Re: SPAM WARNING: spammers use Debian lists for harvesting
On Wed, Oct 03, 2001 at 05:32:49AM -0400, jgp@operamail.com wrote:
>>===== Original Message From Ailbhe Leamy <ailbhe@ossifrage.net> =====
>>If you post to any mailing list with archives on the web you are likely
>>to have your address harvested by spammers. This is not news.
>
>Yeah, knee-jerk reaction on my behalf, but I would have appreciated
>having the connection between lists and spam made to me when I signed
>up, so, I make it now to anyone who might be tempted to use
>their primary e-mail address for this or any list: don't.
>
Spam on the Internet is like weeds in a garden. You can avoid both but
only if you don't do much on the Net or in the garden.
A more sensible approach is to assume you will be bombarded with offers
of Viagra, of bouncing Asian teen babes and spy software. Altruistic
souls troubled by your poverty will offer chances to make billions. You
know they really are altruists because otherwise they would make the
money themselves instead of taking the time and care to share the secret
of infinite dollars with you.
Now armed with this assumption, set up a .procmailrc or .forward to block
them. To get you started, my .forward which has a way of scoring mail
to filter spam is attached. I get a certain malign pleasure out of
checking my junlmail inbox from time to time just to have the
satisfaction of having the filter work the way I want.
Patrick
# Exim filter
# Error trapping
if error_message then finish endif
logfile $home/log.email 0644 # ... so i can still "mailstat ~/mail.log"
# Allow postmaster access
if $original_local_part is postmaster
then save $home/mail/ehr
logwrite "[$tod_log] ${lc:$h_From:} ${lc:$h_Subject:}: Postmaster"
endif
# All that pesty useful info from root and cron...
if $h_From: contains "root"
then save $home/rootmail
logwrite "[$tod_log]: Root message"
endif
# Scoring spam filters
# See if we can filter rubbish while allowing the few legitimate aol and
# hotmail users through.
# Note - this is copied from an Exim site.
# If we find a "mailto:"; link for which the address is not
# the same as the sender address or return path.
if( ${lc:$message_body} matches
"a\\\\shref=(['\"])mailto:([^@]@[^@])\$1" and
$2 is not {$lc:$return_path} and $2 is not
{$lc:$sender_address})
then
add 60 to n9
endif
if(${lc:$sender_address} matches
"([a-z\\\\d]+)@(lycos|hotmail|aol|yahoo|msn)\\\\.co(\\\\..*|m)" and $1
matches \\d)
then
add 40 to n9
endif
# html mail
if (${lc:$message_body} matches "<html>")
then
add 60 to n9
endif
# javascript mail
if (${lc:$message_body} matches "<script")
then
add 90 to n9
endif
# No UK person I know spells cheque as "check", so trap Americans
if (${lc:$message_body} matches "checks?\\\\spayable\\\\sto.*for\\\\\\$\\\\d+")
then
add 50 to n9
endif
# Freinds don't start emails with "Dear Friend,"
if($message_body matches "Dear Friend,")
then
add 80 to n9
endif
# A lot of spams seem to have a subject which has a number
# (possibly in brackets) at the right-hand side, this is
# designed to catch this
if(${lc:$h_Subject:} matches
"\\\\s\\\\s\\\\s\\\\s+(\\\\(\\\\d+\\\\)|\\\\d+)\\\$")
then
add 40 to n9
endif
# Who's email address is "friend" ?
if(${lc:$h_To:} matches "pkirk" or ${lc:$h_To:} matches "pkgames")
then
add 90 to n9
endif
# Obvious spam clues
if(${lc:$message_body} matches "not spam" or ${lc:$message_body_end}
matches "to be removed" or ${lc:$message_body} matches "not junk mail"
or ${lc:$message_body} matches "spam free")
then
add 80 to n9
endif
# If the To: box is empty, that's suspicious
if(${domain:${lc:$h_To:}} is "")
then
add 30 to n9
endif
if $h_From: contains "wotch.com"
then add 90 to n9
endif
if($h_Subject: matches \\\$\\\$+)
then
add 50 to n9
endif
if(${lc:$sender_host_name} matches "ppp" or ${lc:$sender_host_name}
matches "dial-?up")
then
add 50 to n9
endif
# Stupid offers
if $h_subject: contains "Viagra"
or $h_subject: contains "Credit Cards"
or $h_subject: contains "Weight loss Offer"
or $h_subject: contains "ADV "
or $h_subject: contains "[ADV]"
or $h_subject: contains "ADV:"
or $h_subject: contains "Lowest Mortgage Rates"
or $h_subject: contains "Free Pics"
then add 90 to n9
if($n9 is above 99)
then save
$home/junkmail
logwrite "[$tod_log] ${lc:$h_From:} ${lc:$h_Subject:}: Spam"
finish
endif
if $h_Sender: contains "exim-users-admin@exim.org"
then save $home/exim
logwrite "[$tod_log] ${lc:$h_From:} ${lc:$h_Subject:}: Exim User"
# Getting the speedtouch modem working under Linux
elif $h_To:,$h_Cc:,$h_From: contains "speedtouch"
then save $home/enterprise-hr.com
logwrite "[$tod_log] ${lc:$h_From:} ${lc:$h_Subject:}: Speedtouch"
# Linux from Scratch
elif $h_Reply-To: contains "lfs-"
then save $home/mail/lfs
logwrite "[$tod_log] ${lc:$h_From:} ${lc:$h_Subject:}: LFS"
# Debian - of course
elif $h_To:,$h_Cc:,$h_From: contains "debian-user"
then save $home/debian
logwrite "[$tod_log] ${lc:$h_From:} ${lc:$h_Subject:}: Debian User"
# Old ehr inbox
elif $h_To: matches "inbox@enterprise-hr.com"
then save $home/junkmail
logwrite "[$tod_log] ${lc:$h_From:} ${lc:$h_Subject:}: Spam"
# Deliveries to me
elif $h_To:,$h_Cc: contains "kirks.net"
then save $home/kirks.net
logwrite "[$tod_log] ${lc:$h_From:} ${lc:$h_Subject:}: kirks.net "
# Deliveries to me
elif $h_To:,$h_Cc: contains "enterprise-hr.com"
then save $home/enterprise-hr.com
logwrite "[$tod_log] ${lc:$h_From:} ${lc:$h_Subject:}: enterprise-hr.com"
endif
Reply to: