From: gman@infinex.com (G-man)
Newsgroups: ba.internet
Subject: Re: tired of spam
Date: 24 Feb 1998 18:24:03 GMT
Organization: Infinex Telecom, Inc. at 415-882-9188

trebor@sirius.com wrote:
: tiles@pyramidtile.com (Bill Furner) wrote:

: >It seems that there are email filtering programs that are too hard to
: >utilize, that requires a lot of understanding to set up. I need one that
: >is user friendly and easy to filter without have to have a PHD, plus one
: >that is low in cost!

Here's the .procmailrc I use. I like it and its simple. I'm sure its not
perfect.


It does the following:
1. If the email has a header "Comments: Authenticated sender is", kill it.
2. If the Received headers contain invalid IPs, kill it.
3. If "nowhere.com" is in any header, kill it.
4. If the Message-Id header exist and is empty, kill it.
5. If any Received headers contain "!", kill it.
6. If X-Advertisement header exists. kill it.
7. If the Return-Path contains a "!". kill it.
8. If the To or Cc fiends contains "Friend@public.com", kill it!
9. If the To or Cc contains "@domain.com", kill it.

Then if any of the above is true, a email is sent back (hopefully) saying
Unknown User.

:0
* (^Comments: Authenticated sender is|\
   ^Received.*\[[0-9\.]*([03-9][0-9][0-9]|2[6-9][0-9]|25[6-9])\][^\.]|\
   .*@nowhere.com|\
   ^Message-Id: <>|\
   ^Received:.*!|\
   ^X-Advertisement:.*|\
   ^Return-Path:.*!|\
   ^(To|Cc): Friend@public.com|\
   ^(To|Cc):.*@domain.com)
{
	EXITCODE=67

	:0 i
	/dev/null
}

Use the one below if you don't want e-mail that is directly sent to you.
This breaks some mailing lists and InterNIC domain registrations. Make
sure you change YOUR_USERNAME to your username (ie my e-mail address is
gman@infinex.com so I would replace YOUR_USERNAME with "gman")

:0
* !^(To|Cc):.*YOUR_USERNAME
/dev/null

--
It's nice having Multiple Personalities! gman@infinex.com
http://www.infinex.com/~gman Keeper of Bay Area
B.A.S.P: Shell
Linux => OS for the Computer-Literate! Providers List
(=E G-man, G-DoG, Archy, LoOoD, Gary B. from E.C and FoG CiTY


Date: Wed, 08 Jan 1997 21:50:04
Newsgroups: news.admin.net-abuse.email
Subject: Setting procmail to complain to multiple upstream recipients
From: Arthur Wouk at NileNet, Ltd. <awouk@ra.nilenet.com>

In article 5b1ufu$ogc@panix3.panix.com,
Tom Betz Read_the_Mailterms_URL@Bottom_of_my_Post.Please wrote:
...
!
!My procmail dutifully complained to worldnet.att.net about this
!spam coming from their system. However, because procmail exits
!once the first hits appens, it did NOT complain to MCI about
!spam for ITS customers ncia.com and jjplaza.com.
!
!So while I may succeed in shutting down the throwaway account,
!it won't hit the real source of the problem, the MCI sites.
!
!I'd like to instruct procmail to go through the rest of my
!recipes even after it has made its first hit. How can I do it?

consider the following structure (stolen from someone else, by the
way)

        :0
        *^From.*iq-internet.com
        *!^X-Loop: awouk@nilenet.com
        {
        :0 c
        | (formail -rk ; cat $HOME/.reject) | $SENDMAIL -oi -t | \
          elm -s"Abuse not appreciated" tuvak@troi.iq-internet.com, \ 
          kbbanner@aol.com,abuse@sprintlink.net
        :0
        spam
        }


apparently inside the {} pair each :0 initiates a new procedure.
this works, i know, because i have used a variant of it for another
purpose.
--
arthur wouk **********Hail*Dogbert*****
Now and then, an innocent man is sent to the legislature. - Samuel Clemens