procmail
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Filtering with Procmail before it goes to spamassassin.

2004-07-23 16:57:23
from [Alan Clifford] [Permanent Link] 
On Fri, 23 Jul 2004, David A. Roth wrote:

DAR> I have been using Spamassassin (SA) for my domain and it suits my
DAR> needs. Lately I have been getting a lot of spam spoofed bounced e-mail
DAR> using my domain. The spammers don't use a valid user name from my
DAR> domain, so I can't simply add them to the SA blacklist. I decided I
DAR> only want e-mail mail addressed To: me@ & webmaster@ be allowed
DAR> through. Everything else can go to /dev/null. However, if someone has a
DAR> typo user name as legit e-mail to my domain, I feel they should get a
DAR> reply letting them know that their 'typo' doesn't exist. At the same
DAR> time, I don't want to have it reply from a valid e-mail address since
DAR> it must just get added by spammers and I really want them to send it to
DAR> a correct e-mail address (perhaps noreply@ ?)
DAR>
DAR> I assume what I described above is a good task for Procmail? I'm still
DAR> getting up to speed on Procmail and would like to find examples of what
DAR> I described above done, so that after Procmail does its job, it then
DAR> passes the properly addressed e-mail to SA.
DAR>

It is not really a task for procmail but it may be all you have.

My domain has been "joe jobbed" in this manner and I reluctantly removed
the wildcard, <anything>@ in Sendmail's virtual user table.

However, before I did that, a large proportion of the false bounces were
being caught by a rule similar to

* ^FROM_DAEMON
daemonmailbox

so it didn't actually reach my mailbox.

The rest hit the autoresponder, which is written in procmail, and is
available at http://www.mundungus.org/software.html#marp

But it was all very irritating.  I like to browse the index of the
autoresponded, the daemon reply, and the spam box just to see if I have
caught something I shouldn't have, but a thousand false bounces a day were
just swamping everything.

-- 
Alan


( Please do not email me AS WELL as replying to the list.  Please
  address personal email to alan+1@ as lists@ is not read. A
  password autoresponder may be invoked if this email is very old. )


____________________________________________________________
procmail mailing list   Procmail homepage: http://www.procmail.org/
procmail(_at_)lists(_dot_)RWTH-Aachen(_dot_)DE
http://MailMan.RWTH-Aachen.DE/mailman/listinfo/procmail
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: {Blocked Content} Re: Filtering with Procmail before it goes to spamassassin., Stephen Kuhn
Next by Date:  Re: (Parsing dates and) persistent lock files that never go away, Justin Gombos
Previous by Thread:  Re: {Blocked Content} Re: Filtering with Procmail before it goes to spamassassin., David A. Roth
Next by Thread:  Re: Filtering with Procmail before it goes to spamassassin., Nancy McGough
Indexes:  [Date] [Thread] [Top] [All Lists]