OT: Asian spam procmail recipies and a sig trap

To: debian-user <debian-user@lists.debian.org>
Subject: OT: Asian spam procmail recipies and a sig trap
From: "Karsten M. Self" <kmself@ix.netcom.com>
Date: Fri, 4 Jan 2002 01:37:12 -0800
Message-id: <[🔎] 20020104013712.R15949@navel.introspect>
Mail-followup-to: debian-user <debian-user@lists.debian.org>

I've implemented a set of rules based on procmail filters to catch Asian
spam. These pre-filter my mail _before_ any processing, including list
or other checks.

The good news is that it catches a hell of a lot of Asian spam (some
light-load stuff with a lot of HTML slipped past but I added tests for
HTML and javascript to off that). I automatically run the bad stuff
through Vipul's ricochet for instant reporting on receipt.

The bad news is that people with "cute" sigs (wavy lines, and other
high-bit characters) get caught by the trap.

Following is from a private response I'd made to an individual. Advice
to the procmail deamons out there -- you might want to set a content
length minimum and/or increase the proportion of high-bit characters
allowed. I also use "whitelist" filtering, and throw in a test for
inclusion on the whitelist before shitcanning a given message.

For the sig artists -- consider the fulfillment which can be attained
through exploring the more challenging constraints of low-bit ASCII
space.

It's your sig.

I've been prompted by the increasing number of Asian spams using various
high-bit charactersets to filter out any such messages as part of my
procmail priority filters, before any other processing occurs. An
automated spam response is triggered as well, which you received. The only fallout for the rule is whitelisted addresses (known senders).
If I start adding these, any given person should only trigger once.

I've tweaked this filter so that it requires a certain minimum length
for the rule to be triggered, since the first of the year.

What it does is count the proportion of high-bit characters within a
message. Your sig contains a number of these characters, and in a short
message, will trip the limit I'd set.

The rules I'm using are based off of some fairly well publicized ones
which are likely to come into increasing use. The trigger limit is 5%
on th original rules, I've set mine for 10% high-charactersets, which
should minimize false positives.

For details:

http://www3.sympatico.ca/walter.dnes/email/chinese/

Still, I'd suggest you consider revising your signature to include
primarially low-bit, standard, ASCII characters, as you're likely going
to find yourself tripping more and more spam filters as time goes by.

Peace.

--
Karsten M. Self <kmself@ix.netcom.com> http://kmself.home.netcom.com/
What part of "Gestalt" don't you understand? Home of the brave
http://gestalt-system.sourceforge.net/ Land of the free
We freed Dmitry! Boycott Adobe! Repeal the DMCA! http://www.freesklyarov.org
Geek for Hire http://kmself.home.netcom.com/resume.html

Attachment: pgpj6HKWn0pas.pgp
Description: PGP signature

Reply to:

Follow-Ups:
- Re: OT: Asian spam procmail recipies and a sig trap
  - From: Osamu Aoki <debian@aokiconsulting.com>

Prev by Date: INN e-mail notification
Next by Date: segmentation fault with kmail and attachements: what am I doing wrong?
Previous by thread: INN e-mail notification
Next by thread: Re: OT: Asian spam procmail recipies and a sig trap
Index(es):
- Date
- Thread