.procmailrc problem

am 20.03.2005 15:14:35 von geoff.google.nospam

I'm trying to counter the problem of spammers sending mail purporting
to be from users at a domain of mine. The mails are from
username@domain.tld where the username is a random sequence of
letters. All legitimate addresses on the domain have a keyword in
them. Therefore I should be able to filter bounces relating to the
spam by checking for the existance of this keyword, if the keyworded
address isn't in the header of the message and the message is from a
mail daemon I can assume I don't want to see it.

I think the recipe below should work but a lot of mails are getting
through. Is there a problem with my recipe or could it be that
FROM_MAILER isn't matching everything?

:0
* ^FROM_MAILER
* !keyword.*@domain.tld
! spam_box@domain.tld

Thanks,
Geoff

Re: .procmailrc problem

am 20.03.2005 23:42:29 von Alan Connor

On comp.mail.misc, in
<8eca1bcc.0503200614.6398ddcf@posting.google.com>, "Geoff Soper"
wrote:

> I'm trying to counter the problem of spammers sending mail
> purporting to be from users at a domain of mine. The mails
> are from username@domain.tld where the username is a random
> sequence of letters. All legitimate addresses on the domain
> have a keyword in them. Therefore I should be able to filter
> bounces relating to the spam by checking for the existance of
> this keyword, if the keyworded address isn't in the header of
> the message and the message is from a mail daemon I can assume
> I don't want to see it.
>
> I think the recipe below should work but a lot of mails are
> getting through. Is there a problem with my recipe or could it
> be that FROM_MAILER isn't matching everything?
>

>:0
> * ^FROM_MAILER
> * !keyword.*@domain.tld
> ! spam_box@domain.tld

Geoff,

I don't understand why you are forwarding the mail rather
than just sending it directly to the mailbox, but you
are asking for problems with mail loops.

For sure, I would use formail to add a 'keyword' to the posts
before forwarding them. Notice the space between the '!' and
the keyword regex. I think it is necessary. Maybe not.

:0
* ^FROM_MAILER
* ! keyword.*@domain\.tld
{
:0 f
| formail -A"X-Keyword: foo"

:0
! spam_box@domain.tld

}

Then filter for the presence of that header on any mail
to that address.

HTH,

AC

--
Genuine Usenet Kook
http://angel.1jh.com./nanae/kooks/alanconnor.html

Re: .procmailrc problem

am 21.03.2005 00:01:18 von Sam

Re: .procmailrc problem

am 21.03.2005 23:38:42 von Geoff Soper

"Sam" wrote in message
news:cone.1111359677.534582.10271.500@commodore.email-scan.c om...

Why do your posts appear as attachments in Outlook Express?

Alan's point was perfectly valid, all mail to the domain goes through that
..procmailrc file unless a mailbox explicitly exits so there's a fair chance
of looping. I've certainly fell foul of it before.

Cheers,
Geoff

Re: .procmailrc problem

am 22.03.2005 00:52:23 von Sam

Re: .procmailrc problem

am 22.03.2005 01:04:00 von Alan Connor

On comp.mail.misc, in , "Alan Connor" wrote:
>
>
> On comp.mail.misc, in
><8eca1bcc.0503200614.6398ddcf@posting.google.com>, "Geoff Soper"
> wrote:

My newsfilter reports a radical difference between the headers
of the new post allegedly from "Geoff Soper" and the those in
the original post.

My guess is that "Sam's" mother is letting him use her computer
again.

Why don't you get a better life, "Sam"?

I don't give a tinker's damn what you think or what you post.

I haven't read any of your posts in years (by any of your
hundreds of aliases) and wouldn't read one to save your life.

I'd rather watch paint dry. Much more interesting than the
verbal farts of an ignorant and obnoxious child.

Who remains ignorant because all he does is post shit on
the Usenet.

AC

--
Genuine Usenet Kook
http://angel.1jh.com./nanae/kooks/alanconnor.html

Re: .procmailrc problem

am 22.03.2005 03:18:59 von Sam

This is a MIME GnuPG-signed message. If you see this text, it means that
your E-mail or Usenet software does not support MIME signed messages.

--=_mimegpg-commodore.email-scan.com-9876-1111457938-0005
Content-Type: text/plain; format=flowed; charset="UTF-8"
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
X-Mime-Autoconverted: from 8bit to quoted-printable by mimegpg

Beavis writes:

> On comp.mail.misc, in ,=
"Beavis" wrote:
>>
>>
>> On comp.mail.misc, in
>><8eca1bcc.0503200614.6398ddcf@posting.google.com>, "Geoff Soper"
>> wrote:
>
>
>
> My newsfilter reports a radical difference between the headers
> of the new post allegedly from "Geoff Soper" and the those in
> the original post.
>
> My guess is that "Sam's" mother is letting him use her computer
> again.

Beavis, I thought your amazing sooper-dooper newsfilter automatically
deletes every post in this newsgroup that you didn't post, because everyone
around here is me, according to you.

So what the heck is wrong with your sooper-dooper newsfilter? It slipped
up!

> Why don't you get a better life, "Sam"?
>
> I don't give a tinker's damn what you think or what you post.

Really? You broke my heart, Beavis.

> I haven't read any of your posts in years (by any of your
> hundreds of aliases) and wouldn't read one to save your life.

Of course you don't. It's been a long time since the last time you
announced the same, and it's understandable why you need to remind everyone
that you never see everyone making fun of me.

> I'd rather watch paint dry. Much more interesting than the
> verbal farts of an ignorant and obnoxious child.
>
> Who remains ignorant because all he does is post shit on
> the Usenet.

Sorry, Beavis, but you don't have a monopoly on posting shit to Usenet.

The Beavis
[sung to the theme song from "Flintstones"]

Beavis, meet the Beavis!
He's our silly troll on comp.mail.misc!
Beavis, when reading Beavis,
endless laughter is your only riskâ=A6

Let's watch Beavis having his latest rant,
Even he doesn't know what he meant!

Beavis, meet the Beavis!
He is as smart as a turnip,
what an ugly vermin,
He kooks out all the time!

--=_mimegpg-commodore.email-scan.com-9876-1111457938-0005
Content-Type: application/pgp-signature
Content-Transfer-Encoding: 7bit

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)

iD8DBQBCP4CSx9p3GYHlUOIRAqNBAJ0UXcpftwGBv+8Za982HmyaRIqmPgCf dMcp
de6MOHL6aHtqlRf7DGDUZ8U=
=rPQP
-----END PGP SIGNATURE-----

--=_mimegpg-commodore.email-scan.com-9876-1111457938-0005--

Re: .procmailrc problem

am 22.03.2005 18:03:13 von Geoff Soper

No really, it is! If the specified address on the domain does not exist as a
mail box then it goes to a default, catch-all box, the one with the
..procmailrc I'm discussing. Hence if the address the .procmailrc file sends
a message to does not exist as a mail box it'll end up going through the
..procmail file again, and again, ad infinitum. Just as Alan said. This has
happened to me in the past when I made a mistake so I'm pretty familiar with
it.

I hope you understand now,
Geoff

----- Original Message -----
From: "Sam"
Newsgroups: comp.mail.misc
Sent: Monday, March 21, 2005 11:52 PM
Subject: Re: .procmailrc problem

> Alan's point was perfectly valid,

No, it's not.

> all mail to the domain goes through that
> .procmailrc file unless a mailbox explicitly exits so there's a fair
> chance
> of looping. I've certainly fell foul of it before.

The .procmailrc recipe forwards the message to a DIFFERENT mailbox.

No possibility of a mail loop.

Re: .procmailrc problem

am 23.03.2005 01:30:31 von Sam

Re: .procmailrc problem

am 23.03.2005 23:25:58 von Geoff Soper

Could you expand on this please? I'm aware of spammers sending messages
purporting to be from random_characters@my_domain.tld and I've already dealt
with that, is there anything else I should be aware of?

Thanks,
Geoff

"Sam" wrote in message
news:cone.1111537830.649111.23495.500@commodore.email-scan.c om...

Geoff Soper writes:

> No really, it is! If the specified address on the domain does not exist as
> a
> mail box then it goes to a default, catch-all box, the one with the
> .procmailrc I'm discussing. Hence if the address the .procmailrc file
> sends
> a message to does not exist as a mail box it'll end up going through the
> .procmail file again, and again, ad infinitum. Just as Alan said. This has
> happened to me in the past when I made a mistake so I'm pretty familiar
> with
> it.
>
> I hope you understand now,

I understand that you are not aware of that using catch-all mailboxes
might've been a reasonable approach many years ago, but in today's Internet
this is not a very smart thing to do.

Mail loops is the least of your problems.

Re: .procmailrc problem

am 24.03.2005 00:58:38 von Sam