https://wiki.gacq.com/index.php?title=ProcMail&feed=atom&action=historyProcMail - Historial de revisiones2024-03-29T05:13:04ZHistorial de revisiones para esta página en el wikiMediaWiki 1.29.2https://wiki.gacq.com/index.php?title=ProcMail&diff=1448&oldid=prev192.168.0.105 en 17:57 27 jul 20062006-07-27T17:57:07Z<p></p>
<p><b>Página nueva</b></p><div>= Ejemplos de filtrado de SPAM =<br />
<br />
<pre><nowiki><br />
# I shouldn't be getting mail addressed to that many non-me "Paul"s.<br />
# This is often caused by alphabetized lists of spam target addresses.<br />
:0:<br />
* ^TO_.*(paul[^d]|pauld[^s]).*(paul[^d]|pauld[^s])<br />
spam/too-many-pauls<br />
<br />
<br />
# I don't use any "webmaster" mail aliases for any of my domains, so mail<br />
# sent to any such address is 99.99% likely to be spam.<br />
:0:<br />
* (^TO_|^Received:|^Delivered-To:).*webmaster@<br />
spam/webmaster<br />
<br />
<br />
# These are addresses that exist solely in the whois database as contacts<br />
# for domain names. If you're sending mail to one of these addresses, you'd<br />
# better have a valid reason. Mail from the current registrar is<br />
# automatically accepted previous to this point.<br />
:0:<br />
* (^TO_|^Delivered-To:|^Received:).*(dns..200.@horde\.com)<br />
* !^Subject:.*((kagomi\.com)|(quotes-r-us\.org)|(horde\.com)|(domain)|(renew)|(expir)|(pairnic))<br />
spam/dns<br />
<br />
<br />
# I ain't your "friend", palooka.<br />
#:0:<br />
#* ^TO_.*friend@public\.com<br />
#spam/to<br />
<br />
<br />
# Sent via known bulk mailers.<br />
#:0:<br />
#* ^X-Mailer:.*((MassE-Mail)|Extractor|Floodgate|(Emailer Platinum)|JumboMail|(Advanced Mass Sender)|GreenRider|(The Bat)|(FoxMail .*cn))<br />
#spam/mailer<br />
<br />
<br />
# No legit mailer is gonna generate an all-caps subject header.<br />
#:0 D:<br />
#* ^SUBJECT<br />
#spam/upper-case-subject<br />
<br />
<br />
# This header seems to never appear in legitimate e-mail, but does<br />
# occasionally in spam, presumably as an artifact of poorly forged date<br />
# headers.<br />
#:0:<br />
#* ^Date-warning:<br />
#spam/date-warning<br />
<br />
<br />
# Ok, thanks for being up-front about being a spammer. I think I'll nuke<br />
# you now.<br />
#:0:<br />
#* ^Subject:.*\<br />
#spam/subject<br />
<br />
<br />
# A similar, recent trend.<br />
#:0:<br />
#* ^Subject:.*\<br />
#spam/subject<br />
<br />
<br />
# I don't want to buy millions of e-mail addresses, thankyouverymuch.<br />
#:0:<br />
#* ^Subject:.*(000|million|verified).*(e-mail|email)?.*address<br />
#spam/subject<br />
<br />
<br />
# If you're excited about credit cards or mortgage rates, you're probably<br />
# stupid. (Note the exclamation point at the end.)<br />
#:0:<br />
#* ^Subject:.*((mortgage.*rate)|(credit card)|insurance|market|debt|buy|(financial freedom)|(\$)|wealth).*!<br />
#spam/subject<br />
<br />
<br />
# If you're excessively excited about pretty much anything, I probably don't<br />
# want to talk to you.<br />
#:0:<br />
#* ^Subject:.*!!!<br />
#spam/subject<br />
<br />
<br />
# Capitalist pigs.<br />
#:0:<br />
#* ^Subject:.*\$.*\$<br />
#spam/subject<br />
<br />
<br />
# Yeah, right.<br />
#:0:<br />
#* ^Subject:.*disney.*x.*archiv<br />
#spam/subject<br />
<br />
<br />
# No I didn't.<br />
#:0:<br />
#* ^Subject: Re:.*info.*requested<br />
#spam/subject<br />
<br />
<br />
# Stalk much?<br />
#:0:<br />
#* ^Subject:.*find out.*anything.*anyone<br />
#spam/subject<br />
<br />
<br />
# Enough already.<br />
#:0:<br />
#* ^Subject:.*((got debt)|(tax problems))<br />
#spam/subject<br />
<br />
<br />
# Thanks, I'm all set.<br />
#:0:<br />
#* ^Subject:.*((stop)|(quit)).*((smok)|(snor))<br />
#spam/subject<br />
<br />
<br />
# Not generally they're not.<br />
#:0:<br />
#* ^Subject:.*girl.*crazy<br />
#spam/subject<br />
<br />
<br />
# No thanks, I already know everything.<br />
#:0:<br />
#* ^Subject:.*((computer)|( it )).*((train)|(scholarship))<br />
#spam/subject<br />
<br />
<br />
# I don't think I will, thanks.<br />
#:0:<br />
#* ^Subject:.*((check.*out)|(see.*this))<br />
#spam/subject<br />
<br />
<br />
# Be suspicious of HTML-only mail. Be very suspicious.<br />
#<br />
# Remember that friends/acquaintences/co-workers/etc are being auto-accepted<br />
# prior to parsing this file. Of course, we can safely assume that none of<br />
# those people would be sending me HTML mail in the first place, since that<br />
# would imply that their intelligence was approximately equal to that of a<br />
# chalupa, and hence I never would have agreed to communicate with them in<br />
# the first place.<br />
:0:<br />
* ^Content-Type: text/html<br />
spam/html<br />
<br />
<br />
# Ditto with this.<br />
:0<br />
* ^Content-Type: multipart/<br />
{<br />
:0 B<br />
* !^Content-Type: text/plain<br />
* ^Content-Type: text/html<br />
spam/html<br />
}<br />
<br />
<br />
# I don't speak Korean.<br />
# I also don't like to grep the bodies of every incoming message, so I've<br />
# got these two attempts at narrowing the field of investigation a bit.<br />
#:0<br />
#* ^(Received:|From:).*\.kr<br />
#{<br />
# :0 B:<br />
# * charset="ks_c_5601-1987"<br />
# spam/charset<br />
#}<br />
#<br />
#:0<br />
#* ^Content-Type: multipart/alternative<br />
#{<br />
# :0 B:<br />
# * charset="ks_c_5601-1987"<br />
# spam/charset<br />
#}<br />
<br />
<br />
# Reject any mail with a Chinese address in its headers. This may not seem<br />
# reasonable or fair, but considering that China is just one big spam<br />
# factory these days, and since it's been literally years since I've<br />
# received any _legitimate_ mail from a .cn address, I feel quite justified<br />
# in sinking the lot.<br />
#:0:<br />
#* ^(Received:|From:|Reply-To:).*\.cn\><br />
#spam/china<br />
<br />
<br />
# Likewise for Russia. What *is* it with these ex-communist nouveau<br />
# capitalist marketers anyway? Sheesh, get some class, you guys...<br />
#:0:<br />
#* ^(Received:|From:|Reply-To:).*\.ru\><br />
#spam/russia<br />
<br />
<br />
# Nuke anything that contains more than two high-ascii characters in the<br />
# subject. This threshold allows some leeway for things such as "I really<br />
# like the façade of your café", but filters out a lot of crap from Russia,<br />
# etc that slips through the other filters.<br />
#<br />
# Note that the characters in the brackets below are ASCII 0x80 and 0xFF.<br />
# You may not get the right characters if you do a copy+paste from this web<br />
# page. A good hex editor is your friend here. :)<br />
#:0:<br />
#* ^Subject:.*[€-ÿ].*[€-ÿ].*[€-ÿ]<br />
#spam/ascii-garbage<br />
<br />
<br />
# Same deal with the sender's name.<br />
#:0:<br />
#* ^(From:|Sender:|Reply-To:).*[€-ÿ].*[€-ÿ].*[€-ÿ]<br />
#spam/ascii-garbage<br />
<br />
<br />
# Nuke anything that specifies a different character set for the subject<br />
# line. This catches things not caught by the previous rule due to being<br />
# encoded in ASCII chars 0x00-0x7F.<br />
#:0:<br />
#* ^Subject:.*=\?.*\?=<br />
#spam/ascii-garbage<br />
<br />
<br />
# Filter any mail claiming to be from a hotmail.com address that does not<br />
# contain the characteristic "X-Originating-IP" header.<br />
#:0:<br />
#* ^(Received:|From:).*hotmail\.com<br />
#* !^From: postmaster@.*hotmail\.com<br />
#* !^X-Originating-IP<br />
#spam/fake-hotmail<br />
<br />
<br />
# Filter any mail claiming to be from a yahoo.com address whose Message-ID<br />
# header indicates otherwise, unless it appears to be a bounce (which should<br />
# come from a mail daemon).<br />
#:0:<br />
#* ^(Received:|From:).*yahoo\.com<br />
#* !^FROM_MAILER<br />
#* !^Message-ID:.*yahoo(mail)?\.com<br />
#spam/fake-yahoo<br />
<br />
<br />
# Filter any mail claiming to be from a Juno address that does not contain<br />
# the characteristic "X-Mailer: Juno" header.<br />
#:0:<br />
#* ^(Received:|From:).*juno\.com<br />
#* !^X-Mailer: Juno<br />
#spam/fake-juno<br />
<br />
<br />
# Filter any mail claiming to be from a Lycos address that does not contain<br />
# the characteristic "X-Sender-Ip" header.<br />
#:0:<br />
#* ^(Received:|From:).*(lycos|mailcity)\.com<br />
#* !^X-Sender-Ip:<br />
#spam/fake-lycos<br />
<br />
<br />
# This makes me highly suspicious. Exceptions are granted for mail daemons<br />
# and myself (the latter for the benefit of the Autostatus program).<br />
:0:<br />
* ^TO_.*undisclosed.*recipient<br />
* !^FROM_MAILER<br />
* !^From: status(-k)?@horde\.com<br />
spam/undisclosed<br />
<br />
<br />
# Too many spaces in your subject line makes me suspicious. The exceptions<br />
# are for some of majordomo's stupid bounce message formats, and for some<br />
# messages from cron.<br />
:0:<br />
* ^Subject:.* .*<br />
* !^Subject:.*Non-member submission<br />
* !^Subject:.*Admin request of type<br />
* !^Subject: Cron.*root<br />
spam/spaces<br />
<br />
<br />
# Yeah, I bet. But I don't think that's my name.<br />
#:0:<br />
#* ^To:.*(urgent|important|customer)<br />
#spam/to<br />
<br />
<br />
# Some spammers forge usernames that contain multiple consecutive dashes.<br />
#:0:<br />
#* ^From:.*--<br />
#spam/from<br />
<br />
<br />
# I doubt I want to hear anything from any marketroid.<br />
#:0:<br />
#* ^From:.*marketing<br />
#spam/from<br />
<br />
<br />
# My username isn't actually my real name, and if you were a real<br />
# correspondent you'd know that.<br />
:0:<br />
* ^Subject:.*(hey|hi).*paulds<br />
spam/subject<br />
<br />
<br />
# Likewise.<br />
:0:<br />
* ^Subject: paulds<br />
spam/subject<br />
<br />
<br />
# Similarly, very few legitimate correspondants will prefix the subject with<br />
# my name in this way.<br />
:0:<br />
* ^Subject: Paul( Stauffer)?[,:] .*<br />
spam/subject<br />
<br />
<br />
# Or with just my last name...<br />
:0:<br />
* ^Subject: Stauffer<br />
spam/subject<br />
<br />
<br />
# Look, I know better than to believe that I can copy a DVD onto a CD-ROM,<br />
# alright? Leave me the hell alone.<br />
#:0:<br />
#* ^Subject:.*(burn|copy|make).*dvd<br />
#spam/subject<br />
<br />
<br />
# I like my fat. I'm not interested in loosing it.<br />
#:0:<br />
#* ^Subject:.*loo?se (up to )?[0-9]+ pounds<br />
#spam/subject<br />
<br />
<br />
# Eliminate a lot of incest-related porn spam.<br />
#:0:<br />
#* ^Subject:.*((father)|(\)|(mother)|(\)|(parent)|(\)|(brother)|(daughter)|(sister)|(child)).*((father)|(\)|(mother)|(\)|(parent)|(\)|(brother)|(daughter)|(sister)|(child))<br />
#spam/subject<br />
<br />
<br />
# Highly suspect topics. Again, bear in mind that I preemptively accept all<br />
# mail from several hundred preapproved sources, which constitute the bulk<br />
# of the real people I communicate with. Doing that makes this rule much<br />
# less risky.<br />
#:0:<br />
#* ^Subject:.*((free (password|porn))|adult|credit|income|(mortgage.*(rate|quote))|homeowner|insurance|invest|market|profit|debt|money|(financial(ly)? (freedom|independen))|(web counter)|(great deal)|guarantee|bills|casino|millionaire|(hair loss)|viagra|sex|\|(great news)|(pay(ing)? too much)|( cams? )|pissing|( win )|(microsoft.*(cert|train))|( b2b )|business|(loo?se weight)|(weight loss)|((best|great|awesome|excellent) value)|savings|((printer|toner) cartridges)|( sec?ks )|whore|bestial|\|(instant approval)|\|\|\|(\)|qualif(y|i)|\|\|(complimentary)|((no|low)[ -](cost|fee|charge)))<br />
#spam/subject<br />
<br />
<br />
# Catch some overzealous religious spam.<br />
#:0:<br />
#* ^Subject:.*((jesus christ)|(sinner)|(\)|(\)|(\.*!))<br />
#spam/subject<br />
<br />
<br />
# I don't believe in a free lunch.<br />
#:0:<br />
#* ^Subject:.*((\)|(claim)|(receive)|(won)).*(free|reward)<br />
#spam/subject<br />
<br />
<br />
# Keep your "FREE" to yourself...<br />
#:0 D:<br />
#* ^Subject:.*FREE<br />
#spam/subject<br />
<br />
<br />
# Malfunctioning spam software.<br />
#:0:<br />
#* ^Subject:.*RND_UC_CHAR<br />
#spam/subject<br />
<br />
<br />
# Two or more words in all uppercase letters in the subject is a red flag.<br />
#:0 D:<br />
##* ^Subject: .*[A-Z][A-Z]+[^A-Z]+[A-Z][A-Z]+<br />
##* ^Subject: .*\<[A-Z]\>.*\<[A-Z]\><br />
#* ^Subject: (Fwd:|Re:)?[^a-z]*[A-Z][A-Z]+[^a-z]*$<br />
#spam/shouting<br />
<br />
<br />
# Mail claiming to be malware removal tools almost certainly contains a<br />
# virus, worm, or trojan. Not necessarily spam per se, but I don't want to<br />
# see it anyway.<br />
#:0:<br />
#* ^Subject:.*removal tool<br />
#spam/virus<br />
<br />
<br />
# Similarly, I'm not interested in receiving notification that some virus or<br />
# worm decided to use my e-mail address in its "from" line. Again, not<br />
# really spam, but close enough.<br />
:0:<br />
* ^Subject: InterScan.*Alert<br />
spam/metavirus<br />
<br />
<br />
# Feeling defensive? Huh. Wonder why...<br />
#:0 B:<br />
#* (this is not (an? )?(((commercial|unsolicited).*mail)|(spam)|(uce)))|(current laws on commercial.*mail)|(1618 TITLE (III|3|111))|(H\.?R\.? 3113)|(105th Congress)|(passed by the 105th)|(do(es)? not (send|use|(make use of)|support) .* unsolicited .*mail)|(to opt[ -]out)|(opt(ed)?[ -]in)|(if you did not request this)|(one[ -]time ((e-?)?mail|message))|(address was obtained from a purchased list)|(Commercial Electronic Mail Act)|(saf-e mail)|((further|additional) promotional mail)|(not( be)? considered spam)|(centralremovalservice\.com)|(autoemailremoval\.com)<br />
#spam/this-is-not-spam<br />
<br />
<br />
# No more Nigerian Scam mail for me.<br />
#:0 B:<br />
#* Nigeria|Angola|(Sierra[ -]Leone)|Congo<br />
#* account|bank|million<br />
#spam/nigeria<br />
<br />
<br />
# Removed; SA now has its own rc file.<br />
# I generally trust SpamAssassin to do the right thing.<br />
#:0:<br />
#* ^X-Spam-Flag: YES<br />
#spam/spamassassin<br />
<br />
<br />
# Experience has taught me not to trust people who use this MTA.<br />
# Disabled 13 Oct 2003. Got a few false positives, and it was only catching<br />
# a few actual spams anyway.<br />
#:0:<br />
#* ^Received:.*InterMail<br />
#spam/intermail<br />
<br />
<br />
# These guys *totally* piss me off!<br />
:0:<br />
* ^Subject:.*\<br />
spam/blacklist<br />
<br />
<br />
# Misc random spammers. This is where I explicitly deal with places that<br />
# consistently send garbage to me, if it hasn't already been caught by one<br />
# of the more general rules.<br />
:0:<br />
* ^(Received:|From:|To:).*(techvenue\.com|perfdata\.com|conservativefun\.com|clickaction\.net|echampions2000\.com|rnc(mail)?\.org|nmailer\.com|traditionalvalues\.org|churches\.net|snd\.edu\.gr|ioannou@vip\.gr|worldses\.org|wseas|discounts-direct\.com|elki@aol\.com|industryemail\.com|rchproducts\.com|webuniverse\.net|hostex\.com|insertweb\.net|hellasnet\.gr|pathfinder\.gr|optingnow\.com|investorsinsight\.com|yakim5150@yahoo\.com|b2blists\.com|bostonlimoservices\.com|afsmail\.com|artmarket\.com|kongmail\.com|topsites\.com|topsites-us\.com|topsitez\.us|dealsfromtheweb\.com|deerclk\.com|peppypuppy)<br />
spam/blacklist<br />
}}}<br />
<br />
------<br />
<br />
<br />
{{{<br />
# (c) 1996 Fred Morris, m3047@halcyon.com. All rights reserved.<br />
<br />
# Very important to set the shell to csh at Halcyon...<br />
<br />
SHELL=/bin/csh<br />
<br />
# Catch all mail sent to the "cookie"<br />
<br />
:0<br />
* ^TOfredm3047<br />
* !^Subject:.*I-ACK<br />
{<br />
# Return a copy to the sender..<br />
<br />
:0 h c w<br />
* !^FROM_DAEMON<br />
* !^X-Loop: m3047@halcyon.com<br />
| ( formail -r -A"X-Loop: m3047@halcyon.com" \<br />
-I"From: fredm3047@halcyon.com" ;\<br />
cat cookie-note.txt ) | $SENDMAIL -oi -t<br />
<br />
# Strip it to just the headers and two lines of the body<br />
<br />
:0 f b w<br />
| head -2<br />
}<br />
<br />
# Add a header line to known mailing lists<br />
<br />
:0 f<br />
* ^To:.*MEME<br />
| formail -A"X-Mail-List: MEME"<br />
<br />
:0 f<br />
* ^TOwednet|^FROMwednet<br />
| formail -A"X-Mail-List: WEDNET"<br />
<br />
:0 f<br />
* ^To.*slime<br />
| formail -A"X-Mail-List: SLIME"<br />
<br />
# If something's not addressed to me and not a list, headers only,<br />
# save a copy on Halcyon.<br />
<br />
:0<br />
* !^TO.*m3047<br />
* !^X-Mail-List:<br />
{<br />
:0 c:<br />
./mail/junk-mail<br />
<br />
:0 f h w<br />
| formail -A"X-Junk-Mail: Yes"<br />
<br />
:0 f b w<br />
| echo "junk"<br />
}<br />
}}}<br />
<br />
-----<br />
<br />
{{{<br />
# I shouldn't be getting mail addressed to that many non-me "Paul"s.<br />
# This is often caused by alphabetized lists of spam target addresses.<br />
:0:<br />
* ^TO_.*(paul[^d]|pauld[^s]).*(paul[^d]|pauld[^s])<br />
spam/too-many-pauls<br />
<br />
<br />
# I don't use any "webmaster" mail aliases for any of my domains, so mail<br />
# sent to any such address is 99.99% likely to be spam.<br />
:0:<br />
* (^TO_|^Received:|^Delivered-To:).*webmaster@<br />
spam/webmaster<br />
<br />
<br />
# These are addresses that exist solely in the whois database as contacts<br />
# for domain names. If you're sending mail to one of these addresses, you'd<br />
# better have a valid reason. Mail from the current registrar is<br />
# automatically accepted previous to this point.<br />
:0:<br />
* (^TO_|^Delivered-To:|^Received:).*(dns..200.@horde\.com)<br />
* !^Subject:.*((kagomi\.com)|(quotes-r-us\.org)|(horde\.com)|(domain)|(renew)|(expir)|(pairnic))<br />
spam/dns<br />
<br />
<br />
# I ain't your "friend", palooka.<br />
#:0:<br />
#* ^TO_.*friend@public\.com<br />
#spam/to<br />
<br />
<br />
# Sent via known bulk mailers.<br />
#:0:<br />
#* ^X-Mailer:.*((MassE-Mail)|Extractor|Floodgate|(Emailer Platinum)|JumboMail|(Advanced Mass Sender)|GreenRider|(The Bat)|(FoxMail .*cn))<br />
#spam/mailer<br />
<br />
<br />
# No legit mailer is gonna generate an all-caps subject header.<br />
#:0 D:<br />
#* ^SUBJECT<br />
#spam/upper-case-subject<br />
<br />
<br />
# This header seems to never appear in legitimate e-mail, but does<br />
# occasionally in spam, presumably as an artifact of poorly forged date<br />
# headers.<br />
#:0:<br />
#* ^Date-warning:<br />
#spam/date-warning<br />
<br />
<br />
# Ok, thanks for being up-front about being a spammer. I think I'll nuke<br />
# you now.<br />
#:0:<br />
#* ^Subject:.*\<br />
#spam/subject<br />
<br />
<br />
# A similar, recent trend.<br />
#:0:<br />
#* ^Subject:.*\<br />
#spam/subject<br />
<br />
<br />
# I don't want to buy millions of e-mail addresses, thankyouverymuch.<br />
#:0:<br />
#* ^Subject:.*(000|million|verified).*(e-mail|email)?.*address<br />
#spam/subject<br />
<br />
<br />
# If you're excited about credit cards or mortgage rates, you're probably<br />
# stupid. (Note the exclamation point at the end.)<br />
#:0:<br />
#* ^Subject:.*((mortgage.*rate)|(credit card)|insurance|market|debt|buy|(financial freedom)|(\$)|wealth).*!<br />
#spam/subject<br />
<br />
<br />
# If you're excessively excited about pretty much anything, I probably don't<br />
# want to talk to you.<br />
#:0:<br />
#* ^Subject:.*!!!<br />
#spam/subject<br />
<br />
<br />
# Capitalist pigs.<br />
#:0:<br />
#* ^Subject:.*\$.*\$<br />
#spam/subject<br />
<br />
<br />
# Yeah, right.<br />
#:0:<br />
#* ^Subject:.*disney.*x.*archiv<br />
#spam/subject<br />
<br />
<br />
# No I didn't.<br />
#:0:<br />
#* ^Subject: Re:.*info.*requested<br />
#spam/subject<br />
<br />
<br />
# Stalk much?<br />
#:0:<br />
#* ^Subject:.*find out.*anything.*anyone<br />
#spam/subject<br />
<br />
<br />
# Enough already.<br />
#:0:<br />
#* ^Subject:.*((got debt)|(tax problems))<br />
#spam/subject<br />
<br />
<br />
# Thanks, I'm all set.<br />
#:0:<br />
#* ^Subject:.*((stop)|(quit)).*((smok)|(snor))<br />
#spam/subject<br />
<br />
<br />
# Not generally they're not.<br />
#:0:<br />
#* ^Subject:.*girl.*crazy<br />
#spam/subject<br />
<br />
<br />
# No thanks, I already know everything.<br />
#:0:<br />
#* ^Subject:.*((computer)|( it )).*((train)|(scholarship))<br />
#spam/subject<br />
<br />
<br />
# I don't think I will, thanks.<br />
#:0:<br />
#* ^Subject:.*((check.*out)|(see.*this))<br />
#spam/subject<br />
<br />
<br />
# Be suspicious of HTML-only mail. Be very suspicious.<br />
#<br />
# Remember that friends/acquaintences/co-workers/etc are being auto-accepted<br />
# prior to parsing this file. Of course, we can safely assume that none of<br />
# those people would be sending me HTML mail in the first place, since that<br />
# would imply that their intelligence was approximately equal to that of a<br />
# chalupa, and hence I never would have agreed to communicate with them in<br />
# the first place.<br />
:0:<br />
* ^Content-Type: text/html<br />
spam/html<br />
<br />
<br />
# Ditto with this.<br />
:0<br />
* ^Content-Type: multipart/<br />
{<br />
:0 B<br />
* !^Content-Type: text/plain<br />
* ^Content-Type: text/html<br />
spam/html<br />
}<br />
<br />
<br />
# I don't speak Korean.<br />
# I also don't like to grep the bodies of every incoming message, so I've<br />
# got these two attempts at narrowing the field of investigation a bit.<br />
#:0<br />
#* ^(Received:|From:).*\.kr<br />
#{<br />
# :0 B:<br />
# * charset="ks_c_5601-1987"<br />
# spam/charset<br />
#}<br />
#<br />
#:0<br />
#* ^Content-Type: multipart/alternative<br />
#{<br />
# :0 B:<br />
# * charset="ks_c_5601-1987"<br />
# spam/charset<br />
#}<br />
<br />
<br />
# Reject any mail with a Chinese address in its headers. This may not seem<br />
# reasonable or fair, but considering that China is just one big spam<br />
# factory these days, and since it's been literally years since I've<br />
# received any _legitimate_ mail from a .cn address, I feel quite justified<br />
# in sinking the lot.<br />
#:0:<br />
#* ^(Received:|From:|Reply-To:).*\.cn\><br />
#spam/china<br />
<br />
<br />
# Likewise for Russia. What *is* it with these ex-communist nouveau<br />
# capitalist marketers anyway? Sheesh, get some class, you guys...<br />
#:0:<br />
#* ^(Received:|From:|Reply-To:).*\.ru\><br />
#spam/russia<br />
<br />
<br />
# Nuke anything that contains more than two high-ascii characters in the<br />
# subject. This threshold allows some leeway for things such as "I really<br />
# like the façade of your café", but filters out a lot of crap from Russia,<br />
# etc that slips through the other filters.<br />
#<br />
# Note that the characters in the brackets below are ASCII 0x80 and 0xFF.<br />
# You may not get the right characters if you do a copy+paste from this web<br />
# page. A good hex editor is your friend here. :)<br />
#:0:<br />
#* ^Subject:.*[€-ÿ].*[€-ÿ].*[€-ÿ]<br />
#spam/ascii-garbage<br />
<br />
<br />
# Same deal with the sender's name.<br />
#:0:<br />
#* ^(From:|Sender:|Reply-To:).*[€-ÿ].*[€-ÿ].*[€-ÿ]<br />
#spam/ascii-garbage<br />
<br />
<br />
# Nuke anything that specifies a different character set for the subject<br />
# line. This catches things not caught by the previous rule due to being<br />
# encoded in ASCII chars 0x00-0x7F.<br />
#:0:<br />
#* ^Subject:.*=\?.*\?=<br />
#spam/ascii-garbage<br />
<br />
<br />
# Filter any mail claiming to be from a hotmail.com address that does not<br />
# contain the characteristic "X-Originating-IP" header.<br />
#:0:<br />
#* ^(Received:|From:).*hotmail\.com<br />
#* !^From: postmaster@.*hotmail\.com<br />
#* !^X-Originating-IP<br />
#spam/fake-hotmail<br />
<br />
<br />
# Filter any mail claiming to be from a yahoo.com address whose Message-ID<br />
# header indicates otherwise, unless it appears to be a bounce (which should<br />
# come from a mail daemon).<br />
#:0:<br />
#* ^(Received:|From:).*yahoo\.com<br />
#* !^FROM_MAILER<br />
#* !^Message-ID:.*yahoo(mail)?\.com<br />
#spam/fake-yahoo<br />
<br />
<br />
# Filter any mail claiming to be from a Juno address that does not contain<br />
# the characteristic "X-Mailer: Juno" header.<br />
#:0:<br />
#* ^(Received:|From:).*juno\.com<br />
#* !^X-Mailer: Juno<br />
#spam/fake-juno<br />
<br />
<br />
# Filter any mail claiming to be from a Lycos address that does not contain<br />
# the characteristic "X-Sender-Ip" header.<br />
#:0:<br />
#* ^(Received:|From:).*(lycos|mailcity)\.com<br />
#* !^X-Sender-Ip:<br />
#spam/fake-lycos<br />
<br />
<br />
# This makes me highly suspicious. Exceptions are granted for mail daemons<br />
# and myself (the latter for the benefit of the Autostatus program).<br />
:0:<br />
* ^TO_.*undisclosed.*recipient<br />
* !^FROM_MAILER<br />
* !^From: status(-k)?@horde\.com<br />
spam/undisclosed<br />
<br />
<br />
# Too many spaces in your subject line makes me suspicious. The exceptions<br />
# are for some of majordomo's stupid bounce message formats, and for some<br />
# messages from cron.<br />
:0:<br />
* ^Subject:.* .*<br />
* !^Subject:.*Non-member submission<br />
* !^Subject:.*Admin request of type<br />
* !^Subject: Cron.*root<br />
spam/spaces<br />
<br />
<br />
# Yeah, I bet. But I don't think that's my name.<br />
#:0:<br />
#* ^To:.*(urgent|important|customer)<br />
#spam/to<br />
<br />
<br />
# Some spammers forge usernames that contain multiple consecutive dashes.<br />
#:0:<br />
#* ^From:.*--<br />
#spam/from<br />
<br />
<br />
# I doubt I want to hear anything from any marketroid.<br />
#:0:<br />
#* ^From:.*marketing<br />
#spam/from<br />
<br />
<br />
# My username isn't actually my real name, and if you were a real<br />
# correspondent you'd know that.<br />
:0:<br />
* ^Subject:.*(hey|hi).*paulds<br />
spam/subject<br />
<br />
<br />
# Likewise.<br />
:0:<br />
* ^Subject: paulds<br />
spam/subject<br />
<br />
<br />
# Similarly, very few legitimate correspondants will prefix the subject with<br />
# my name in this way.<br />
:0:<br />
* ^Subject: Paul( Stauffer)?[,:] .*<br />
spam/subject<br />
<br />
<br />
# Or with just my last name...<br />
:0:<br />
* ^Subject: Stauffer<br />
spam/subject<br />
<br />
<br />
# Look, I know better than to believe that I can copy a DVD onto a CD-ROM,<br />
# alright? Leave me the hell alone.<br />
#:0:<br />
#* ^Subject:.*(burn|copy|make).*dvd<br />
#spam/subject<br />
<br />
<br />
# I like my fat. I'm not interested in loosing it.<br />
#:0:<br />
#* ^Subject:.*loo?se (up to )?[0-9]+ pounds<br />
#spam/subject<br />
<br />
<br />
# Eliminate a lot of incest-related porn spam.<br />
#:0:<br />
#* ^Subject:.*((father)|(\)|(mother)|(\)|(parent)|(\)|(brother)|(daughter)|(sister)|(child)).*((father)|(\)|(mother)|(\)|(parent)|(\)|(brother)|(daughter)|(sister)|(child))<br />
#spam/subject<br />
<br />
<br />
# Highly suspect topics. Again, bear in mind that I preemptively accept all<br />
# mail from several hundred preapproved sources, which constitute the bulk<br />
# of the real people I communicate with. Doing that makes this rule much<br />
# less risky.<br />
#:0:<br />
#* ^Subject:.*((free (password|porn))|adult|credit|income|(mortgage.*(rate|quote))|homeowner|insurance|invest|market|profit|debt|money|(financial(ly)? (freedom|independen))|(web counter)|(great deal)|guarantee|bills|casino|millionaire|(hair loss)|viagra|sex|\|(great news)|(pay(ing)? too much)|( cams? )|pissing|( win )|(microsoft.*(cert|train))|( b2b )|business|(loo?se weight)|(weight loss)|((best|great|awesome|excellent) value)|savings|((printer|toner) cartridges)|( sec?ks )|whore|bestial|\|(instant approval)|\|\|\|(\)|qualif(y|i)|\|\|(complimentary)|((no|low)[ -](cost|fee|charge)))<br />
#spam/subject<br />
<br />
<br />
# Catch some overzealous religious spam.<br />
#:0:<br />
#* ^Subject:.*((jesus christ)|(sinner)|(\)|(\)|(\.*!))<br />
#spam/subject<br />
<br />
<br />
# I don't believe in a free lunch.<br />
#:0:<br />
#* ^Subject:.*((\)|(claim)|(receive)|(won)).*(free|reward)<br />
#spam/subject<br />
<br />
<br />
# Keep your "FREE" to yourself...<br />
#:0 D:<br />
#* ^Subject:.*FREE<br />
#spam/subject<br />
<br />
<br />
# Malfunctioning spam software.<br />
#:0:<br />
#* ^Subject:.*RND_UC_CHAR<br />
#spam/subject<br />
<br />
<br />
# Two or more words in all uppercase letters in the subject is a red flag.<br />
#:0 D:<br />
##* ^Subject: .*[A-Z][A-Z]+[^A-Z]+[A-Z][A-Z]+<br />
##* ^Subject: .*\<[A-Z]\>.*\<[A-Z]\><br />
#* ^Subject: (Fwd:|Re:)?[^a-z]*[A-Z][A-Z]+[^a-z]*$<br />
#spam/shouting<br />
<br />
<br />
# Mail claiming to be malware removal tools almost certainly contains a<br />
# virus, worm, or trojan. Not necessarily spam per se, but I don't want to<br />
# see it anyway.<br />
#:0:<br />
#* ^Subject:.*removal tool<br />
#spam/virus<br />
<br />
<br />
# Similarly, I'm not interested in receiving notification that some virus or<br />
# worm decided to use my e-mail address in its "from" line. Again, not<br />
# really spam, but close enough.<br />
:0:<br />
* ^Subject: InterScan.*Alert<br />
spam/metavirus<br />
<br />
<br />
# Feeling defensive? Huh. Wonder why...<br />
#:0 B:<br />
#* (this is not (an? )?(((commercial|unsolicited).*mail)|(spam)|(uce)))|(current laws on commercial.*mail)|(1618 TITLE (III|3|111))|(H\.?R\.? 3113)|(105th Congress)|(passed by the 105th)|(do(es)? not (send|use|(make use of)|support) .* unsolicited .*mail)|(to opt[ -]out)|(opt(ed)?[ -]in)|(if you did not request this)|(one[ -]time ((e-?)?mail|message))|(address was obtained from a purchased list)|(Commercial Electronic Mail Act)|(saf-e mail)|((further|additional) promotional mail)|(not( be)? considered spam)|(centralremovalservice\.com)|(autoemailremoval\.com)<br />
#spam/this-is-not-spam<br />
<br />
<br />
# No more Nigerian Scam mail for me.<br />
#:0 B:<br />
#* Nigeria|Angola|(Sierra[ -]Leone)|Congo<br />
#* account|bank|million<br />
#spam/nigeria<br />
<br />
<br />
# Removed; SA now has its own rc file.<br />
# I generally trust SpamAssassin to do the right thing.<br />
#:0:<br />
#* ^X-Spam-Flag: YES<br />
#spam/spamassassin<br />
<br />
<br />
# Experience has taught me not to trust people who use this MTA.<br />
# Disabled 13 Oct 2003. Got a few false positives, and it was only catching<br />
# a few actual spams anyway.<br />
#:0:<br />
#* ^Received:.*InterMail<br />
#spam/intermail<br />
<br />
<br />
# These guys *totally* piss me off!<br />
:0:<br />
* ^Subject:.*\<br />
spam/blacklist<br />
<br />
<br />
# Misc random spammers. This is where I explicitly deal with places that<br />
# consistently send garbage to me, if it hasn't already been caught by one<br />
# of the more general rules.<br />
:0:<br />
* ^(Received:|From:|To:).*(techvenue\.com|perfdata\.com|conservativefun\.com|clickaction\.net|echampions2000\.com|rnc(mail)?\.org|nmailer\.com|traditionalvalues\.org|churches\.net|snd\.edu\.gr|ioannou@vip\.gr|worldses\.org|wseas|discounts-direct\.com|elki@aol\.com|industryemail\.com|rchproducts\.com|webuniverse\.net|hostex\.com|insertweb\.net|hellasnet\.gr|pathfinder\.gr|optingnow\.com|investorsinsight\.com|yakim5150@yahoo\.com|b2blists\.com|bostonlimoservices\.com|afsmail\.com|artmarket\.com|kongmail\.com|topsites\.com|topsites-us\.com|topsitez\.us|dealsfromtheweb\.com|deerclk\.com|peppypuppy)<br />
spam/blacklist<br />
<br />
</nowiki></pre></div>192.168.0.105