Re: The latest round of antivirus bouncebacks
Hi all,
My posts on this topic generated more heat than light - apologies to
anyone offended.
Ben has a good idea about a consensual agreement as part of
subscribing. Rather than dive straight into what goes into this
agreement, perhaps its worth asking a three questions:
1. What problem do we have that needs to be addressed?
2. How do we address these problems in a way that /encourages/ people
to come here for help if they need it?
3. How can we make sure that the list "regulars" are not subjected to
email they would prefer not to see?
I know that answers will vary. Steve for example is fed up of seeing
tnef autoresponses. I never see them because my .forward autodeletes
them. Likewise I only see unsubscribe messages when someone misspells
'unsubscribe' so to me they are not a problem. So please take my
comments hereafter as one person's opinion rather than an attempt to
impose.
Ben's first rule "No spam" - I don't know if we get spam from
subscribers. But a sensible thing to ask for.
Ben's second rule "No html" - why? Are there still email clients that
can't render html? I use Evolution and mutt. Both work fine with html.
People who subscribe from work often will have no say on this. I
remember the horror of Lotus Notes in a previous employer. I couldn't
even get it to mark letters I replied to as replied to let alone change
the mail format.
Others have suggested no attachments. Why? What attachments have caused
problems? Are there some mail clients out there that force you to read
attachemnts? Really, I am puzzled as to why cutting and pasting a long
file would be felt to be better than attaching it.
If I might make a suggestion, why not offer a debian-user .procmailrc
and .forward that does get rid oof stuff you don't need. Most of the
irratations that Steve and others describe simply don't affect you if
you have even minimal filters set up. I have a .forward that filters
over 20 bits of spam daily. The template is
here...http://colondot.net/mbm/mailfilter.shtml#score It really works.
I'm attaching mine so you can try it and see if copying the rules for
tbef, Korean character sets, unsubscribe messages, etc. makes using the
list a more comfortable experience.
dman posted this for the tnef files...or something like it.
if
$h_X-Mailer: contains "Microsoft Outlook"
and
(
$h_Content-Type: contains "application/ms-tnef;"
or
$h_Content-Type: contains "name=winmail.dat"
)
then
logfile $home/.filterlog 0644
logwrite "[$tod_log] ${lc:$h_From:} ${lc:$h_Subject:}:
AUTO-DELETE"
seen finish
endif
Perhaps if we identified the problems that we are trying to fix (in my
question 1) we could prepare a filter that does some of it it
automatically at user level. That would make the list a more pleasant
place for those regular readers who are fed up of unsubscribe messages,
etc.
Its my opinion that this list is fine, that there is no need to change
it. But if change is felt to be needed I hope we can do it in away that
encourages people who are clueless to subscribe anyway.
Best regards,
--
Patrick Kirk
# Exim filter for Patrick Kirk <patrick@enterprise-hr.com>
# Error trapping
if error_message then finish endif
#####################################################################
#####################################################################
# Step 0
# Things that must be deleted
# dman posted this for the tnef files...or something like it.
if
$h_X-Mailer: contains "Microsoft Outlook"
and
(
$h_Content-Type: contains "application/ms-tnef;"
or
$h_Content-Type: contains "name=winmail.dat"
)
then
logfile $home/.filterlog 0644
logwrite "[$tod_log] ${lc:$h_From:} ${lc:$h_Subject:}: AUTO-DELETE"
seen finish
endif
if
$h_Content-Type: contains "ks_c_5601-1987" # Why so much Korean stuff?
or $h_Content-Type: contains "charset=euc-kr"
or ${lc:$h_Received:} contains "pknews" # Leaks from usenet
or $h_From: contains "Excite Canada" # Why do they mail me?
or ${lc:$h_Received:} contains "esavingszone.com" # Who? Why me?
or ${lc:$h_Received:} contains "pkgames"# Leaks from online games
or $h_From: contains "DelphiForums@email-publisher.com" # Won't go away
or $h_From: contains "wotch.com" # Just won't go away
then
logfile $home/.filterlog 0644
logwrite "[$tod_log] ${lc:$h_From:} ${lc:$h_Subject:}: AUTO-DELETE"
seen finish
endif
#####################################################################
# My scoring system
# Email that has a score of 100 or more is treated as junk.
# Values should be ending in 0, 1, 3, 4 so if a mail has a score of
# 144 you can see it was caught by 6n + 41 + 41
# Idea came from http://colondot.net/mbm/mailfilter.shtml#score
# IMPORTANT
# Exim doesn't like to have the whole lot done in one sweep.
# It likes lots of small tests.
#####################################################################
# Step 1
# Things that are definitely spam
if ${lc:$h_Received:} contains "informit.com" # Useful site; crap mails
or $h_Received: contains "inbox@enterprise-hr.com" # Old ehr inbox after 4 years
or $h_From: contains "@helta.dsvr.co.uk" # Clever spammers mimic my hosting ISP
then add 101 to n1 endif
# Sundry silly spams
if ${lc:$h_To:} contains "friend" # Not your friend
or ${lc:$h_From:} contains "friend" # Not my friend
or $message_body contains "Dear Friend," # Sickening
or $h_subject: contains "ADV " # Wonder that ADV means anyway?
or $h_subject: contains "[ADV]"
or $h_subject: contains "ADV:"
or "$h_subject: $message_body:" matches "bulk .*hosting"
then add 101 to n1 endif
# Can the credit card spammers be caught here?
if $message_body: contains "credit card"
then add 101 to n1 endif
# NUISANCE POSTS TO DEBIAN USER
if ${lc:$h_to:} matches "debian-user"
and $h_subject contains "subscribe"
then add 101 to n1 endif
#####################################################################
# Step 2
# Things that are usually spam.
# Score is 6n so easier to track why individual mails fail
if $h_subject: contains "Viagra" # Dear Lord, 3 kids is enough!
or ($h_Subject: contains \\\$\\\$+) # No dollars for me
or $h_subject: contains "Card" # Credit card scams
or $h_subject: contains "Weight loss Offer" # Fat is a sign of maturity
or $h_subject: contains "Lowest Mortgage Rates" # Got my mortgage
or $h_subject: contains "Free Pics" # Avoid RSI today
# Score the mail
then add 60 to n1 endif
if (${lc:$message_body} contains "<script") # javascript mail
then add 60 to n1 endif
if ${lc:$message_body_end} matches "to be removed"# amazing this works
then add 60 to n1 endif
if ${lc:$message_body} matches "not junk mail" # Trust me
then add 60 to n1 endif
if ${lc:$message_body} matches "spam free" # Nothing is free
then add 60 to n1 endif
# If the To: box is empty, that's suspicious
if (${domain:${lc:$h_To:}} is "")
then add 60 to n1 endif
#####################################################################
# Step 3
# There are a lot of legitimate users of hotmail and
# of html mail. There are other indications that hint
# at spam but that are not conclusive.
if(${lc:$sender_address} contains
"([a-z\\\\d]+)@(lycos|hotmail|aol|yahoo|msn)\\\\.co(\\\\..*|m)" and $1 contains \\d)
then add 43 to n1 endif
if (${lc:$message_body} matches "<html>") # html mail
then add 43 to n1 endif
# If we find a "mailto:"; link for which the address is not
# the same as the sender address or return path.
if (${lc:$message_body} matches "a\\\\shref=(['\"])mailto:([^@]@[^@])\$1"
and $2 is not {$lc:$return_path}
and $2 is not {$lc:$sender_address})
then add 43 to n1 endif
# A lot of spams seem to have a subject which has a number
# (possibly in brackets) at the right-hand side, this is
# designed to catch this
if (${lc:$h_Subject:} contains "\\\\s\\\\s\\\\s\\\\s+(\\\\(\\\\d+\\\\)|\\\\d+)\\\$")
then add 43 to n1 endif
#####################################################################
# Sort the mail by recipe and by score:
# ALLOW POSTMASTER ACCESS
if $h_To:,$h_Cc:,$h_From: contains postmaster
then save $home/kirks.net
logfile $home/.filterlog 0644
logwrite "[$tod_log] ${lc:$h_From:} ${lc:$h_Subject:} $n1: POSTMASTER"
finish endif
# ALL THAT PESTY USEFUL INFO FROM ROOT AND CRON...
if $h_From: contains "root@enterprise-hr.com"
or $h_From: contains "Mailer-Daemon"
then save $home/rootmail
logfile $home/.filterlog 0644
logwrite "[$tod_log] ${lc:$h_From:}: ROOT MESSAGE"
finish endif
# BETTER SEE HOW TO USE ENLIGHTENMENT
if $h_Sender: contains "enlightenment-users@lists.sourceforge.net"
and ($n1 is below 100)
then save $home/enlightenment
logfile $home/.listsfilter 0644
logwrite "[$tod_log] ${lc:$h_From:} ${lc:$h_Subject:} $n1: ENLIGHTENMENT"
finish endif
# GETTING THE SPEEDTOUCH MODEM WORKING UNDER lINUX
if $h_To:,$h_Cc:,$h_From: contains "speedtouch"
then save $home/lists
logfile $home/.listsfilterlog 0644
logwrite "[$tod_log] ${lc:$h_From:} ${lc:$h_Subject:} $n1: SPEEDTOUCH"
finish endif
# GENTOO
if $h_Reply-To: contains "gentoo-user@gentoo.org"
and ($n1 is below 100)
then save $home/gentoo
logfile $home/.listsfilterlog 0644
logwrite "[$tod_log] ${lc:$h_From:} ${lc:$h_Subject:} $n1: GENTOO"
finish endif
# DEBIAN - OF COURSE
if $h_X-Mailing-List: matches "debian-user@lists.debian.org"
and ($n1 is below 100)
then save $home/debian
logfile $home/.listsfilterlog 0644
logwrite "[$tod_log] ${lc:$h_From:} ${lc:$h_Subject:} $n1: DEBIAN"
finish endif
# KIRKS.NET
if $h_Received: contains "patrick@kirks.net"
and ($n1 is below 100)
then save $home/kirks.net
logfile $home/.filterlog 0644
logwrite "[$tod_log] ${lc:$h_From:} ${lc:$h_Subject:} $n1: KIRKS.NET"
finish endif
# BTINTERNET
if $h_Received: contains "patrick.kirk@btinternet.com"
and ($n1 is below 100)
then save $home/kirks.net
logfile $home/.filterlog 0644
logwrite "[$tod_log] ${lc:$h_From:} ${lc:$h_Subject:} $n1: BTINTERNET"
finish endif
# DEFINITE SPAM
if ($n1 is above 99) then save $home/junkmail
logfile $home/.filterlog 0644
logwrite "[$tod_log] ${lc:$h_From:} ${lc:$h_Subject:} $n1: DEFINITE_JUNK"
endif
# ALL THE REST
if not delivered then save $home/kirks.net
logfile $home/.filterlog 0644
logwrite "[$tod_log] ${lc:$h_From:} ${lc:$h_Subject:} $n1: DUBIOUS"
endif
#####################################################################
# EOF - patrick's .forward
Reply to: