[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: anti-spam package

Erik Andersen wrote:
> And what about people that use fetchmail to grab mail from
> their ISP?  It delivers mail via the local SMTP server and 
> lets the local MDA deliver the mail.  Changing /etc/hosts.allow
> will not block spammers for fetchmail users either.  I currently
> still use procmail as my MDA, and I just have a giant .procmailrc
> to try and > /dev/null all the sites that spam me.  Better ideas
> are welcomed, but I don't think adjusting hosts.allow is going to
> do the job for me.

I also use fetchmail, and I don't need a "giant" procmailrc to filter
out the spam.  The following entry catches 90% of incoming spam, and
has so far not mistakenly classified any mail as spam -- EXCEPT the
debian bug reports, which I deal with separately.

# Spam filter.  Put it last so that it doesn't interfere with the mailing
# list stuff, particularly debian-bugs.
  * (^From: ((newsletter@shoppingplanet\.com)|([a-z]+@widexs.com)|([0-9]+@)))|(^X-Advertisement:)|(^X-P(MFLAGS)|(mflags): [0-9]+[. ][0-9]+$)|(^X-[0-9]: )|(^Comments: Authenticated sender is)

Warning for procmail novices: watch the long line.  The one that
starts with a * has to be _one_ line.

This procmail rules kills:
  - anything from newsletter@shoppingplanet.com
  - anything from any account at widexs.com
  - anything from a digits-only account.
  - anything with an X-Advertisement: header.
  - anything with an X-Pmflags: header that lists two numbers.
  - anything with the X-digit headers used by Cyberpromo.
  - anything with a "Comments: Authenticated sender is" header.
These are all patterns that are very common in the spam mails I
receive, and that I have found nowhere else.  The main exception is
the digits-only account, which is also used by bugs.debian.org.

Because such a method is never fool-proof, I store the filtered mail
in a special folder rather than deleting it.  Every so often I check
this folder to see if contains any non-spam mails.

Note that I have no idea where most of these headers are generated.  I
don't really care, either.  This method works and has so far erred
only on the side of caution.  For all I know, there is a particular
mailer out there that is favoured by spammers :-)

Richard Braakman

TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to
debian-devel-request@lists.debian.org . 
Trouble?  e-mail to templin@bucknell.edu .

Reply to: