# Spam-filtering script, based on a "Rogue Domain List" # a.k.a. The Hall Of Shame # # Based on the work of Nathan Waddoup (nathan@poboxes.com) # Various additions were made by Harold "Bo" Baur (hbaur@iaehv.nl) # Contact me (evoncken@iaehv.nl) if you have remarks or questions # # $Id: procmailrc.txt,v 1.1 1997/09/21 11:33:10 ed Exp $ #################################### ## START OF CONFIGURATION SECTION ## #################################### # procmail reserved variables # PATH=$HOME/bin:/usr/bin:/bin:/usr/local/bin:. SHELL=/bin/sh #VERBOSE=on # VERY verbose logging, for debugging LOCKTIMEOUT=240 MAILDIR=$HOME/Mail # You'd better make sure it exists LOGFILE=$MAILDIR/procmail.log # recommended # Location of programs CAT=/bin/cat CP=/bin/cp ECHO=/bin/echo FGREP=/usr/bin/fgrep FORMAIL=/usr/local/bin/formail GREP=/usr/bin/grep MV=/bin/mv RM=/bin/rm SORT=/usr/bin/sort # Extract 'From ' header # FROM=`$FORMAIL -x From:` # Extract message-id header # MSGID=`$FORMAIL -x Message-Id:` # Detect mail passing through certain domains # RECEIVED=`$FORMAIL -x Received:` # Set max.limit in bytes for normal mail messages # MAXMSGSIZE=300000 # You may want to point this to a publicly readable directory # so default filtering is available to all users. # FILTERDIR=$HOME/mailfilter # Hall of Shame: ECM/NOSPAM list of rogue domains ROGUELIST=$FILTERDIR/HallOfShame # TwitList: List of twits I don't ever want to receive mail from TWITLIST=$FILTERDIR/TwitList # Default reply for messages originating from one of the banned domains JUNKMAILREPLY=$FILTERDIR/junkmailreply # Default reply for messages that passed through suspicious domains #JUNKRELAYREPLY=$FILTERDIR/junkrelayreply # Default reply for messages that are too large TOOLARGEREPLY=$FILTERDIR/toolargereply ################################ ## START OF FILTERING SECTION ## ################################ # Weed out duplicate mail (based on MSGID) # :0 Wh: msgid.lock | $FORMAIL -D 8192 msgid.cache # Immediately junk ALL mail containing my X-Loop header # (probably indicates that one of my automated replies bounced) # :0: lock.xloop * ^X-Loop:.*death.to.spammers /dev/null # Immediately junk ALL mail containing an X-Advertisement header # (put there by www.iemmc.org at the moment) # :0: lock.xadvert * ^X-Advert /dev/null # Immediately junk ALL mail coming from people on the twitlist # (for now, keep those mails in a folder called 'twitlist' # :0: lock.twit * ? ($ECHO "$FROM" | $FGREP -i -f $TWITLIST) $MAILDIR/twitmail # Look for banned domains in the From header # :0: lock.from * ? ($ECHO "$FROM" | $FGREP -i -f $ROGUELIST) * !^FROM_DAEMON | ( $FORMAIL -r -A"Precedence: junk" -A"X-Loop: noloop@death.to.spammers.com" ; \ $CAT $JUNKMAILREPLY ) | $SENDMAIL -oi -t # Look for banned domains in the MsgId header # :0: lock.msgid * ? ($ECHO "$MSGID" | $FGREP -i -f $ROGUELIST) * !^FROM_DAEMON | ( $FORMAIL -r -A"Precedence: junk" -A"X-Loop: noloop@death.to.spammers.com" ; \ $CAT $JUNKMAILREPLY ) | $SENDMAIL -oi -t # Look for suspicious domains in the 'Received:' header # #:0: lock.received #* ? ($ECHO "$RECEIVED" | $FGREP -i -f $ROGUELIST) #* !^FROM_DAEMON #| ( $FORMAIL -r -A"Precedence: junk" -A"X-Loop: noloop@death.to.spammers.com" ; \ # $CAT $JUNKRELAYREPLY ) | $SENDMAIL -oi -t # Look for messages that exceed a size-limit # (because forwarded messages go through a UUCP-link) # :0 i: lock.size * > $MAXMSGSIZE | ( $FORMAIL -r -A"Precedence: junk" -A"X-Loop: noloop@death.to.spammers.com" ; \ $CAT $TOOLARGEREPLY ) | $SENDMAIL -oi -t ##################################### ## START OF REMOTE CONTROL SECTION ## ##################################### # NOTE - NOT PUBLISHED FOR SECURITY REASONS ################################################################## # END OF FILTER SECTION - FORWARD REMAINING MAIL TO REAL MAILBOX # ################################################################## :0: lock.forward ! my@real.email.address