First of all, I want to thank Dallman Ross for providing me with a recipe
that checks for multiple panix addresses in the header. This is how many
spams that sneak through spamassassin can be caught, including the pe**y
st**ck crap that was driving me nuts. I hope he makes it broadly available.
It is a winner.
Even though I never figured out how to detect a base64 encoded email through
procmail, I did stumble across a solution that combines spamassassin and
procmail. I noticed that spamassassin correctly identified pe**y st**ck spam
as having passed a test for MIME_BASE64_TEXT but that was insufficient to
send it into /dev/null since it was aggregrated with other tests whose
combined result fell below the scoring threshold. Since MIME_BASE64_TEXT
appears exclusively in pe**y st**ck spam, I felt it was safe to throw out
anything with this in the header.
Thanks once again to Dallman and Gary and everybody else who helped me get a
handle on this.
My test:
:0 H
* ^*MIME_BASE64_TEXT
/users/lnp3/mail/base64
===
Dallman's test:
SP = ' '
TAB = ' '
WS = $SP$TAB
:0
* $ ^To:.*\/[^$WS].*
{ H_TO = $MATCH }
:0
* $ ^Cc:.*\/[^$WS].*
{ H_CC = $MATCH }
TOCC = $H_TO$H_CC
:0:
* 1 ^1 TOCC ?? @panix[.]com
* $ -1 ^1 TOCC ?? $\LOGNAME(_at_)panix[(_dot_)]com
/users/lnp3/mail/multiple_users
____________________________________________________________
procmail mailing list Procmail homepage: http://www.procmail.org/
procmail(_at_)lists(_dot_)RWTH-Aachen(_dot_)DE
http://MailMan.RWTH-Aachen.DE/mailman/listinfo/procmail