Re: anti-spam package
Erik Andersen wrote:
> And what about people that use fetchmail to grab mail from
> their ISP? It delivers mail via the local SMTP server and
> lets the local MDA deliver the mail. Changing /etc/hosts.allow
> will not block spammers for fetchmail users either. I currently
> still use procmail as my MDA, and I just have a giant .procmailrc
> to try and > /dev/null all the sites that spam me. Better ideas
> are welcomed, but I don't think adjusting hosts.allow is going to
> do the job for me.
I also use fetchmail, and I don't need a "giant" procmailrc to filter
out the spam. The following entry catches 90% of incoming spam, and
has so far not mistakenly classified any mail as spam -- EXCEPT the
debian bug reports, which I deal with separately.
# Spam filter. Put it last so that it doesn't interfere with the mailing
# list stuff, particularly debian-bugs.
:0
* (^From: ((newsletter@shoppingplanet\.com)|([a-z]+@widexs.com)|([0-9]+@)))|(^X-Advertisement:)|(^X-P(MFLAGS)|(mflags): [0-9]+[. ][0-9]+$)|(^X-[0-9]: )|(^Comments: Authenticated sender is)
filtered-spam
Warning for procmail novices: watch the long line. The one that
starts with a * has to be _one_ line.
This procmail rules kills:
- anything from newsletter@shoppingplanet.com
- anything from any account at widexs.com
- anything from a digits-only account.
- anything with an X-Advertisement: header.
- anything with an X-Pmflags: header that lists two numbers.
- anything with the X-digit headers used by Cyberpromo.
- anything with a "Comments: Authenticated sender is" header.
These are all patterns that are very common in the spam mails I
receive, and that I have found nowhere else. The main exception is
the digits-only account, which is also used by bugs.debian.org.
Because such a method is never fool-proof, I store the filtered mail
in a special folder rather than deleting it. Every so often I check
this folder to see if contains any non-spam mails.
Note that I have no idea where most of these headers are generated. I
don't really care, either. This method works and has so far erred
only on the side of caution. For all I know, there is a particular
mailer out there that is favoured by spammers :-)
--
Richard Braakman
--
TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to
debian-devel-request@lists.debian.org .
Trouble? e-mail to templin@bucknell.edu .
Reply to: