procmail
[Top] [All Lists]

Re: Stoping Kornet und ADSL $USER sending me messages directly

2004-11-25 16:39:56
On Thu, Nov 25, 2004 at 03:39:03AM +0100, Michelle Konzack wrote:
Good morning Ross, 

(Actually, Ross is my last name.)


Am 2004-11-25 00:51:56, schrieb Dallman Ross:

On Wed, Nov 24, 2004 at 11:28:49PM +0100, Michelle Konzack wrote:

First, you're using a lone H flag on recipes, and that is dangerous

OK, I have already removed it.

Good.


you're spinning your wheels.  I just looked in my last-100 spam
archive for your suspect "222" IP range.  I found a number of them:


   12:25am [~/Mail/.myspam] 531[0]> grep '^Received:.*[^0-9.]222[.]' *
  msg.342W:Received: from [222.114.73.28] (helo=bdo.no)
  msg.LJ0X:Received: from 222.47.62.188 ([222.47.62.188])
  msg.OJ0X:Received: from xmsky.okwine.cn (222.47.62.209) by mail.epost.de 
(7.2.033.1)

Maybe, but do this people send directly Messages to your Mailbox ?
I have friends in Korea and the have writen messages today and none
was filtered, because they use the Kornet-SMTP-Relay. 

My spam recipes are good.  They don't usually stop good mail.  I don't
block based on geography.  If something landed in my spam pile,
something is wrong with the message in a "it flunks the smell test!"
kind of a way.

Actually, one of my most useful, most used spamtraps looks for messages
pipelined directly to my upstream SMTP provider when the rest of the
mail header bears no resemblance to something that should have been
pipelined (by which I mean "sent directly"), yes.  So that's
definitely a good thing to be looking for as a strong sign of spam.


What I am filtereing is ONLY the second "Received:" Header. If a smtp-
relay is between the sender and my Mailbox, it wil not filtered. 

As Kremey pointed out, no, you're not.  You're filtering based on
what two adjacent Received headers show; but there's nothing in your
recipe specifying they be the second and the one next to it.


All right, back to your problem: I would take the regex and try it out
on the command line with egrep to troubleshoot.  For example, I created
a synthetic version of your line looking for "222" to use with grep on the
command line.  I could basically duplicate the entire procmail condition's
regex and see if it matches or not, and if not, why not (by deconstructing
it phrase by phrase until it does work).

..but my Kornet Filter is working perfectly. 
Only the ADSL-Filter does not work.

Yes.  That's why I said, above, "for example."  For another example,
take the recipe that is causing the trouble and test *it* in a similar
way.  My point was to show how to take a condition line's regex and
break it down and test it in your shell at a shell prompt using egrep.
As to what specifically is in the the thing you test, that's up to you.
I'm talking concept, not details.  Test your ADSL-blocking recipe
in chunks until you see what about it doesn't work.

You can feed the headers to egrep on the command line by using the
-c option with formail, so the headers will be unfolded, just as they
are inside procmail.

Here's a tiny example, completely unrelated to your problem except that
I am demonstrating the technique:

 12:18am [~/Mail] 428[1]> formail -c -x Received: < SPAMPLE | egrep helo=
 from [24.200.68.41] (helo=modemcable041.68-200-24.mc.videotron.ca)     by 
m1.dnsix.com with esmtp (Exim 4.24)  id 1CU3Y9-0007si-A7     for 
paintproof(_at_)germanophile(_dot_)com; Tue, 16 Nov 2004 05:39:13 -0800

-- 
dman

____________________________________________________________
procmail mailing list   Procmail homepage: http://www.procmail.org/
procmail(_at_)lists(_dot_)RWTH-Aachen(_dot_)DE
http://MailMan.RWTH-Aachen.DE/mailman/listinfo/procmail