage" so that I can search through it for
false positives. If I find something that I want to read, I do so. If
it is a recurring message that I will want to be delivered normally the
next time it is sent, I add another X-Keeplist-Member rule for it.
Am I missing some fatal flaw that is going to bite me in the butt at
some point in the future, or have I successfully nuked 99% of the spam
that comes my way?
You're likely to spend a lot of time checking the content of your garbage
folder to see that some new contact from someone hasn't been ditched.
I use greenlists to bypass my spam filtering, but the spam filtering
doesn't simply toss everything that doesn't match a greenlist, so plenty of
mail is expected to exit the spam filter unscathed.
I won't bother to point out that someone can send you a message with that
added header and it'll pass right on through to your inbox. The method I
present doesn't alter the message and doesn't rely on the added header for
the final step, so cannot be bypassed that way (though a forged From: line
is going to do it - but that's a limitation with greenlisting anyway unless
you use PGP).
---
Sean B. Straw / Professional Software Engineering
Procmail disclaimer: <http://www.professional.org/procmail/disclaimer.html>
Please DO NOT carbon me on list replies. I'll get my copy from the list.
_______________________________________________
procmail mailing list
procmail(_at_)lists(_dot_)RWTH-Aachen(_dot_)DE
http://MailMan.RWTH-Aachen.DE/mailman/listinfo/procmail