################################################################################ # Filename: $HOME/.procmail/spamblock-rc # Purpose: kill spam-mails with procmail # Author: Michael Prokop - www.michael-prokop.at # Latest change: Son Aug 18 21:49:11 CEST 2002 # Notice: This is from Walt Dnet http://www.waltdnes.org/ and optimized for # my purposes! # Sorry I am to lazzzzzy to translate the german file to english ;-) ################################################################################ # spamblock Version 1999-05-26 # Mein Dank an framstag, der diesen spamblock pflegt. # von: ftp.belwue.de/belwue/software/ # Auch an Joerg Henner, "Linuxhaus-Stuttgart" # # Mechanismus: # # Pro Regelsatz wird bei dessen Erfuellung eine charakteristische Headerzeile # "X-Spamblock" an jede mail hinzugefuegt, die dann ganz zum Schluss # ausgewertet wird. # # Installation: # # Wenn procmail bereits installiert ist, dann dieses File als # $HOME/.spamblock ablegen und in $HOME/.procmailrc einfuegen: # INCLUDERC=$HOME/.spamblock # # Wenn procmail noch nicht installiert ist, dann lesen: # http://www.belwue.de/wwwservices/hilfestellungen/spamblock.html # # Konfiguration: # # Die lokale Konfiguration sollte in $HOME/.spamblock.local stehen und # die Variablen SPAMBLOCK, MYDOMAIN, GOODGUYS und CAUTIOUS enthalten. # Defaultwerte dafuer stehen am Ende dieses Kommentarblocks. # Insbesondere sollte *UNBEDINGT* MYDOMAIN gesetzt werden! # # Bestimmte Adressen, die aussehen wie Spam, aber keiner sind, muessen in # $HOME/.spamblock.local extra gekennzeichnet werden mit einer # "X-Spamblock: ignore" Headerzeile, Beispiel: # # # "1^0" ist ein ODER-Operator # :0 f # * 1^0 ^From:.*uni-hamburg\.de # * 1^0 ^From:.*dfn\.de # * 1^0 ^Subject: Einladung # | formail -A 'X-Spamblock: ignore' # # gefundener Muell wird im Folder spamblock abgelegt SPAMBLOCK=spamblock # eigene Domain(s) MYDOMAIN=g-218.vc-graz.ac.at|michael-prokop.at|prokop.dyn.priv.at # "die Guten": von dieser Quelle (From:) nicht filtern # GOODGUYS=uni-oldenburg.de|unibw-hamburg.de # "die Dummen": Domains, die kaputte Header (Received, Message-ID) generieren # hier darf nicht gefiltert werden STUPIDS=gmx.at|michael-prokop.at|sbox.tugraz.at|iwb.tu-graz.ac.at # bei CAUTIOUS=true wird konservativer gefiltert CAUTIOUS=false ## alte X-Spamblock Headerzeilen loeschen :0 f * ^X-Spamblock: | formail -I X-Spamblock: # Add a "Content-Type: application/pgp" header so Mutt will know the # mail is encrypted. :0 fBw * ^-----BEGIN PGP MESSAGE----- | /usr/bin/formail -a "Content-Type: application/pgp; format=text; x-action=encryptsign" # Add a "Content-Type: application/pgp" header so Mutt will know the # mail is signed. :0 fBw * ^-----BEGIN PGP SIGNED MESSAGE----- | /usr/bin/formail -a "Content-Type: application/pgp; format=text; x-action=sign" ## Gleiche From und To Adresse bei nicht-lokalem Absender :0 * $!^To.*($MYDOMAIN) * $!^From:.*($GOODGUYS|$LOGNAME) * !^Cc { :0 f * ^From: \/.* * $^To:.*$MATCH | formail -A 'X-Spamblock: caught by rule from-to' :0 Ef * ^To: \/.* * $^From:.*$MATCH | formail -A 'X-Spamblock: caught by rule from-to' :0 Ef * ^From:.*<\/.* * $^To:.*$MATCH | formail -A 'X-Spamblock: caught by rule from-to' :0 Ef * ^To:.*<\/.* * $^From:.*$MATCH | formail -A 'X-Spamblock: caught by rule from-to' } # fuer Test-Zwecke :0 f * ^Subject: spam-test | formail -A 'X-Spamblock: caught by rule test' # ## bekannte Spam-Relays # :0 f * ^Received: by .*\.jp . * $!^TO.*($MYDOMAIN) * !CAUTIOUS ?? true | formail -A 'X-Spamblock: caught by rule .jp relay' :0 f * ^Received.*\.sg . * $!^TO.*($MYDOMAIN) * !CAUTIOUS ?? true | formail -A 'X-Spamblock: caught by rule .sg relay' :0 f * ^Received.*\.tw . * !^From:.*\.tw * !CAUTIOUS ?? true | formail -A 'X-Spamblock: caught by rule .tw relay' :0 f * ^From.*\.\/(tw|jp|sg|my|cn) * $!^TO.*($MYDOMAIN) * !CAUTIOUS ?? true | formail -A 'X-Spamblock: caught by rule from *.$MATCH and not for me' :0 f * ^Received.*\.cn . * !^From:.*\.cn * !CAUTIOUS ?? true | formail -A 'X-Spamblock: caught by rule .cn relay' :0 f * ^Received:.*clara.?net * $!^TO.*($MYDOMAIN) | formail -A 'X-Spamblock: caught by rule clara.net' :0 f * ^Received:.*isint\.net | formail -A 'X-Spamblock: caught by rule isint.net' :0 f * ^From.*aol\.com * $!^TO.*($MYDOMAIN) * !CAUTIOUS ?? true | formail -A 'X-Spamblock: caught by rule from aol.com and not for me' :0 f * ^Received.*\.aol\.com * !^Message-ID.*aol\.com | formail -A 'X-Spamblock: caught by rule AOL relay' # echte AOL-Adressen sind: /[A-Za-z][A-Za-z0-9]{2,9}@aol\.com/ #:0 f #* !^Received.*\.aol\.com #* ^Message-ID.*\.aol\.com #| formail -A 'X-Spamblock: caught by rule AOL fake MID' #:0 f #* ^Received.*\.hotmail\.com #* !^Message-ID.*hotmail\.com #| formail -A 'X-Spamblock: caught by rule hotmail relay' :0 f * ^Received.*\.rr\.com * !^Message-ID.*rr\.com | formail -A 'X-Spamblock: caught by rule rr.com relay' :0 f * ^Received.*\.btinternet\.com * !^Message-ID.*btinternet\.com * $!^TO.*($MYDOMAIN) | formail -A 'X-Spamblock: caught by rule btinternet.com relay' :0 f * ^Received.*earthlink\.net * !^Message-ID:.*earthlink | formail -A 'X-Spamblock: caught by rule earthlink relay' #:0 f #* ^Received.*\.wcom\.net #* !^Message-ID:.*\.wcom\.net #| formail -A 'X-Spamblock: caught by rule wcom.net relay' :0 f * ^Received.*cw\.net * !^Message-ID:.*(cw\.net|mcit\.com) | formail -A 'X-Spamblock: caught by rule cw.net relay' :0 f * ^Received.*flash\.net * !^Message-ID:.*flash | formail -A 'X-Spamblock: caught by rule flash.net relay' :0 f * ^Received.*concentric\.net * !^Message-ID:.*concentric | formail -A 'X-Spamblock: caught by rule concentric.net relay' :0 f * ^Received.*eni\.net * !^Message-ID:.*eni\.net | formail -A 'X-Spamblock: caught by rule eni.net relay' :0 f * ^Received.*pacbell\.net * !^Message-ID:.*pacbell | formail -A 'X-Spamblock: caught by rule pacbell relay' #:0 f #* ^Received.*compuserve #* !^Message-ID:.*(compuserve|wcom\.net|csi\.com) #| formail -A 'X-Spamblock: caught by rule compuserve relay' :0 f * ^Received.*mnsi\.net * !^Message-ID:.*mnsi\.net | formail -A 'X-Spamblock: caught by rule mnsi.net relay' :0 f * ^Received.*bellsouth\.net * !^Message-Id:.*bellsouth | formail -A 'X-Spamblock: caught by rule bellsouth.net relay' :0 f * ^Received.*microsoft\.com * $!^TO.*($MYDOMAIN) * !CAUTIOUS ?? true | formail -A 'X-Spamblock: caught by rule microsoft.com' :0 f * ^Received.*\.msn\.com * $!^TO.*($MYDOMAIN) * !CAUTIOUS ?? true | formail -A 'X-Spamblock: caught by rule msn.com' :0 f * ^From.*\.msn\.com * !Received.*\.msn\.com * !CAUTIOUS ?? true | formail -A 'X-Spamblock: caught by faked from msn.com' :0 f * ^Received.*\.tds\.net * !^From.*TDSNet * !CAUTIOUS ?? true | formail -A 'X-Spamblock: caught by rule tds.net' :0 f * ^Received.*\.best\.com | formail -A 'X-Spamblock: caught by rule best.com' :0 f * ^Received.*\.kunden\.net * !CAUTIOUS ?? true | formail -A 'X-Spamblock: caught by rule kunden.net' :0 f * ^Received.*\.execpc\.com | formail -A 'X-Spamblock: caught by rule execpc.com' :0 f * ^Received.*top-10\.com | formail -A 'X-Spamblock: caught by rule top-10.com' :0 f * ^Received.*\.popsite\.net | formail -A 'X-Spamblock: caught by rule popsite.net' :0 f * ^(From|Received).*\.cyberspy\.com | formail -A 'X-Spamblock: caught by rule cyberspy.com' :0 f * ^(From|Received).*cyber-host\.net | formail -A 'X-Spamblock: caught by rule cyber-host.net' :0 f * ^Received.*dialup\.autonet\.net * !CAUTIOUS ?? true | formail -A 'X-Spamblock: caught by rule dialup.autonet.net' :0 f * ^Received.*ntx\.net * $!^TO.*($MYDOMAIN) | formail -A 'X-Spamblock: caught by rule ntx.net' :0 f * ^Received.*avsupport\.com | formail -A 'X-Spamblock: caught by rule avsupport.com' :0 f * ^Received.*netvigator\.com * $!^TO.*($MYDOMAIN) | formail -A 'X-Spamblock: caught by rule netvigator.com' :0 f * ^Received.*host4u\.net | formail -A 'X-Spamblock: caught by rule host4u.net' :0 f * ^Received.*visi-net\.com | formail -A 'X-Spamblock: caught by rule visi-net.com' :0 f * ^Received.*listme\.com | formail -A 'X-Spamblock: caught by rule listme.com' :0 f * ^Received.*everyware\.ch | formail -A 'X-Spamblock: caught by rule everyware.ch' :0 f * ^Received.*freesurf\.ch | formail -A 'X-Spamblock: caught by rule freesurf.ch' :0 f * ^Received.*cyberscorts\.com | formail -A 'X-Spamblock: caught by rule cyberscorts.com' :0 f * ^Received.*mycomsoftware\.com | formail -A 'X-Spamblock: caught by rule mycomsoftware.com' :0 f * ^Received.*inexchange\.net | formail -A 'X-Spamblock: caught by rule inexchange.net' :0 f * ^Received.*imerchants\.com | formail -A 'X-Spamblock: caught by rule imerchants.com' :0 f * ^Received.*aoci\.com | formail -A 'X-Spamblock: caught by rule aoci.com' :0 f * ^Received.*daci\.com | formail -A 'X-Spamblock: caught by rule daci.com' :0 f * ^Received.*online-systems\.net | formail -A 'X-Spamblock: caught by rule online-systems.net' :0 f * ^Received.*owlseye\.com | formail -A 'X-Spamblock: caught by rule owlseye.com' #:0 f #* ^Received.*splitrock\.net #| formail -A 'X-Spamblock: caught by rule splitrock.net' :0 f * ^Received.*mediaone\.net | formail -A 'X-Spamblock: caught by rule mediaone.net' :0 f * ^Received.*eliteoffers | formail -A 'X-Spamblock: caught by rule eliteoffers' :0 f * ^Received.*uplinkpro\.com | formail -A 'X-Spamblock: caught by rule uplinkpro.com' :0 f * ^Received.*alwayslink\.com | formail -A 'X-Spamblock: caught by rule alwayslink.com' :0 f * ^Received.*jumbo\.com | formail -A 'X-Spamblock: caught by rule jumbo.com' :0 f * ^Received.*clever\.net | formail -A 'X-Spamblock: caught by rule clever.net' :0 f * ^Received.*dnc\.net | formail -A 'X-Spamblock: caught by rule dnc.net' :0 f * ^Received.*\.onramp\. | formail -A 'X-Spamblock: caught by rule onramp' :0 f * ^Received.*meznet | formail -A 'X-Spamblock: caught by rule meznet' :0 f * ^Received.*success | formail -A 'X-Spamblock: caught by rule success' :0 f * ^Received.*thehost\.com | formail -A 'X-Spamblock: caught by rule thehost.com' :0 f * ^Received.*bizprom\.com | formail -A 'X-Spamblock: caught by rule bizprom.com' :0 f * ^Received.*savoynet\.com | formail -A 'X-Spamblock: caught by rule savoynet.com' :0 f * ^Received.*webmailplus | formail -A 'X-Spamblock: caught by rule webmailplus' :0 f * ^Received.*bulk_mailer * !^Received: by www\.ukweb\.com | formail -A 'X-Spamblock: caught by rule bulk_mailer' :0 f * ^Received.*pacific\.net\.sg | formail -A 'X-Spamblock: caught by rule pacific.net.sg' :0 f * ^Received.*hitsrus\.com | formail -A 'X-Spamblock: caught by rule hitsrus.com' :0 f * ^Received.*datahart\.com | formail -A 'X-Spamblock: caught by rule datahart.com' :0 f * ^Received.*theinfoman | formail -A 'X-Spamblock: caught by rule theinfoman' :0 f * ^Received.*pwrmarket\.com | formail -A 'X-Spamblock: caught by rule pwrmarket.com' :0 f * ^Received.*onlinebiz | formail -A 'X-Spamblock: caught by rule onlinebiz' :0 f * ^Received:.*shopping | formail -A 'X-Spamblock: caught by rule shopping' :0 f * ^Received:.*we-deliver\.net | formail -A 'X-Spamblock: caught by rule we-deliver.net' :0 f * ^Received:.*multipro\.com | formail -A 'X-Spamblock: caught by rule multipro.com' :0 f * ^Received:.*( promo|promo[\.@]|promotions) | formail -A 'X-Spamblock: caught by rule received promo' :0 f * ^Received:.*quantcom\.com | formail -A 'X-Spamblock: caught by rule quantcom.com' :0 f * ^Received:.*hkstar\.com | formail -A 'X-Spamblock: caught by rule hkstar.com' :0 f * ^Received:.*gnet-hk\.com | formail -A 'X-Spamblock: caught by rule gnet-hk.com' :0 f * ^Received:.*\.rr\.com * $!^TO.*($MYDOMAIN) | formail -A 'X-Spamblock: caught by rule rr.com' :0 f * ^Received:.*\.flash\.net * $!^TO.*($MYDOMAIN) | formail -A 'X-Spamblock: caught by rule flash.net' :0 f * ^Received.*ppp.*swbell\.net * $!^TO.*($MYDOMAIN) | formail -A 'X-Spamblock: caught by rule swbell.net' #:0 f #* ^Received.*\.uu\.net #* $!^TO.*($MYDOMAIN) #* !^From: nobody@UU\.NET #* !CAUTIOUS ?? true #| formail -A 'X-Spamblock: caught by rule uu.net' :0 f * ^Received.*\.uu\.net * !^Message-Id:.*uu\.net | formail -A 'X-Spamblock: caught by rule uu.net' :0 f * ^Received.*-.*-.*\.grid\.net * !CAUTIOUS ?? true | formail -A 'X-Spamblock: caught by rule grid.net' :0 f * ^Received.*dial-access\.att\.net * !CAUTIOUS ?? true | formail -A 'X-Spamblock: caught by rule dial-access.att.net' :0 f * ^Received.*slip.*\.ibm\.net * $!^TO.*($MYDOMAIN) * !CAUTIOUS ?? true | formail -A 'X-Spamblock: caught by rule slip*.ibm.net' :0 f * ^Received.*-.*-.*\.sprint\.ca * !CAUTIOUS ?? true | formail -A 'X-Spamblock: caught by rule sprint.ca' :0 f * ^Received.*dialsprint.net * !^Message-Id:.*sprint | formail -A 'X-Spamblock: caught by rule dialsprint.net' :0 f * ^(Received|From).*worldnet\.att\.net * $!^TO.*($MYDOMAIN) | formail -A 'X-Spamblock: caught by rule worldnet.att.net' :0 f * ^Received.*pub-ip\.psi\.net * !CAUTIOUS ?? true | formail -A 'X-Spamblock: caught by rule pub-ip.psi.net' :0 f * ^Received.*dialup.*mci\.net * !CAUTIOUS ?? true | formail -A 'X-Spamblock: caught by rule mci.net' :0 f * ^Received.*vsnl\.net.\in | formail -A 'X-Spamblock: caught by rule vsnl.net.in' :0 f * ^Received.*ziplink\.net | formail -A 'X-Spamblock: caught by rule ziplink.net' :0 f * ^Received:.*ybecker\. | formail -A 'X-Spamblock: caught by rule ybecker' :0 f * ^Received:.*4becker\. | formail -A 'X-Spamblock: caught by rule 4becker' :0 f * ^Received:.*qlink2info\.com | formail -A 'X-Spamblock: caught by rule qlink2info.com' :0 f * ^Received:.*samart\.co\.th | formail -A 'X-Spamblock: caught by rule samart.co.th' :0 f * ^Received.*bulkmail | formail -A 'X-Spamblock: caught by rule bulkmail' :0 f * ^Received:.*unknown host | formail -A 'X-Spamblock: caught by rule unknown host' :0 f * ^Received:.*search.engine | formail -A 'X-Spamblock: caught by rule search-engine' :0 f * ^Received:.*cloaked | formail -A 'X-Spamblock: caught by rule cloaked' # ## beliebte Spam To-Adressen # #:0 f #* ^TO.*undisclosed-recipients #| formail -A 'X-Spamblock: caught by rule undisclosed-recipients' :0 f * ^TO.*recipient list not shown * !^X-Mailing-List: * !^From.*postmaster | formail -A 'X-Spamblock: caught by rule recipient list not shown' :0 f * ^To:.*you@ | formail -A 'X-Spamblock: caught by rule you@' :0 f * ^To:.*customer@ | formail -A 'X-Spamblock: caught by rule customer' :0 f * ^(To|From):.*money | formail -A 'X-Spamblock: caught by rule money' :0 f * ^To:.*ultra-mail\.com | formail -A 'X-Spamblock: caught by rule ultra-mail.com' :0 f * ^To:.*t-1net\.com | formail -A 'X-Spamblock: caught by rule t-1net.com' :0 f * ^To:.*public\.com | formail -A 'X-Spamblock: caught by rule public.com' :0 f * ^To:.*infoname\.com | formail -A 'X-Spamblock: caught by rule infoname.com' # ## bekannte Spam-Absender # :0 f * ^From.*iname\.com * !^Received.*iname\.com | formail -A 'X-Spamblock: caught by rule faked iname.com address' :0 f * ^From.* [0-9]+@aol\.com | formail -A 'X-Spamblock: caught by rule faked aol address' :0 f * ^From.* [0-9].*@hotmail\.com | formail -A 'X-Spamblock: caught by rule faked hotmail address' :0 f * ^From.*(4you|foryou) | formail -A 'X-Spamblock: caught by rule 4you' :0 f * ^Received.*direct.*com | formail -A 'X-Spamblock: caught by rule direct*.com' :0 f * ^Received.*eranet\.net | formail -A 'X-Spamblock: caught by rule eranet.net' :0 f * ^From.*direct * $!^TO.*($MYDOMAIN) | formail -A 'X-Spamblock: caught by rule from direct' :0 f * ^From.*remove | formail -A 'X-Spamblock: caught by rule from remove' :0 f * ^From.*massmail | formail -A 'X-Spamblock: caught by rule from massmail' :0 f * ^From.*( promo|promo\.com) | formail -A 'X-Spamblock: caught by rule from promo' :0 f * ^From.*( bulk|.*bulk .) | formail -A 'X-Spamblock: caught by rule bulk' :0 f * ^(From|To).*freeyellow * !^From.*admin@freeyellow.com | formail -A 'X-Spamblock: caught by rule freeyellow' :0 f * ^(From|To|Received).*baremetal\.com | formail -A 'X-Spamblock: caught by rule baremetal.com' :0 f * ^(From|To|Sender).*friend | formail -A 'X-Spamblock: caught by rule friend' :0 f * ^(From|To|Sender).*advertise | formail -A 'X-Spamblock: caught by rule advertise' :0 f * ^(From|To|Sender).*everyone | formail -A 'X-Spamblock: caught by rule everyone' :0 f * ^(From|To).*sales * !^From:.*\.sun\.com | formail -A 'X-Spamblock: caught by rule sales' :0 f * ^(From|To).*marketing | formail -A 'X-Spamblock: caught by rule marketing' :0 f * ^(From|To).*brigadoon\.net | formail -A 'X-Spamblock: caught by rule brigadoon.net' :0 f * ^(From|To):.*mailcity\.com * $!^To.*($MYDOMAIN) | formail -A 'X-Spamblock: caught by rule mailcity.com' :0 f * ^Message-Id:.*mailcity\.com * !Received.*mailcity\.com | formail -A 'X-Spamblock: caught by rule faked mailcity.com' :0 f * ^(From|To):.*angelfire | formail -A 'X-Spamblock: caught by rule angelfire' :0 f * ^From.*shopping | formail -A 'X-Spamblock: caught by rule shopping' :0 f * ^From.*mailexcite\.com | formail -A 'X-Spamblock: caught by rule mailexcite.com' :0 f * ^From.*yahoo\.com * !CAUTIOUS ?? true | formail -A 'X-Spamblock: caught by rule yahoo.com' :0 f * ^From.*wanadoo\.fr * !^From.*anti\.spam@wanadoo * !CAUTIOUS ?? true | formail -A 'X-Spamblock: caught by rule wanadoo.fr' :0 f * ^From.*answerme | formail -A 'X-Spamblock: caught by rule answerme' :0 f * ^From.*savetrees | formail -A 'X-Spamblock: caught by rule savetrees' :0 f * ^From.*sallynet | formail -A 'X-Spamblock: caught by rule sallynet' :0 f * ^From.*nevwest\.com | formail -A 'X-Spamblock: caught by rule nevwest.com' :0 f * ^From:.*rocketreader\.com | formail -A 'X-Spamblock: caught by rule rocketreader.com' :0 f * ^(From|To).*business.*@ * $!^TO.*($MYDOMAIN) | formail -A 'X-Spamblock: caught by rule business' :0 f * ^From:.*Die Guten | formail -A 'X-Spamblock: caught by rule "Die Guten"' #:0 f #* ^From:.*bookpages\.co\.uk #| formail -A 'X-Spamblock: caught by rule bookpages.co.uk' # ## Spam-Signatures # :0 f * @sex | formail -A 'X-Spamblock: caught by rule @sex' :0 f * Advertisement * !^Subject:.* | formail -A 'X-Spamblock: caught by rule Advertisement' :0 f * ^Subject:.*This really does work!!!! | formail -A 'X-Spamblock: caught by rule this-really-does-work' :0 f * ^Subject:.* \#[0-9a-f]+$ * ^In-Reply-To | formail -A 'X-Spamblock: caught by rule Spam-Counter' :0 f * iemmc\.org * !^Subject:.*iemmc\.org | formail -A 'X-Spamblock: caught by rule iemmc.org' :0 f * urgentmail\.com * !^Subject:.*urgentmail\.com | formail -A 'X-Spamblock: caught by rule urgentmail.com' :0 f * cyberpromo\.com * !^Subject:.*cyberpromo\.com | formail -A 'X-Spamblock: caught by rule cyberpromo.com' :0 f * ultra-mail\.com * !^Subject:.*ultra-mail\.com | formail -A 'X-Spamblock: caught by rule ultra-mail.com' :0 f * thehitman * !^Subject:.*thehitman | formail -A 'X-Spamblock: caught by rule thehitman' :0 f * remove@ * !^Subject:.*remove@ | formail -A 'X-Spamblock: caught by rule remove@' :0 f * moneymaker * !^Subject:.*moneymaker | formail -A 'X-Spamblock: caught by rule moneymaker' :0 f * msintergate\.com * !^Subject:.*msintergate\.com | formail -A 'X-Spamblock: caught by rule msintergate.com' :0 f * antropik.com * !^Subject:.*antropik.com | formail -A 'X-Spamblock: caught by rule antropik.com' :0 f * www\.antispam\.org * !^Subject:.*www\.antispam\.org | formail -A 'X-Spamblock: caught by rule www.antispam.org' :0 f * ^X-\/Mailer:.*(Allaire Cold Fusion|Aristotle Mail|E-Mail Connection|Emailer P latinum|Extractor|FastMail|Floodgate|Marketing|MassE-Mail|massmail|NetMailer|RI ME|sndb32|WorldMerge) | formail -A "X-Spamblock: caught by rule $MATCH" :0 f * ^X-.*bulk.*: * !^X-BULK-CHECK | formail -A 'X-Spamblock: caught by rule X-*Bulk' :0 f * ^X-Distribution: Mass | formail -A 'X-Spamblock: caught by rule X-Distribution: Mass' :0 f * ^X-.*Invalid.*header. | formail -A 'X-Spamblock: caught by rule "Invalid header"' :0 f * ^Comments: Authenticated sender is * !^X-mailer: Pegasus Mail * !^Resent-to: | formail -A 'X-Spamblock: caught by rule Authenticated sender' :0 f * ^Received:.*\(really \[[0-9]+/[0-9]+\]\) | formail -A 'X-Spamblock: caught by rule really faked received (Bulls Eye Spam ware)' :0 f * ^X-PMFLAGS: | formail -A 'X-Spamblock: caught by rule X-PMFLAGS' :0 f * ^Received.*InterScan | formail -A 'X-Spamblock: caught by rule InterScan' :0 f * ^(Received|From|To).*adult | formail -A 'X-Spamblock: caught by rule adult' #:0 f #* ^Illegal-Object #| formail -A 'X-Spamblock: caught by rule Illegal-Object' # ## verraeterische Message-Ids # # erfundene Domain in Message-Id # (Message-Id taucht nicht in Received-Header auf) :0 * ^Message-Id:.*@.*\/[0-9a-z\-]+\.([a-z][a-z]|com|org|edu|mil|net|gov|int)> * ^Received.*(with|for) * !CAUTIOUS ?? true { # nur second level + top level domain interessieren MID=$MATCH :0 * MID ?? ^^\/[0-9a-z\.\-]+ { MID=$MATCH :0 f * $!^(From|Sender|X-Sender):.*$MID * $!Received:.*$MID.*(with|for) * $!Received: by [0-9a-z\-\.]*$MID * !^Resent-Message-Id | formail -A "X-Spamblock: caught by rule faked '$MID' in Message-ID" } } :0 f * ^Message-Id:.*@unknown * !^Resent-Message-Id: | formail -A 'X-Spamblock: caught by rule @unknown' :0 f * ^Message-Id: 0000000000.AAA000@ * !^Resent-Message-Id: | formail -A 'X-Spamblock: caught by rule 0000000000.AAA000' :0 f * ^Message-Id:.*@cannonles.com * !^Resent-Message-Id: | formail -A 'X-Spamblock: caught by rule cannonles.com' :0 f * ^Message-Id: .*@hotnet\.com * !^Resent-Message-Id: | formail -A 'X-Spamblock: caught by rule hotnet.com' :0 f * ^Message-Id: [^@]*$ * !^Resent-Message-Id: | formail -A 'X-Spamblock: caught by rule no @ in MID' :0 f * ^Message-Id: <.* .*> * !^Resent-Message-Id: | formail -A 'X-Spamblock: caught by rule space in MID' #:0 f #* ^Message-Id:.*@Default #* !^Resent-Message-Id: #* !CAUTIOUS ?? true #| formail -A 'X-Spamblock: caught by rule MID @Default' #:0 f #* ^Message-Id: .*@\[.*\] #* !CAUTIOUS ?? true #| formail -A 'X-Spamblock: caught by rule @[ip-address] in MID' # ## kaputte Header # :0 f * !^To: * !^Cc: * !^Newsgroups: * $!^From.*($MYDOMAIN) * !CAUTIOUS ?? true | formail -A 'X-Spamblock: caught by rule no To&Cc-header line' :0 f * !^From: * !CAUTIOUS ?? true | formail -A 'X-Spamblock: caught by rule no From-header line' :0 f * ^To: .*<> | formail -A 'X-Spamblock: caught by rule empty To-header line' :0 f * ^To: .*no To-header on input | formail -A 'X-Spamblock: caught by rule no To-header on input' #* ok ist: ^Received:.*\[(((2[0-9][0-5])|([1]?[0-9]?[0-9]))\.){3}((2[0-9][0-5]) |([1]?[0-9]?[0-9]))\] # warum geht nicht: ^Received:.*\[.*([3-9][0-9][0-9]|25[6-9]|[0-9]{4,})[\.\]] # ?? :0 f * * ^Received:.*\[.*([3-9][0-9][0-9]|25[6-9]|[0-9]{4,})[0-9\.]*\] | formail -A 'X-Spamblock: caught by rule illegal ip-address' :0 f * ^Message-Id:.*localhost.localdomain | formail -A 'X-Spamblock: caught by MID localhost.localdomain' #:0 f #* $^Received:.*\(\[[0-9\.]+\]\).*by[ a-z0-9\.\-]*($MYDOMAIN) #* $!^TO.*($MYDOMAIN) #* !CAUTIOUS ?? true #| formail -A 'X-Spamblock: caught by rule no DNS entry and not for MYDOMAIN' #:0 f #* ^Received:.*\[.*[^0-9\.].*\]\) #| formail -A 'X-Spamblock: caught by rule illegal character in ip-address' # sonstiges #:0 f #* ^Received:.*\(\[[0-9\.]*\]\).*Netscape #| formail -A 'X-Spamblock: caught by rule open Netscape MTA #:0 f #* ^Content-Type.*charset=ISO #* ^Content-Transfer-Encoding: 7bit #| formail -A 'X-Spamblock: caught by rule 7bit and ISO charset' # alles was Message-ID von $MYDOMAIN hat, aber von ausserhalb kommt ist Spam! # ausserhalb := letzte Received-Zeile hat kein "from $MYDOMAIN". :0 * $^Message-Id:.*@.*($MYDOMAIN) * !^X-Mailing-List * !CAUTIOUS ?? true { :0 f * 1^1 Received: from [a-z0-9-]+ .\/[a-z0-9-]+\.[a-z0-9\.-]+ * $!MATCH ?? ($MYDOMAIN) | formail -A "X-Spamblock: caught by rule local Message-ID, but received from $MATCH" :0 Ef * 1^1 Received: from \/[a-z0-9-]+\.[a-z0-9\.-]+ * $!MATCH ?? ($MYDOMAIN) | formail -A "X-Spamblock: caught by rule local Message-ID, but received from $MATCH" } #| perl -we 'while(<>) {last if /^\s*$/; print; $r = $_ if /^Received: from \w+ #\./i;} if (defined $r) {$r =~ s/by .*//; print "X-Spamblock: caught by rule no #own Message-ID\n" if $r !~ /$ENV{"MYDOMAIN"}/i;} print "\n"; print while(<>)' ## falsche Spamblock-Eintraege als ungueltig markieren # der doofe hotmail.com-Automat generiert keine eigene Message-IDs! # xoom.com, uswest.net dito! # abuse@t-online baut faked MID! :0 f * 1^0 ^From:.*Hotmail Customer Support * 1^0 ^From:.*abuse@ * 1^0 ^From:.*support@ * 1^0 env-from .sysop@uswest\.net | formail -A 'X-Spamblock: ignore' # leere Mails wegwerfen #:0 #* ^From foo@bar #* !^TO #* !^Subject: #/dev/null :0 f * $^(Received|Message-Id).*($STUPIDS) | formail -A 'X-Spamblock: ignore' # ## und jetzt alles was als Muell gekennzeichnet worden ist aufsammeln # # hau wech die Scheisse! :0 * ^X-Spamblock: * !^X-Spamblock: ignore $SPAMBLOCK # einzelne "X-Spamblock: ignore" Zeile entfernen :0 f * !^X-Spamblock: .* . * ^X-Spamblock: ignore | formail -I X-Spamblock: ############## END OF FILE #####################################################