[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: spamfilter package -- help requested



Response to self.

on Fri, Nov 03, 2000 at 12:16:05PM -0800, kmself@ix.netcom.com (kmself@ix.netcom.com) wrote:
> I've installed and tweaked the spamfilter package (Lars Wirzenius's
> procmail recipies).  While I'm largely happy with the filters (I see
> *no* spam, though logs show over 80 spam messages blocked since early
> September -- despite lifting my ISP's spam filter (largely ineffective),
> and posting liberally to Usenet, several mailing lists, with multiple
> online references to my email address.

> The problems:
> 
>   - Mail sent *from* me *to* several mailing lists, and echoed to me
>     from the list, is classified as local outgoing mail, and isn't
>     filtered to the appropriate list folder.  This occurs only for
>     certain lists.  debian-user, for example, works fine.  The lsec
>     list, as an example, doesn't.  Instead, the mail is appended to the
>     auto-generated greylist.  I believe this is governed by the mainline
>     script, I'm attaching my local copy.

Indeed it was.  Several problems.

First, my ~/.procmailrc was referencing the *system*, not *local*,
mainline script.  Modifying the following line toward the end of
~/.procmailrc:

    INCLUDERC=/usr/lib/spamfilter/rules/mainline

to

    INCLUDERC=$PM_RULES/mainline

...insures that modifications to the mainline file do take effect.  I'd
copied mainline to ~/.procmail/rules/ to make local modifications.

The second issue was the set of headers being used to detect list mail.
The following set of rules in 'mainline' needs to have one additional
header added to it to match several commonly used lists:


| # ------------------------------------------------------------------------ 
| #
| # See if this mail is _from_ me, and if so, use it to update the greylist
| #
| :0
| * $ ^Received:.*from.*$MYHOST
| * $ ^Message-ID:.*$MYHOST
| * $ ^From:.*$MYADDR
| * ! ^Resent-From:
| * ! ^X-Loop:
| * ! ^X-Mailing-List:
| * ! ^X-Been-There:
| {

Add:  

    * ! ^X-BeenThere:

...which is inserted by several list management software packages.


>   - Non-blacklist spam.  Mail which is identified as being spam w/o
>     being listed in my blacklist appears to get /dev/null'ed.  I'd
>     rather it went to a spam folder.  I believe this is goverened by the
>     spam.rules script.  

Though I haven't made the change yet, this is where the 'c' procmail
rule flag comes into play.  Create a carbon-copy of the mail for the
purposes of replying to spam, then file the original message to some
spam folder.  Preliminary tests suggest this is what I want.

>   - Debugging procmail filters is....difficult.  My understanding is
>     that I should be able to take a message, say, dumped to the backup
>     directory, and run it through procmail with:
> 
>       $ cat message | procmail procmailrc-file
> 
>     ...which will filter one message 'message' through procmail using
>     the procmail rc file 'procmailrc-file'.  But it don't seem to work
>     for me.  Clue?

Setting the "VERBOSE=yes" variable helps.  Diagnostics are printed to
stdout.



On another note, my ISP disabled my account for a 24 hour period due to
an autoresponder war I'd managed to get into with a third-party ISP's
abuse@ address.  Their abuse message:

   1. Came from a non-recognized address.

   2. Tripped two 'likely spam' keywords, include "remove" and
     "commercial *mail.

   3. On account of prior issues, I'd removed the 'spam-reply.txt'
      file, so my responses were 

After exchanging some 353 messages in a 24 hour period, the other party
blacklisted my ISP for email.  My ISP killed my account as part of its
abuse response ten days later (I've had words, and received a grand
total of $0.70 pro rata reimbursement for the downtime <g>).

I've recommended to Brian White, and he's added to the default
whitelist, the following general response accounts:

    # Useful addresses to keep open
    postmaster@
    abuse@
    administrator@
    root@

...would recommend others do same.

-- 
Karsten M. Self <kmself@ix.netcom.com>     http://www.netcom.com/~kmself
 Evangelist, Zelerate, Inc.                      http://www.zelerate.org
  What part of "Gestalt" don't you understand?      There is no K5 cabal
   http://gestalt-system.sourceforge.net/        http://www.kuro5hin.org

Attachment: pgpNTAP2sVZvO.pgp
Description: PGP signature


Reply to: