[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: MS mail bombs

On (24/09/03 04:22), Pigeon wrote:
> I've just found getting mailfilter up on woody to be a suitable
> means of passing the time while microwaving pizzas. It's dead easy:
I think my pizza would be crisped by now ;) but thanks for this.
Coincidentally, I was trying to confilgure mailfilter last night to
find, I couldn't invoke it from getmail and so downloaded fetchmail. So
your posting is timely ;)

> 
> 1) apt-get install mailfilter - it only depends on libc, libstdc++ and
>    debconf, so no baddies there. :-)
Installed through dselect - no problem

> 2) modify ~/.fetchmailrc with the 'preconnect "mailfilter"' line,
>    which goes in a slightly non-obvious place, as in my example
>    (attached); only one 'preconnect' line is needed to check multiple
>    mailboxes, as mailfilter gets the info on which boxes to check from
>    its own .rc, not from fetchmail.
Have done this but want to avoid wiping mails off the server for two
days (what I currently do with getmail).  Haven't cracked how to do this
yet ... so using mailfilter alone in "TEST" mode

>    
> 3) modify my attached ~/.mailfilterrc with your POP3 username and
>    password details. The DENY rules to filter out viral crap are
>    translated from posts by Greg Lehey and David Lloyd on the LinuxSA
>    list. The ALLOW lines are to cope with the possibility of list
>    traffic arriving with large log files attached which would
>    otherwise be knocked out by the MAXSIZE limit. You must have the
>    log file. You can add a line 'TEST=yes' to run in 'dummy' mode
>    without actually deleting everything. The DENY and ALLOW lines must
>    not contain line breaks.
I've used your filters only (having commented out the example ones
supplied) but when I look at mailfilter.log it seems to have deleted
everything (in TEST mode luckily).  I can send the log file if needed;
meanwhile I attach my mailfilterrc file.  Can you tell me what I've done
wrong?

>    
> The one thing mailfilter does seem to lack is an option to filter
> based on the output of some external program, so you could link it
> with some Bayesian engine to avoid manually tweaking the rules.   
Manual filtering would be a start given the volume of spam, I currently
receive ;)

[I've cracked actually adding a signature, which was so simple, I can't
imagine why it took me so long - I am currently looking the GPG
documentation but this spate of spam has rather got in the way]

Regards

Clive


-- 
http://www.clivemenzies.co.uk
strategies for business

# -----------------------------------------------------------
# Taken from example rcfile from the INSTALL document and 
# combined with rcfile from pigeon
# -----------------------------------------------------------

# -----------------------------------------------------------
# Logile path (be sure you have write permission in this
# directory; you MUST specify a logfile)
 
LOGFILE=/home/clive/mailfilter.log
 
# -----------------------------------------------------------
# Level of verbosity

VERBOSE=2
 
 
# -----------------------------------------------------------
# POP3 server list (do not change the order of the fields!)
# Note: Port 110 is usually the port POP3 servers use.
#       Currently only POP3 is supported.
 
SERVER=mail.plus.net
USER=xxxxxxxxxxxxxxxxxx
PASS=xxxxx
PROTOCOL=pop3
PORT=110
 
SERVER=mail.plus.net
USER=xxxxxxxxxxxx
PASS=xxxxxxxx
PROTOCOL=pop3
PORT=110
 
SERVER=mailgate.ftech.net
USER=xxxxx
PASS=xxxxxx
PROTOCOL=pop3
PORT=110
 
SERVER=pop1.mail.lhr1.globix.net
USER=xxxxxx
PASS=xxxxxx
PROTOCOL=pop3
PORT=110
 
 
# -----------------------------------------------------------
# Do you want case sensitive e-mail filters? { yes | no }
 
REG_CASE=yes


# -----------------------------------------------------------
# Sets the type of Regular Expression used { extended | basic }
#
# (The default is 'basic', don't change unless you know what you
#  are doing. Extended REs are more complex to set up.)
 
REG_TYPE=extended


# -----------------------------------------------------------
# Maximum e-mail size in bytes that should not be exceeded.
 
MAXSIZE_DENY=1000000


# -----------------------------------------------------------
# Set maximum line length of any field in the message header
# (default is 998 characters per line; 0 to disable option)
 
MAXLENGTH=998


# ----------------------------------------------------------
# Filter rules for detecting spam (each rule must be placed
# in a seperate line)

# These filters detect certain unpleasant e-mail subjects:
# DENY=^Subject:.*Get penis enlargement
# DENY=^Subject:.*WIN MONEY

# This one filters mail from a certain person:
# DENY=^From:.*spammer@any_spam_organisation.com

# This one filters mail from everyone at a certain organisation:
# DENY=^From:.*@any_provider_that_spams.org

# We don't want any of those 'LEGAL' messages either
# while stuff with 'legal' in the subject still interests us:
# DENY_CASE=^Subject:.*LEGAL

# The following filters are to combat the MS Swen worm etc.

DENY=^Content-(Type|Disposition):.*(file)?name=.*\.(asd|bat| chm|cmd|com|dll|exe|hlp|hta|js|jse|lnk|ocx|pif|scr|shb|shm| shs|vb|vbe|vbs|vbx|vxd|wav|wsf|wsh)

DENY=^(Subject|SUBJECT):.*(Latest Net Critical Update|Bug Message|Abort Letter|abort notice|Failure Message)

DENY=^(From|FROM):.*(Microsoft|MS Email Delivery System|Inet Email|Internet Message|Inet Mail Service|MS Internet|Net Delivery Service|MS Mail System|internet email delivery|MS Network Delivery|ms network system|MS Security Services|Inet Mail Storage System)

ALLOW=^From:.*@lists.debian.org
ALLOW=^From:.*@linuxsa.org.au

# Normalises the subject strings before parsing, e.g.
# ',L.E-G,A.L; ,C.A-B`L`E, +.B-O`X` ;D`E`S,C;R,A.MB;L,E.R-]'
# becomes 'LEGAL CABLE BOX DESCRAMBLER' which can be filtered.
#
# If NORMAL is switched on, Mailfilter tries to apply filters
# to both the normalised and the original subject.

NORMAL=yes


# -----------------------------------------------------------
# The maximum e-mail size in bytes that messages from friends
# should not exceed. Set this to 0 if all your friends (ALLOW)
# can send messages as long as they want.
 
MAXSIZE_ALLOW=0
 
 
# ----------------------------------------------------------
# Set list of friends that always pass, if they do not
# exceed the message length of MAXSIZE_ALLOW
 
# This rule allows all mail from a friend who was unlucky enough
# to have signed up with a spam organisation. With DENY we
# block everyone else from that domain though! See above!
# ALLOW=^From:.*a_friend_with_account@any_provider_that_spams.org
 
# Of course we allow e-mail from anyone who has something to say about
# mailfilter:
# ALLOW=^Subject:.*mailfilter

# We also let our girlfriend send any e-mail she wants:
# ALLOW=^From:.*my_girlfriend@any_provider.com

##If  you are new to Regular Expressions and new to Mailfil­
##ter, you might want to experiment a bit, before you  acci­
##       dently delete messages for real. For such cases Mailfilter
##       provides two keywords. TEST can be used to  only  simulate
##       the  deletion of messages and SHOW_HEADERS displays all e-
##       mail headers that get scanned by the program.

              TEST=yes
              SHOW_HEADERS=yes
Reply to: