[prev in list] [next in list] [prev in thread] [next in thread]
List: procmail
Subject: =?iso-8859-1?q?Re=3A_Buy_Xanax=AE=3A?=
From: PSE-L () mail ! professional ! org (Professional Software Engineering)
Date: 2003-10-27 18:31:54
[Download RAW message or body]
At 12:14 2003-10-27 +0500, Mahmood Iqbal Hashmi wrote:
>I am getting too much emails from various clients but the email body
>is the same whenever the sender address is change always. So, I put
>some rows in /etc/procmailrc to stop these emails as some one adviced
>me before but email is still comming.
Generally speaking, tagging *PHRASES* is a losing battle. So is checking
the BODY for them, considering the different ways a body can be encoded
(BASE64, HTML with interspersed comments, HTML ordinals, etc).
>My /etc/procmailrc:
>-------------------
>:0 B
>* 1^0 (filename|name)=.*\.
>(bat|lnk|scr|cpl|pif|cmd|com|dll|vbs|Installer573.exe)
This sort of rule should be SEPARATE from the other cruft (since it seems
to be a VIRUS filter, not a drug one. Also, the DOT in the
"installer573.exe" should be escaped.
>* 1^0 ^Buy Vicodin Online!
>* 1^0 ^Buying it online is easy and legal
>* 1^0 ^No Prior Prescription needed!
>* 1^0 ^Free Online Consultation!
>* 1^0 ^Free Fedex Delivery!!
>/var/log/virus/BayVicodinOnline
Might be easier to weigh things: add points for _each_ occurrence of
keywords. That way, you can move away from looking at specific phrases.
Also, anchoring these phrases to the BEGINNING OF THE LINE probably isn't a
great idea if you're going to use complete phrases: a single whitespace, or
some HTML construct, and what you THINK is at the beginning of a line when
viewing it in your MUA, really isn't.
What's with filing them under /var/log ? These are MESSAGES, not a log of
events.
:0:
* -20
* ^10^1 B ?? (Xanax|Purple\>+Pill|Nexium|Viagra|Vicodin|Valium)
drug_cruft.mbx
You might even adopt the haxor-speak script that was posted to this list
over the weekend for vicodin, and adopt it for others. That deals with
things like spammers using "1" (one) in place of an "l" (ell), etc.
>Email-3:
>Sizinle bağlantı kurdum çünkü eğer aradığım kişiyseniz sahip olduğum
>şey sizin için çok ciddi ve özel bir teklif olabilir.
There have been "hibit" filters posted to this list in the past. I've also
composed an extensive language/charset filter, wherein you define what
languages you _don't_ correspond in, and messages arriving in those
encodings are flagged.
---
Sean B. Straw / Professional Software Engineering
Procmail disclaimer: <http://www.professional.org/procmail/disclaimer.html>
Please DO NOT carbon me on list replies. I'll get my copy from the list.
_______________________________________________
procmail mailing list
procmail@lists.RWTH-Aachen.DE
http://MailMan.RWTH-Aachen.DE/mailman/listinfo/procmail
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic