procmail
[Top] [All Lists]

RE: Problem passing on MS Office files.

2004-01-19 11:07:56

Following up on Don's suggestion, add the following to the top of
your .procmailrc file to enable verbose logging:

LOGFILE=$HOME/procmail.log
VERBOSE=yes
LOGABSTRACT=yes

and take a look in $HOME/procmail.log to see what happened.


:0 B
*^Content-Type: (application|audio)
*^.*name=.*.(vb[esx]|ws[hf]|c[ho]m|bat|cmd|hta|exe|lnk|pif|scr|shs)
/etc/messages-rejected

## porn spam
:0 B
* sex|porn|lover
/dev/null

You almost never want to just dump things into /dev/null, but if you do, you
want to be near certain you won't get false positives.

Try running,
   grep -i sex /usr/share/dict/words
and notice that several fairly innocuous words show up.

A bigger problem is that procmail is grep-ing through the uninterpreted,
often
uuenconded/base64, message body, and short strings of alpha characters will
almost
always show up. That's probably what's happening to your Excel files;
they are sent via mail encoded as base64 strings, and procmail is finding
your spam terms in there.

Unfortunately, most spammers these days resort to all sorts of tricks to
obscure
their unsolicited e-mails, and those tricks often include encoding their
text
attachments in base64, so a simple string search in procmail just isn't
going to
find those spam words. You'll have to move your technology up several
notches to
be able to catch most of the spam as it arrives.  Try Spamassassin,
http://spamassassin.rediris.es/index.html which takes a bit of work to set
up
but does a good job, and can be easily extended, or a procmail only solution
like Spam Bouncer, http://www.spambouncer.org/.





_______________________________________________
procmail mailing list
procmail(_at_)lists(_dot_)RWTH-Aachen(_dot_)DE
http://MailMan.RWTH-Aachen.DE/mailman/listinfo/procmail

<Prev in Thread] Current Thread [Next in Thread>