Re: speedy spam

To: debian-user@lists.debian.org
Subject: Re: speedy spam
From: Clive Menzies <clive@clivemenzies.co.uk>
Date: Tue, 14 Oct 2003 11:56:51 +0100
Message-id: <[🔎] 20031014105651.GS7753@apollo>
Mail-followup-to: debian-user@lists.debian.org
In-reply-to: <[🔎] 3F8BD3D6.7030102@ntlworld.com>
References: <[🔎] 200310140622.41211.jeffelkins@earthlink.net> <[🔎] 3F8BD3D6.7030102@ntlworld.com>

On (14/10/03 11:45), Andrew Hayes wrote:
> Jeff Elkins wrote:
> >Well, hell.
> >
> >I set up a new address (for family) on my server and inadvertently used it 
> >Sunday in a reply to debian-user. It's now being flooded with email 
> >viruses and spam.
> 
> You aren't the only one, since signing up I've been blasted like 
> buggering regardless of Mozillas spam filters, no offense but screw this 
>  for a game of soldiers.
If you search the archive over the last month there have been acres of
posts on this subject and many different ideas for dealing with it.  

I was finding it virtually impossible to work because of the volume of
these MS Swen virus emails.  So I installed mailfilter (woody) and
fetchmail, set up my mailfilterrc as per the attached sample and invoke
mailfilter from fetchmail using preconnect="mailfilter".  My daily
intake of spam is back to more managable levels and I intend to move on
to using something like spamassassin to deal with the balance.

I suggest you uncomment the SHOWHeaders and TEST lines to make sure it
works as you want before using it in earnest.

HTH

Clive
-- 
http://www.clivemenzies.co.uk
strategies for business

# -----------------------------------------------------------
# Clive's RC file from example rcfile in the INSTALL document
# -----------------------------------------------------------


# -----------------------------------------------------------
# Logile path (be sure you have write permission in this
# directory; you MUST specify a logfile)
 
LOGFILE=/home/your-home_dir/.mailfilter.log
 
 
# -----------------------------------------------------------
# Level of verbosity

VERBOSE=3
 
 
# -----------------------------------------------------------
# POP3 server list (do not change the order of the fields!)
# Note: Port 110 is usually the port POP3 servers use.
#       Currently only POP3 is supported.
 
SERVER=whatever.net
USER=your_username
PASS=your_password
PROTOCOL=pop3
PORT=110
 
       	SERVER=another_whatever.net
	USER=another_username
	PASS=another_password
        PROTOCOL=pop3
        PORT=110
 
 
# -----------------------------------------------------------
# Do you want case sensitive e-mail filters? { yes | no }
 
REG_CASE=no


# -----------------------------------------------------------
# Sets the type of Regular Expression used { extended | basic }
#
# (The default is 'basic', don't change unless you know what you
#  are doing. Extended REs are more complex to set up.)
 
REG_TYPE=basic


# -----------------------------------------------------------
# Maximum e-mail size in bytes that should not be exceeded.
 
# MAXSIZE_DENY=1000000


# -----------------------------------------------------------
# Set maximum line length of any field in the message header
# (default is 998 characters per line; 0 to disable option)
 
# MAXLENGTH=998


# ----------------------------------------------------------
# Filter rules for detecting spam (each rule must be placed
# in a seperate line)

# These filters detect certain unpleasant e-mail subjects:

DENY=^Subject:.*Network \(Critical\|Patch\|Security\|Upgrade\|Update\|Pack\)\+
DENY=^Subject:.*Net \(Critical\|Patch\|Security\|Upgrade\|Update\|Pack\)\+
DENY=^Subject:.*Security \(Critical\|Patch\|Security\|Upgrade\|Update\|Pack\)\+
DENY=^Subject:.*Latest \(Critical\|Internet\|Patch\|Security\|Upgrade\|Update\|Pack\)\+
DENY=^Subject:.*Abort \(Announcement\|Report\)* 
DENY=^Subject:.*Current \(Internet\|Security\|Microsoft\|Pack\|Update\)* 
DENY=^Subject:.*Error Letter
DENY=^Subject:.*Bug Letter
DENY=^Subject:.*New Pack
DENY=^Subject:.*viagra
DENY=^Subject:.*\(penis\|Dick\)\+
DENY=^Subject:.*home loan
DENY=^Subject:.*\(Phentermine\|Valium\|Vicodin\|Xanax\)\+
DENY=^Subject:.*Medications
DENY=^Subject:.*Online Pharmacy
DENY=^Subject:.*DISCREET OVERNIGHT PHARMACY
DENY=^Subject:.*Lowest Rates
DENY=^Subject:.*hey there\.\.\.


DENY=^From:.*Microsoft \(Network\|Security\|Corporation\|Email\|Inet\|Mail\|Service\|Message\|Internet\|Customer\|Public\|Support\)*
DENY=^From:.*MS \(Net\|Network\|Security\|Corporation\|Mail\|Service\|Message\|Internet\|Customer\|Support\)*
DENY=^From:.*Customer Bulletin
DENY=^From:.*Internet \(Delivery\|Email\|Service\|System\|Mail\|Message\|Storage\|Upgrade\)\+
DENY=^From:.*Net \(Delivery\|Email\|Service\|System\|Mail\|Message\|Storage\|Upgrade\)\+
DENY=^From:.*Delivery Service
DENY=^From:.*Security Department
DENY=^From:.*Email \(Delivery\|Service\)\+
DENY=^From:.*Storage \(Service\|System\)*
DENY=^From:.*Network \(Client\|Mail\|Storage\|System\|Security\|Service\)\+
DENY=^From:.*Technical \(Assistance\)\+
DENY=^From:.*Public Services
DENY=^From:.*CyberAtlas
DENY=^From:.*youask4it

DENY=^To:.*Net \(Client\|Consumer\|Recipient\|Receiver\|User\)\+
DENY=^To:.*Inet \(Client\|Recipient\)*
DENY=^To:.*Internet \(Client\|Consumer\|Recipient\|Receiver\|User\)\+
DENY=^To:.*Network \(Client\|Consumer\|Recipient\|Receiver\|User\)\+
DENY=^To:.*Mail \(Client\|Consumer\|Recipient\|Receiver\|User\)\+
DENY=^To:.*Email \(Client\|Consumer\|Recipient\|Receiver\|User\)\+
DENY=^To:.*Commercial \(Client\|Customer\|Consumer\|User\)*
DENY=^To:.*Microsoft \(Client\|Customer\|Consumer\|User\)*
DENY=^To:.*Customer
DENY=^To:.*Client




# This one filters mail from everyone at a certain organisation:
DENY=^From:.*@any_provider_that_spams.org

# We don't want any of those 'LEGAL' messages either
# while stuff with 'legal' in the subject still interests us:
DENY_CASE=^Subject:.*LEGAL


# -----------------------------------------------------------
# Normalises the subject strings before parsing, e.g.
# ',L.E-G,A.L; ,C.A-B`L`E, +.B-O`X` ;D`E`S,C;R,A.MB;L,E.R-]'
# becomes 'LEGAL CABLE BOX DESCRAMBLER' which can be filtered.
#
# If NORMAL is switched on, Mailfilter tries to apply filters
# to both the normalised and the original subject.

NORMAL=yes


# -----------------------------------------------------------
# The maximum e-mail size in bytes that messages from friends
# should not exceed. Set this to 0 if all your friends (ALLOW)
# can send messages as long as they want.
 
MAXSIZE_ALLOW=0
 
 
# ----------------------------------------------------------
# Set list of friends that always pass, if they do not
# exceed the message length of MAXSIZE_ALLOW
 
# This rule allows all mail from a friend who was unlucky enough
# to have signed up with a spam organisation. With DENY we
# block everyone else from that domain though! See above!
ALLOW=^From:.*a_friend_with_account@any_provider_that_spams.org
ALLOW=^From:.*pratima@accounting-redhouse.co.uk
 
# Of course we allow e-mail from anyone who has something to say about
# mailfilter:
ALLOW=^Subject:.*mailfilter

# We also let our girlfriend send any e-mail she wants:
ALLOW=^From:.*my_girlfriend@any_provider.com

#    SHOW_HEADERS =yes
#    TEST =yes

Reply to:

Follow-Ups:
- Re: speedy spam
  - From: David Crane <davidcrane@mfire.com>

References:
- speedy spam
  - From: Jeff Elkins <jeffelkins@earthlink.net>
- Re: speedy spam
  - From: Andrew Hayes <aleph.wintermute@ntlworld.com>

Prev by Date: libnss-pgsql: how to cache?
Next by Date: Re: Decent browsers for Linux? Anything to replace IE?
Previous by thread: Re: speedy spam
Next by thread: Re: speedy spam
Index(es):
- Date
- Thread