Ruud H.G. van Tol schrieb:
Ack. Check out DROPPRIVS in man procmailrc, and in pm-tips 18.30.
How about DNSBL? DCC? SpamAssassin?
i woulld like to give SpamAssassin a try.
i use Spamhaus SBL+XBL and a Procmail script who runs a PHP commandline
script wich writes SPAM sender ip adresses into a MySql Database and
manipulates the access.db. In the moment there are 2713 IP adress from
the last 2 weaks i block on top of the ones from Spamhaus.
to identify Spamsender i use Recipe's like
:0
* $X_RECEIVED ??
from[$WS]+\/($\HOST|$\X_LOCAL_IP|pop\.its-h\.de|smtp\.its-h\.de)
{
:0
* $ ! X_SENDER_IP ?? ^^$\X_LOCAL_IP^^
{
BLOCK_DNS=$TRUE
REASON="FAKE-SENDER"
}
}
and VSnag from Dallman Ross
and some other but very carefull used identification recipes.
for me there are 2 types of SPAM
1. absolutly positiv identified Virus and Spam with a single Recived
from SMTP header where the sender ip get blocked
2. "maybe" Spam wich goes into a special inbox
and of course i have to do some whitelisting
:0
* ? (echo "$X_ENVELOPE_FROM" | $FGREP -i -f /etc/mail/friendslist)
{
WHITE=$TRUE
}
http://www.professional.org/procmail/sandbox.html
and then for a while in some user account, before putting them in
/etc/procmailrc.
Yes i do extensive testing on my Testserver but i dont have User
accounts like in "Normal" *nix Boxes.
An executable test.pr is also nice for quickly testing recipes:
test.pr < message.txt
Such a test.pr would normally start with the following lines:
#!/usr/local/bin/procmail -m
DEFAULT = '/dev/null'
VERBOSE = 'yes'
LOGABSTRACT = 'all'
The test.pr you gave me is a good template for that, I had to change the
shebang to
#!/usr/libexec/procmail procmail -m
and i can run it with
./test.pr < /dev/null
[character classes]
6.7 on http://pm-doc.sourceforge.net/pm-tips.html
Right. It has one strange phrase though:
To match "[(" use [)
i think to understand what he means there i have to do some try and
error testing:)
The main Problem to learn all that stuff about the different scripting
an programming technics is that learning by doing without good
structured input, and without any teacher , is sometimes very time
intensiv and leads you easy into missunderstandings
often it is not the missing information about a specific question who
missleads one , it is more the big quantity of different sources of
informations to find the a "needle" in a haystack.
5 Years ago one had a handfull links from gooogle if you where looking
for something , today you have hundreds where most of them leads you to
some "Idiots" like one self.
Matthias
____________________________________________________________
procmail mailing list Procmail homepage: http://www.procmail.org/
procmail(_at_)lists(_dot_)RWTH-Aachen(_dot_)DE
http://MailMan.RWTH-Aachen.DE/mailman/listinfo/procmail