Hello Charles,
Am 2008-10-17 14:04:40, schrieb Charles Gregory:
While your legitimate bounces might appear like this in the body....
From: Michelle Konzack <linux4michelle(_at_)tamay-dogan(_dot_)net>
Spammers have to substitute something else:
From: Any Old name <linux4michelle(_at_)tamay-dogan(_dot_)net>
So it becomes possible to filter for "not your name but your address".
Yeah, this I have already done...
And of course, I never have use something like "koi-8", "GB2312"...
I generally filter for this at the MTA level, so that the bounce is
rejected, and the poorly designed MTA can handle its own problem.
In my postfix 'body_checks'.....
Unfortunately at <freenet.de> I can not setup anything...
On <tamay-dogan.net> my Hoster is using postfix, sieve and cyrus...
And I have to use a crappy Web-Interface... (no direct access :-/)
While my own servers are using courier-(imap|mta|mlm) and procmail which
is working IMHO 1000 times better then the other stuff...
/^[^a-z]*From:
([^M]|M[^i]|Mi[^c])[^<]+<linux4michelle(_at_)tamay-dogan(_dot_)net>/ REJECT
"Backscatter from forged sender"
In procmail try something like:
:0 B
*^[^a-z]*From: [^<]+<linux4michelle(_at_)tamay-dogan(_dot_)net>
*!^[^a-z]*From: Michelle Konzack <linux4michelle(_at_)tamay-dogan(_dot_)net>
/dev/null
I will install this immediately to check whether it works as expected
This will, of course, only work if the body has repeated your address
as the forged visible 'From:' header. If the spam is forging your address
as envelope sender, but using a different address in the visible
headers, then you need a more generic rule to block any 'From' that
does not contain your address, but which is a bounce. That, you can only
do in procmail.... with a more complicated test to first detect that a
message is a bounce, then search for a 'From:' line that does not contain
your address at all.
How many Hits do you think, if I filter for Outlook?
over 85%!
From all mailinglists I am subscribed, except PostgreSQL and OpenOffice,
I have found only 18 Outlook users which are whitelisted...
There are only 5 Outlook users posting to the Debian BTS but I get over
2000 outlook spams per month over it (sometimes over 6000).
Thanks, Greetings and nice Day/Evening
Michelle Konzack
Systemadministrator
24V Electronic Engineer
Tamay Dogan Network
Debian GNU/Linux Consultant
--
Linux-User #280138 with the Linux Counter, http://counter.li.org/
##################### Debian GNU/Linux Consultant #####################
Michelle Konzack Apt. 917 ICQ #328449886
+49/177/9351947 50, rue de Soultz MSN LinuxMichi
+33/6/61925193 67100 Strasbourg/France IRC #Debian (irc.icq.com)
____________________________________________________________
procmail mailing list Procmail homepage: http://www.procmail.org/
procmail(_at_)lists(_dot_)RWTH-Aachen(_dot_)DE
http://MailMan.RWTH-Aachen.DE/mailman/listinfo/procmail