Re: fighting spam || avoiding spam

[Michelle Konzack <linux4michelle@freenet.de>]

Am 2004-06-07 10:59:45, schrieb John Goerzen:
>On Mon, Jun 07, 2004 at 11:53:07AM -0400, Jaldhar H. Vyas wrote:
>> On Mon, 7 Jun 2004, Santiago Vila wrote:
>> 
>> > BTW: We have to be really stupid to accept messages from open proxies
>> > ourselves at the debian.org domain. Would anyone second a General Resolution
>> > mandating the use of xbl.spamhaus.org in all MXs for debian.org?
>> 
>> Seconded.
>
>Why not sbl-xml.spamhaus.org?

I have this in a procmail-rule but 99% of the spam does 
not fit in this category.

If you have the spam from the last month collected, 
use the attached procmail INCLUDERC to test your mails...


>-- John

Greetings
Michelle

-- 
Linux-User #280138 with the Linux Counter, http://counter.li.org/ 
Michelle Konzack   Apt. 917                  ICQ #328449886
                   50, rue de Soultz         MSM LinuxMichi
0033/3/88452356    67100 Strasbourg/France   IRC #Debian (irc.icq.com)

SUB1=`formail -zxSubject:`
DATE1=`date +"%d/%m/%Y %T"`

###############################################################################
# Open Relay check from www.spamhaus.org
# uses sbl-xbl lists
###############################################################################
#### first IP ####
:0H
* Received:.*\[\/[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+
{ 
 RECEIVIP=${MATCH} 
 
 :0
 * ! RECEIVIP ?? 127.0.0.1
 {
  :0
  *   RECEIVIP ?? ()\/[0-9]+
  {
    QUAD1=${MATCH}
    :0
    *  RECEIVIP ?? [0-9]+\.\/[0-9]+
    {
      QUAD2=${MATCH}
      :0
      *  RECEIVIP ?? [0-9]+\.[0-9]+\.\/[0-9]+
      {
	QUAD3=${MATCH}
        :0
        *  RECEIVIP ?? [0-9]+\.[0-9]+\.[0-9]+\.\/[0-9]+
        {
          RECEIVIPREV="${MATCH}.${QUAD3}.${QUAD2}.${QUAD1}"
        }
      }
    }
    
    :0
    { REVCHECKIP=`host ${RECEIVIPREV}.sbl-xbl.spamhaus.org 2>&1 | grep -v 'not found.'` }
  
    :0
    * $ REVCHECKIP ?? 127\.0\.0\.(2|4)
    {
     LOG="---=== SPAM by SPAMHAUS $DATE1 ===---${NL}"
     :0fhw
     | formail -A "X-YAVR: SPAMHAUS"
     :0fhw
     | formail -i "Subject: SPAMHAUS-$SUB1"
   }
  }
 }
}
  
#### second IP ####
:0H
* Received: from.*\[.*\](.*$)+Received:.*\[\/[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+
{ 
 RECEIVIP2=${MATCH} 
 
 :0
 * ! RECEIVIP2 ?? 127.0.0.1
 {
  :0
  *   RECEIVIP2 ?? ()\/[0-9]+
  {
    QUAD1=${MATCH}
    :0
    *  RECEIVIP2 ?? [0-9]+\.\/[0-9]+
    {
       QUAD2=${MATCH}
       :0
       *  RECEIVIP2 ?? [0-9]+\.[0-9]+\.\/[0-9]+
       {
         QUAD3=${MATCH}
         :0
         *  RECEIVIP2 ?? [0-9]+\.[0-9]+\.[0-9]+\.\/[0-9]+
         {
           RECEIVIP2REV="${MATCH}.${QUAD3}.${QUAD2}.${QUAD1}"
         }
       }
    }
  :0
  { REV2CHECKIP=`host ${RECEIVIP2REV}.sbl-xbl.spamhaus.org 2>&1 | grep -v 'not found.'` }
  
   :0
   * $ REV2CHECKIP ?? 127\.0\.0\.(2|4)
   {
    LOG="---=== SPAM by SPAMHAUS $DATE1 ===---${NL}"    
    :0fhw
    | formail -A "X-YAVR: SPAMHAUS"

    :0fhw
    | formail -i "Subject: SPAMHAUS-$SUB1"
   }
  }
 }
}

:0
* ^Subject.*(SPAMHAUS)
SPAMHAUS/

########################################### END-OF-SPAMHAUS ###################

Attachment: signature.pgp
Description: Digital signature