On Sat, Sep 03, 2005 at 12:40:11PM -0400, Louis N Proyect wrote:
As a follow-up that gets back to my original query on scoring,
I notice that these base64 spams (and many others that sneak
through spamassassin) inevitably address multiple panix
accounts--why I don't know. Probably related to some sort of
randomizing formula. Without scoring, isn't there a simple way
to catch any message that has multiple and *distinct* panix
addresses in the header. For example, multiple occurrences of
lnp3(_at_)panix(_dot_)com would not count. Now I can do this easily enough
in perl, but I am not really knowledgable about how to run a
perl script from within procmail.
Of course there is. I don't do any body grepping for keywords
at all, don't use SpamAssassin, don't call any perl, and stop
essentially all my spam. (There were two false negs last month.
There wre some false positives, but I work those out each time and
get lots of mail from strangers and people with weird setups. I
get 300-500 spams a day.) I get plenty of these stock newsletters.
I sure don't waste my time looking for "st.ck" in the body. In
fact, I hardly have any recipes that even bother with the body.
The thing you noticed is easy to write procmail recipes for,
and is the kind of thing I do.
One way:
SP = ' '
TAB = ' '
WS = $SP$TAB
:0
* $ ^To:.*\/[^$WS].*
{ H_TO = $MATCH }
:0
* $ ^Cc:.*\/[^$WS].*
{ H_CC = $MATCH }
TOCC = $H_TO$H_CC
:0:
* 1 ^0
* 1 ^1 TOCC ?? @panix[.]com
* $ -1 ^1 TOCC ?? $\LOGNAME(_at_)panix[(_dot_)]com
multiple_users
Dallman
____________________________________________________________
procmail mailing list Procmail homepage: http://www.procmail.org/
procmail(_at_)lists(_dot_)RWTH-Aachen(_dot_)DE
http://MailMan.RWTH-Aachen.DE/mailman/listinfo/procmail