current-users: Re: recent spam attacks...

Subject: Re: recent spam attacks...
To: Wailer <banshee@gabriella.abattoir.com>
From: Jeff Thieleke <thieleke@beagle.dyn.ml.org>
List: current-users
Date: 09/24/1997 00:19:28
> This is totally the wrong place for this discussion; but I'm not
> so certain where the right place is.  I presently filter spam


procmail@Informatik.RWTH-Aachen.DE


> using blackhole routes (successful) and domain filtering (of
> questionable value).  I'd be very interested in seeing a set of
> procmail rules to detect spam.


Here is my first line of procmail defense against spam.  Team this
up with Spam Bouncer <http://www.best.com/~ariel/nospam/>, and you
pretty much have total spam filtering.  To be honest, I don't think
I have received any spam within the past month that even made it
past the IEMMC recipe, which is surprising considering the very simple
checks made by the following.  Speaking of simple, getting started
with procmail is much easier than I would have though a month ago.  Once
you have a simple .procmailrc file started, it is only a matter of time
before you write/steal enough good recipes to make procmail a very effective 
tool.

I put the following near the top of my .procmailrc, followed by the
sorting by mailing list recipes, then the Spam Bouncer INCLUDERC. 
Fortunately, the spam traffic on the NetBSD mailing lists is light and
simple enough to be filtered out by the following recipes, so you 
don't have to run every mailing list email through the complicated
Spam Bouncer checks, although it wouldn't hurt to do so.



# Dump the obvious spam before it gets any further
:0:
* ^Comments: Authenticated sender
* !^X-Mailer: Pegasus Mail
| $FORMAIL -A"X-Sorted: *** Authenticated SPAM! ***" >>$SPAMFOLDER

:0:
*^X-Advert.*
| $FORMAIL -A"X-Sorted: *** SPAM (with X-Advertisement) ***" >>$SPAMFOLDER

:0:
*^TO(friend|neighbor|nobody|you|success)
| $FORMAIL -A"X-Sorted: *** SPAM is NOT my "friend" ***" >>$SPAMFOLDER

:0:
*^TO.*(public|nowhere)\.com
| $FORMAIL -A"X-Sorted: *** SPAM to *@(public|nowhere).com ***" >>$SPAMFOLDER

:0:
* ^.*iemmc
| $FORMAIL -A"X-Sorted: *** SPAM via IEMMC! ***" >>$SPAMFOLDER

:0 B: 
* (This is a one time mailing|\
   You must be over (18|21)|\
   NO Credit Checks|\
   ("REMOVE"|REMOVE) in the subject (field|line))
| $FORMAIL -A"X-Sorted: *** SPAM! (Rule 1) ***" >>$SPAMFOLDER

:0 BD:
* GUARANTEED
| $FORMAIL -A"X-Sorted: *** SPAM! (Rule 2) ***" >>$SPAMFOLDER





Jeff Thieleke