[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Filtering Klez email

On Wed, Oct 02, 2002 at 10:58:26AM -0400, Patrick Wiseman wrote:
> This is (partly) a bit OT, but can someone suggest a filter which will
> dispose of email in which the email address in the Return-Path header
> differs from that in the From or To headers (which is characteristic of
> Klez-generated email but not of most legitimate email, list email being
> sometimes a notable exception)?  Or perhaps someone can suggest a better
> way of identifying and disposing of Klez-generated email.
> Onlist, a procmail filter would be welcome; offlist (as I have colleagues
> not using Linux) a Groupwise Rule and an Outlook filter would also be
> welcome.

This procmail rule gets rid of virtually all Klez for me:

* ^Content-Type: multipart/alternative
  * ^Content-Type: (application/octet-stream|audio/x-(midi|wav))
  * ^Content-Transfer-Encoding: base64

I've never seen any false positives from that, although that could be
because I don't get much in the way of that kind of content in my
legitimate incoming mail.


Colin Watson                                  [cjwatson@flatline.org.uk]

Reply to: