anti-spam recpipe

Subject was: Re: match problem or procmail bug: anti pharmaceutical SPAM
filter

Francesco Peeters by e-mail:

> This seems to come from a different recipe you have created?
> If so, would you mind sharing the entire recipe?
I don't filter on content, not even of the Subject-header.

Let me share a different recipe, the one that decides here what mail
to back up, but adapted to make it fight spam:

  :0
  * < 3
  /dev/null

  NL    = '
' SPC   = ' '
  TAB   = '     '
  WSP   = "$SPC$TAB"
  DQ    = '["]'

  b = "[$WSP]"
  n = "$NL"
  s = "($b|$)"  # alternative: "[$WSP$NL]"
  S = "[^$WSP]"
  t = "$TAB"

  :0
  *$ ^^From.*\/$S.+
  { H_FROM_ = "$MATCH" }

  :0
  *$ H_FROM_ ?? ^^\/$S+
  { H_FROM_ADDR = "$MATCH" }

  :0
  *$ H_FROM_ADDR ?? ^^\/[^(_at_)]+
  { H_FROM_USER = "$MATCH" }

  :0
  *$ H_FROM_ADDR ?? ^^[^(_at_)]+@\/$S+
  { H_FROM_DOMAIN = "$MATCH" }


  PM_TO_USER = "$LOGNAME"
  :0
  * ^To:[^<]*<\/[^(_at_)]
  { PM_TO_USER = "$MATCH" }

  :0
  *  B ?? < 50000
  *  ! ^Precedence: (bulk|junk|list)^
  *  ! ^(X-)?List-[^:]+:
  *  ! ^X-BeenThere:
  *  ! ^^From( )MAILER-DAEMON( )
  *  ! ^Envelope-To:.*@(mail|sptp|mx)\.
  *  ! ^^From( )(newsletter@|[^(_at_)]+@newsletter\.)
  *  ! ^^From( ).*\*
  *  ! ^X-Mailer: (\
          Accucast|\
          All email handled|\
          ColdFusion|\
          DMdelivery|\
          http://[a-z0-9.]+/|\
          Kana Connect|\
          Microsoft CDO for Windows|\
          WhatCounts|\
      @@)( |^)
  *  ! ^User-Agent: (\
          AOL|\
          IncrediMail|\
          MIME-tools|\
        @@)( )
  *  ! ^(Date|Message-ID):.*\(added by [^)]+\)^
  *$ ! ^Message-ID:.*<${FROM_ADDR}>^
  *  ! ^Message-ID:.*@(smtpsrv[0-9]+^|(admin|lists)\.)
  *  ! ^Message-ID:.*\.news@
  *  ! ^Message-ID:(_dot_)*(_at_)(_dot_)*(server|web[0-9]+)>^
  *  ! ^Message-ID:(_dot_)*(_at_)phx\(_dot_)gbl>^
  *  ! ^Message-ID:[^<]*<listserv
  *  ! ^Message-ID:(_dot_)*(_at_)(_dot_)*\(_dot_)bulk
  *  ! ^Message-ID:(_dot_)*(_at_)(_dot_)*delivery\(_dot_)
  *  ! ^From:.*(<list_admin|postmaster)@
  *  ! ^From:(_dot_)*(_at_)newsletters\(_dot_)
  *  ! ^Thread-Index:
  *$ ! ^Cc:$b*^
  *  ! ^Cc:.*^Cc:
  *$ ! ^To:$b*^
  *  ! ^To:.*^To:
  *  ! ^To: *(Recipient List Suppressed|undisclosed-recipients):;^
  *  ! ^To: *(post|web)master@
  *$ ! ^To:$b*(${PM_TO_USER}|${DQ}${PM_TO_USER}${DQ})$b*<
  *  ! ^Content-Class: urn:content-classes:message
  *  ! ^Content-Type: text/html; charset=us-ascii\
       ^Content-Transfer-Encoding: 8bit^
  *  !    ^Reply-To:[^<]+<[^@>]+[^a-z0-9@>][0-9][0-9]+@
  *$ ! ^In-Reply-To:[^<]+<[^@>]+(_at_)$\H_FROM_DOMAIN>^
  *$ !  ^References:[^<]+<[^@>]+(_at_)$\H_FROM_DOMAIN>^
  *$ ! ^Content-Type:
multipart/related;($b+)boundary=${DQ}----[a-z0-9]+-$\H_FROM_DOMAIN${DQ}
  *  ! ^X-Info:
  *  ! ^X-MA-Reference:
  *  ! ^X-MD-RemoteIP:
  *  ! ^X-MDaemon-Deliver-To:
  *  ! ^X-(MDAV|Spam)-Processed:
  *  ! ^X-OriginalArrivalTime:
  *  ! ^X-Unsent:
  *  ! qmail
  { }  # do nothing yet
  :0E
  suspect/

Take out any tests that you dont like, for example

  *  B ?? < 50000

or

  *  ! qmail

and insert any tests that you find useful. Put
the most frequently matching tests on top.


-- 
Grtz, Ruud


____________________________________________________________
procmail mailing list   Procmail homepage: http://www.procmail.org/
procmail(_at_)lists(_dot_)RWTH-Aachen(_dot_)DE
http://MailMan.RWTH-Aachen.DE/mailman/listinfo/procmail