Using procmail to deal with backscatter spam
Recently there have been a couple of treads on this subject
on the Debian user mailing list, and elsewhere.
As a recipient of the mail addressed to email@example.com
I see large numbers of mail bounces every couple of weeks, due
to joe-job attacks.
These are the rules that I currently use to filter bounces
via my ~/.procmailrc file:
# 1. Null envelope == bounce.
# 2. Delivery Status Notifications == bounce too.
* ^Content-Type:[ ]*multipart/report;[ ]*\/[^ ].*
* MATCH ?? report-type="?delivery-status"?
* B ?? ^Content-Type:.*message.*delivery-status
This rule contains tabs and spaces. You can find the file "rc.request"
if you "apt-get source procmail" and copy/paste from there if you wish.
Additionally, since Moritz asked this is how I handle foreign
# 3.a. Define what is "foreign".
# 3.b. Foreign spam.
* !^X-whitelist: yes
* B ?? $ ^Content-Type:.*^?.*charset="?($UNREADABLE)
Notice that in each case I'm using trailing "/" as I file messages
I'm sure these rules could be improved, or added to. Any and all
suggestions would be most welcome.