[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Using procmail to deal with backscatter spam

  Recently there have been a couple of treads on this subject
 on the Debian user mailing list, and elsewhere.

  As a recipient of the mail addressed to security@debian.org
 I see large numbers of mail bounces every couple of weeks, due
 to joe-job attacks.

  These are the rules that I currently use to filter bounces
 via my ~/.procmailrc file:

#  1. Null envelope == bounce.

#  2.  Delivery Status Notifications == bounce too.
:0 A
* ^Content-Type:[   ]*multipart/report;[    ]*\/[^  ].*
* ^Mime-Version:.*1.*\..*0
* MATCH ?? report-type="?delivery-status"?
* B ?? ^Content-Type:.*message.*delivery-status

  This rule contains tabs and spaces.  You can find the file "rc.request"
 if you "apt-get source procmail" and copy/paste from there if you wish.

  Additionally, since Moritz asked this is how I handle foreign
 language mails:

#  3.a. Define what is "foreign".

# 3.b.  Foreign spam.
* ^Content-Type:.*multipart
* !^X-whitelist: yes
* B ?? $ ^Content-Type:.*^?.*charset="?($UNREADABLE)

  Notice that in each case I'm using trailing "/" as I file messages
 into Maildirs.

  I'm sure these rules could be improved, or added to.  Any and all
 suggestions would be most welcome.


Reply to: