procmail
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Scoring question

2005-08-24 15:07:14
from [Professional Software Engineering] [Permanent Link] 
At 16:51 2005-08-24 -0400, Louis Proyect wrote:

Sorry if this has been dealt with here in the past, but I couldn't find it
in the archives. I want to using scoring to filter out spam on the basis of
multiple "to addresses" that include me and anybody else on my isp. In other
words, if mail is addressed to "lnp3(_at_)panix(_dot_)com" and 
"xyz(_at_)panix(_dot_)com", it
should go into /dev/null.

This is the recipe that I am using:

:0 H
* -1^0
* 1^1 panix
/dev/null



First:  unless you KNOW the recipe will work as intended, don't file to 
/dev/null.

Second: this will handily catch instances of "panix" in other headers -- 
such as From: (what if Panix admin, or another user, sends you a message?),
Message-ID, and *RECEIVED* (such as "received: from .... by mail.PANIX.com 
...".  You'll also choke when someone sends a message with the comment 
("name text", whatever) equal to your email address.

Some time back, I posted a recipe to dredge multipe recipients (for a 
different reason - tagging multiple same usernames at different domains).


Off the hip, something like the following might do better:


# Extract To/Cc into a variable
:0
* ^To:\/.*
{
         RECIPIENTS=$MATCH
}

:0
* ^Cc:\/.*
{
         RECIPIENTS="$RECIPIENTS, $MATCH"
}


# first condition sets a threshold of allowable same-domain recipients.
:0
* -4^0
* 1^1 RECIPIENTS ?? (\<)([-a-z0-9_+]+@([-a-z0-9_]*\.)?yourdomain\.tld(\>)
{
         SPAMVAL="+50"
         SPAMNOTES="${SPAMNOTES}SPAM: ${SPAMVAL} multiple same-domain 
cleartext recipients${NL}"
}

The above still suffers from comment text issues.


I don't understand first of all how it arrives at a score of 22. Secondly, I
don't understand why the scoring for one panix address and two are
identical.


Suggestion: examine the message headers manually and count the appearances 
of 'panix'.

---
  Sean B. Straw / Professional Software Engineering

  Procmail disclaimer: <http://www.professional.org/procmail/disclaimer.html>
  Please DO NOT carbon me on list replies.  I'll get my copy from the list.


____________________________________________________________
procmail mailing list   Procmail homepage: http://www.procmail.org/
procmail(_at_)lists(_dot_)RWTH-Aachen(_dot_)DE
http://MailMan.RWTH-Aachen.DE/mailman/listinfo/procmail
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Scoring question, Louis Proyect
Next by Date:  Re: Scoring question, Dallman Ross
Previous by Thread:  Scoring question, Louis Proyect
Next by Thread:  Re: Scoring question, Dallman Ross
Indexes:  [Date] [Thread] [Top] [All Lists]