[mdk-re] Re: [JT] procmail goes after spammers

Чт Фев 14 14:00:12 MSK 2002

Hello Michael,

On Thu, Feb 14, 2002 at 11:10:30AM +0200, Michael Shigorin wrote:
>
> On Thu, Feb 14, 2002 at 01:00:33AM +0300, Mikhail Zabaluev wrote:
> > Вот procmail -- это сила. 5 минут назад в очередной раз опустошил папку
> [...]
> > -- чистота :) Плюс к тому: автоматическое уведомление провайдеров
> > особо надоедливых и псевдо-отлупы со смыслом
> > "адресат по указанному адресу не проживает/выбыл/умер/ушла на базу".
> Тезка, я извиняюсь -- а _это_ счастье опакечивается? ;)

Ну (скромно потупившись), оно вряд ли того стоит, да и настроено на
"моих" спаммеров.
Есть как минимум одно "окончательное решение спаммерского вопроса"
в виде procmail-фильтра, доступное на FM/SF.
Могу лишь приложить свои файлы, если кому пригодится.

-- 
Stay tuned,
  MhZ                                     JID: mookid на jabber.org
___________
Do you have lysdexia?
----------- следующая часть -----------
MAILDIR=$HOME/Mail/

LOGFILE=$HOME/log/procmail

ME=(mhz@(altlinux\.ru|alt-linux\.org|linux\.ru\.net)|mookid@(mu|sigent)\.ru)

SPAMGUISES=@(aol|hotmail|msn|yahoo)\.com

:0 :
* $^X-Loop: $\LOGNAME@$\HOST
$DEFAULT

# Log all bad deliveries
LOGABSTRACT=all

# Rules that bounce with "bad data"
EXITCODE=65

# Trash all huge messages not addressed to me, that are not mailing list
# digests.
:0
* >65536
* !$^TO_$ME
* !(digest|vital)
/dev/null

# Rules that bounce with "no such user"
EXITCODE=67

# Deal with messages that bear nasty signs of spam
:0
* ^X-RBL-Warning:|\
  ^X-((Bulkmail|CORONNA|CRUNCHERS|IONK|PLATTER):|(EM|SMTPExp)-)|\
  ^X-Mailer:.*(Caretop|diffondi|em5000|EMailing List Pro|\
               GOTO Software Sarbacane|IncrediMail|LK SendIt|Mailtouch|\
               NetPIMS Merge & Group Mailer|SoftForum-WebMail|SuperMail-2)
{
	:0
	* >10000
	/dev/null

	:0 :
	spam
}

# Charsets that mindless Asian spam uses, I have no chance to read them anyway
:0 :
* (charset.+|=\?)(big5|euc-kr|gb2312|iso-2022-jp|ks_c_5601-1987)
spam

# Process my dear frequent posters ;)

:0
* ^From .*seed\.net\.tw
* ^Received:.*\.ethome\.net\.tw
| $HOME/bin/spam-forward -s '[SPAM ALERT] Oops, they did it again' \
	antispam на ethome.net.tw

:0
* ^From big6 на mailbox\.as
* ^Received:.*\[64\.245\.234
| $HOME/bin/spam-forward -s '[SPAM ALERT] Oops, they did it again' \
	abuse на digex.net

:0
* ^Received:.*registeredsite.com \(\[64\.224\.9\.
| $HOME/bin/spam-forward -s '[SPAM ALERT] Oops, they did it again' \
	abuse на interland.net

:0
* ^From .*einfodirect\.com
* ^Received:.*iexpect\.com \(\[216\.35
| $HOME/bin/spam-forward -s "[SPAM ALERT] <AUTO> {EAI#289-065}" \
	postmaster на iexpect.com abuse на exodus.net

:0
* ^From .*@a-01.com
* ^Received:.*\[209\.52\.29\.18.
| $HOME/bin/spam-forward -s '[SPAM ALERT] Oops, they did it again' \
	abuse на smartt.com

:0
* ^Received:.*\[61\.1(79|87)
* $^From .*(longfbusiness на sina\.com|$SPAMGUISES)
| $HOME/bin/spam-forward -s '[SPAM ALERT] Oops, they did it again' \
	anti-spam на ns.chinanet.cn.net

:0
* ^From .*jdmgames\.(com|net)
* ^Received:.*\[207\.215\.122
| $HOME/bin/spam-forward -s '[SPAM ALERT] (KMM512879C0KM)' \
	abuse на internetive.net abuse на pacbell.net

:0
* $^From .*(buero\.link-m\.de|$SPAMGUISES)
* ^Received:.*\[211\.114\.53\.3[2-9]
| $HOME/bin/spam-forward -s '[SPAM ALERT] Oops, they did it again' \
	insystem на kornet.net

:0
* ^From banks111111hk на yahoo\.com\.hk
* ^Received:.*\[212\.161\.14
| $HOME/bin/spam-forward -s '[SPAM ALERT] Oops, they did it again' \
	abuse на colt.net

:0
* ^From .*(badajob|genie)\.com
* ^Received:.*\[210\.51
| $HOME/bin/spam-forward -s '[SPAM ALERT] Oops, they did it again' \
	tech-group на china-netcom.com

:0
* ^From .*News на MailSRV\.BidBay\.com
* ^Received:.*\.bidbay\.com
| $HOME/bin/spam-forward -s '[SPAM ALERT] Oops, they did it again' \
	postmaster на primenet.com

# Normal delivery
LOGABSTRACT=no
EXITCODE=0
----------- следующая часть -----------
#!/bin/bash
#
# Procmail helper to bounce spam messages.
#

[ "$SENDMAIL" = "" ] && SENDMAIL=/usr/sbin/sendmail
[ "$SENDMAILFLAGS" = "" ] && SENDMAILFLAGS=-oi

subject='[SPAM ALERT]'
while getopts s: opt; do
    subject="$OPTARG"
done

shift $(( $OPTIND - 1 ))

dest="$*"
if [ -z "$dest" ]; then
    echo "Usage: $0 [-s subject] recipient ... <message" >&2
    exit 1
fi

to_line="${*/%/,}"
to_line="${to_line%,}"

(   cat <<EOF
From: $LOGNAME
To: $to_line
Subject: $subject
Precedence: bulk
X-Loop: $LOGNAME@$HOST
MIME-Version: 1.0
Content-Type: text/plain
Content-Transfer-Encoding: 8bit

Hello,

This is an automatically generated spam alert.
Feel free to contact me if you have any issues related to this.
The (partial) listing of the message that triggered it
is included below.

EOF
    head -c 8k
    cat >/dev/null
) | $SENDMAIL $SENDMAILFLAGS $dest