Re: Filtering Klez email

To: debian-user@lists.debian.org
Subject: Re: Filtering Klez email
From: Colin Watson <cjwatson@debian.org>
Date: Wed, 2 Oct 2002 16:07:38 +0100
Message-id: <[🔎] 20021002150738.GA16435@riva.ucam.org>
Mail-followup-to: debian-user@lists.debian.org
In-reply-to: <[🔎] Pine.LNX.4.21.0210021031070.2918-100000@watson>
References: <[🔎] Pine.LNX.4.21.0210021031070.2918-100000@watson>

On Wed, Oct 02, 2002 at 10:58:26AM -0400, Patrick Wiseman wrote:
> This is (partly) a bit OT, but can someone suggest a filter which will
> dispose of email in which the email address in the Return-Path header
> differs from that in the From or To headers (which is characteristic of
> Klez-generated email but not of most legitimate email, list email being
> sometimes a notable exception)?  Or perhaps someone can suggest a better
> way of identifying and disposing of Klez-generated email.
> 
> Onlist, a procmail filter would be welcome; offlist (as I have colleagues
> not using Linux) a Groupwise Rule and an Outlook filter would also be
> welcome.

This procmail rule gets rid of virtually all Klez for me:

:0
* ^Content-Type: multipart/alternative
{
  :0B:
  * ^Content-Type: (application/octet-stream|audio/x-(midi|wav))
  * ^Content-Transfer-Encoding: base64
  spam
}

I've never seen any false positives from that, although that could be
because I don't get much in the way of that kind of content in my
legitimate incoming mail.

Cheers,

-- 
Colin Watson                                  [cjwatson@flatline.org.uk]

Reply to:

References:
- Filtering Klez email
  - From: Patrick Wiseman <pwiseman@mindspring.com>

Prev by Date: Re: Stall on postinst of zope-zwiki_0.9.9-2_all.deb, please help
Next by Date: Re: OT: mass installation on XBox
Previous by thread: Filtering Klez email
Next by thread: re: sound - miraculously working
Index(es):
- Date
- Thread