Re: anti-spam package

To: debian-devel@lists.debian.org
Subject: Re: anti-spam package
From: dark@xs4all.nl (Richard Braakman)
Date: Thu, 14 Aug 1997 23:04:09 +0200 (CEST)
Message-id: <[🔎] m0wz73x-001NJaC@night>
In-reply-to: <[🔎] Pine.SOL.3.95q.970814122543.27446A-100000@ultra1> from Erik Andersen at "Aug 14, 97 12:33:40 pm"

Erik Andersen wrote:
> And what about people that use fetchmail to grab mail from
> their ISP?  It delivers mail via the local SMTP server and 
> lets the local MDA deliver the mail.  Changing /etc/hosts.allow
> will not block spammers for fetchmail users either.  I currently
> still use procmail as my MDA, and I just have a giant .procmailrc
> to try and > /dev/null all the sites that spam me.  Better ideas
> are welcomed, but I don't think adjusting hosts.allow is going to
> do the job for me.

I also use fetchmail, and I don't need a "giant" procmailrc to filter
out the spam.  The following entry catches 90% of incoming spam, and
has so far not mistakenly classified any mail as spam -- EXCEPT the
debian bug reports, which I deal with separately.

# Spam filter.  Put it last so that it doesn't interfere with the mailing
# list stuff, particularly debian-bugs.
:0
  * (^From: ((newsletter@shoppingplanet\.com)|([a-z]+@widexs.com)|([0-9]+@)))|(^X-Advertisement:)|(^X-P(MFLAGS)|(mflags): [0-9]+[. ][0-9]+$)|(^X-[0-9]: )|(^Comments: Authenticated sender is)
  filtered-spam

Warning for procmail novices: watch the long line.  The one that
starts with a * has to be _one_ line.

This procmail rules kills:
  - anything from newsletter@shoppingplanet.com
  - anything from any account at widexs.com
  - anything from a digits-only account.
  - anything with an X-Advertisement: header.
  - anything with an X-Pmflags: header that lists two numbers.
  - anything with the X-digit headers used by Cyberpromo.
  - anything with a "Comments: Authenticated sender is" header.
These are all patterns that are very common in the spam mails I
receive, and that I have found nowhere else.  The main exception is
the digits-only account, which is also used by bugs.debian.org.

Because such a method is never fool-proof, I store the filtered mail
in a special folder rather than deleting it.  Every so often I check
this folder to see if contains any non-spam mails.

Note that I have no idea where most of these headers are generated.  I
don't really care, either.  This method works and has so far erred
only on the side of caution.  For all I know, there is a particular
mailer out there that is favoured by spammers :-)

-- 
Richard Braakman

--
TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to
debian-devel-request@lists.debian.org . 
Trouble?  e-mail to templin@bucknell.edu .

Reply to:

Follow-Ups:
- Re: anti-spam package
  - From: Roderick Schertler <roderick@argon.org>
- Re: anti-spam package
  - From: Carey Evans <c.evans@clear.net.nz>

References:
- Re: anti-spam package
  - From: Erik Andersen <andersen@inconnect.com>

Prev by Date: Re: Debian info for Sys Admins - RFC.
Next by Date: Re: Need advice for migration to pgsql
Previous by thread: Re: anti-spam package
Next by thread: Re: anti-spam package
Index(es):
- Date
- Thread