Pointer: Foiling spam and other procmail email-filter tips

Pointer: Foiling spam and other procmail email-filter tips

am 18.04.2006 04:12:00 von unknown

Post removed (X-No-Archive: yes)

Re: Pointer: Foiling spam and other procmail email-filter tips

am 19.04.2006 02:30:27 von Alan Connor

On comp.mail.misc, in , "Timo
Salmi" wrote:

> The gentle readers processing their email on a Unix-system,
> or getting their email through a Unix-based system, might be
> interested in the following information.
>
> Timo's procmail tips and recipes
> http://www.uwasa.fi/~ts/info/proctips.html Last-Modified: Fri
> 17-Mar-2006 11:28:28
>
> 1. I want to filter my email automatically. How do I get
> started with procmail?
>
> 2. Building a testbench. How can I test individual procmail
> recipes?
>
> 3. I know how to make "and" rules in procmail recipes, but how
> do I make "or" rules?
>
> 4. How can one perform multiple shell commands on the action
> line?
>
> 5. How can I find out what the subject of a posting is?
>
> 6. How do I get a copy of the headers of all the incoming
> email into a separate file?
>
> 7. Would you give some further hints for spam foiling recipes?
>
> 8. I have limited disk space. How can I truncate long
> messages?
>
> 9. How can I quickly test if my rules with regular expressions
> match?
>
> 10. How can I detect if the email comes, say, from the .com
> domain?
>
> 11. What alternatives do I have to detect a sender all through
> the various header-fields?
>
> 12. How can I extract a valid address from the Reply-To field?
>
> 13. How can I extract the address of the sender's postmaster?
>
> 14. How can I weed out an inordinately long recipient list?
>
> 15. What is this procmail scoring? How can I utilize it?
>
> 16. How can I test if the subject is empty or if the subject
> field is missing altogether?
>
> 17. How can I modify the "To:" field of the email I received?
>
> 18. I have a long list of spammers in a separate file. How can
> I utilize it?
>
> 19. How do I forward certain messages that I get, and preserve
> myself a copy?
>
> 20. How do I forward certain messages to two different
> addresses?
>
> 21. How do I automatically return certain email messages?
>
> 22. My address has changed. How do I forward a copy to myself
> and tell the sender?
>
> 23. How can I set variable values based on the text in the body
> of the email message?
>
> 24. How can I insert some token text in front of the body of
> incoming email?
>
> 25. Do you have any useful tips for regular expression
> matching?
>
> 26. How can I test if two procmail variables have the same
> contents?
>
> 27. I am having difficulties with "<". How does one match it?
>
> 28. How can I insert identification text to the beginning of
> the subject line?
>
> 29. I tried out your tips, but some of them failed on my
> system. What next?
>
> 30. Is there a cure for the echo and grep blues?
>
> 31. How do I know which of my many procmail recipes has been
> enacted?
>
> 32. How can I detect Korean, Cyrillic, or Chinese to avoid such
> frequent spam?
>
> 33. How can I change the subject line and include part of the
> message body to it?
>
> 34. How can I remove the signature from the incoming email?
>
> 35. What unix manuals relating to procmail should I get?
>
> 36. Is it possible to use procmail to call the vacation
> program?
>
> 37. How can I avoid duplicate messages sent in rapid
> succession?
>
> 38. How can I skip logging a certain, matched recipe?
>
> 39. Could you please solve for me this procmail problem of
> mine?
>
> 40. I liked this material. Do you have anything else on
> programming?
>
> 41. Exercises
>
> 42. Acknowledgements for useful advice and/or feedback
>
> All the best, Timo
> --
> Prof. Timo Salmi ftp & http://garbo.uwasa.fi/ archives
> 193.166.120.5 Department of Accounting and Business
> Finance ; University of Vaasa mailto:ts@uwasa.fi
> ; FIN-65101, Finland Digital photos
> collection at http://www.uwasa.fi/ktt/lasktoim/photo/


[Note: I don't read the articles of "Sam" or his numerous
sockpuppets or his 'friends', nor any responses to them, and
haven't for years. He follows me all over the Usenet, and I
still don't read his articles. This _really_ pisses him off.
.]

Alan

--
http://home.earthlink.net/~alanconnor/contact.html
http://home.earthlink.net/~alanconnor/elrav1/cr.html
Other URLs of possible interest in my headers.

Re: Pointer: Foiling spam and other procmail email-filter tips

am 19.04.2006 03:56:56 von Sam

This is a MIME GnuPG-signed message. If you see this text, it means that
your E-mail or Usenet software does not support MIME signed messages.
The Internet standard for MIME PGP messages, RFC 2015, was published in 1996.
To open this message correctly you will need to install E-mail or Usenet
software that supports modern Internet standards.

--=_mimegpg-commodore.email-scan.com-7844-1145411814-0001
Content-Type: text/plain; format=flowed; charset="US-ASCII"
Content-Disposition: inline
Content-Transfer-Encoding: 7bit

Usenet Beavis writes:

> [ absolutely nothing -- just the previous post, in its entirety ]

Why, Beavis, this is the most informative post you've made in a long, long
time.



--=_mimegpg-commodore.email-scan.com-7844-1145411814-0001
Content-Type: application/pgp-signature
Content-Transfer-Encoding: 7bit

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.2 (GNU/Linux)

iD8DBQBERZjmx9p3GYHlUOIRAjjLAJwI9Yw9g9UJiklKsqzaf3ApyDrfQACf exls
PxH1tU0rQM0xXLZqpFxmSy8=
=QIQh
-----END PGP SIGNATURE-----

--=_mimegpg-commodore.email-scan.com-7844-1145411814-0001--

Re: Pointer: Foiling spam and other procmail email-filter tips

am 19.04.2006 22:38:44 von Alan Connor

On comp.mail.misc, in , "Sam" wrote:

http://slrn.sourceforge.net/docs/README.offline>

"Sam" has been trying to get his ignorant and obnoxious
gibberish into my mailboxes for years.

Never has succeeded and it pisses the poor little feeb
off no end.

Nor can he get it into my newsreader, no matter which
alias he is cowering behind at the moment with his tail
between his legs where his balls should be.

But, not being very bright, his repeated failures don't
ever seem to register.

The dimwit has even complained to my ISP about it!

http://home.earthlink.net/~alanconnor/elrav1/cr.html

That's an introduction to the only type of mail filter that
trolls and spammers can't beat.

They hate it.

I'll bet that "Sam" is posting the "kook" URL that can always
be found in my headers:

X-Fanclub: http://www.pearlgates.net/nanae/kooks/ac/

It is maintained by one of his snivelling-punk troll
friends.

I've never read it. I don't read trolldung.

The dickless loser who put up that site can mail me at
any time, and I'll be happy to send him the directions
to my place.

But, of course, he can't do anything but fart on the
Internet for other dimwit trolls to read.

I doubt that he can even waddle to front door to get
a cab, and his mommy probably wouldn't even give him
the fare.

Nor does anyone who can do anything but sit on their fat
butts and post digital diarrhea on the Internet.

My newsfilter kills crossposts to more that three groups,
and any to advocay,kook,windows, and abuse groups.

That's good policy. Keeps a lot of the garbage out of
your downloads.


[Note: I don't read the articles of "Sam" or his numerous
sockpuppets or his 'friends', nor any responses to them, and
haven't for years. He follows me all over the Usenet, and I
still don't read his articles. This _really_ pisses him off.
.]

Alan

--
http://home.earthlink.net/~alanconnor/contact.html
Other URLs of possible interest in my headers.

FAQ: Canonical list of questions Beavis refuses to answer (V1.50) (was Re: Pointer: Foiling s

am 20.04.2006 01:14:10 von Sam

This is a MIME GnuPG-signed message. If you see this text, it means that
your E-mail or Usenet software does not support MIME signed messages.
The Internet standard for MIME PGP messages, RFC 2015, was published in 1996.
To open this message correctly you will need to install E-mail or Usenet
software that supports modern Internet standards.

--=_mimegpg-commodore.email-scan.com-21571-1145488446-0007
Content-Type: text/plain; format=flowed; charset="US-ASCII"
Content-Disposition: inline
Content-Transfer-Encoding: 7bit

Usenet Beavis writes:

> On comp.mail.misc, in , "Sam" wrote:
>
>


>
> "Sam" has been trying to get his ignorant and obnoxious
> gibberish into my mailboxes for years.

See Beavis FAQ #7, below.

> Nor can he get it into my newsreader, no matter which
> alias he is cowering behind at the moment with his tail
> between his legs where his balls should be.

Beavis FAQ #6.

> The dimwit has even complained to my ISP about it!

And your ISP sent you a warning, and told you to cut your shit out.

Still sore from that ass-paddling, eh?

> I'll bet that "Sam" is posting the "kook" URL that can always
> be found in my headers:

You know that I do, Beavis.

> I've never read it. I don't read trolldung.

Of course not. FAQ #7 again.

> My newsfilter kills crossposts to more that three groups,
> and any to advocay,kook,windows, and abuse groups.

Beavis, where can we download this amazing patch to slrn?

> [Note: it's not my fault that I'm a complete dumbass. I was dropped on my
> head as a child. See http://www.pearlgates.net/nanae/kooks/ac/ for
> more information]
>
> Beavis


============================================================ ============

FAQ: Canonical list of questions Beavis refuses to answer (V1.50)

This is a canonical list of questions that Beavis never answers. This FAQ is
posted on a semi-regular schedule, as circumstances warrant.

For more information on Beavis, see:

http://www.pearlgates.net/nanae/kooks/ac/

Although Beavis has been posting for a long time, he always remains silent
on the subjects enumerated below. His response, if any, usually consists of
replying to the parent post with a loud proclamation that his Usenet-reading
software runs a magical filter that automatically identifies anyone who's
making fun of him, and hides those offensive posts. For more information
see question #9 below.

============================================================ ================

1) If your Challenge-Response spam filter works so well, why are you munging
your address, when posting to Usenet?

2) If spammers avoid forging real E-mail addresses on spam, then where do
all these bounces everyone reports getting (for spam with their return
address was forged onto) come from?

3) If your Challenge-Response filter is so great, why do you still munge
when posting to Usenet?

4) Do you still believe that rsh is the best solution for remote access?
(http://tinyurl.com/5qqb6)

5) What is your evidence that everyone who disagrees with you, and thinks
that you're a moron, is a spammer?

6) How many different individuals do you believe really post to
comp.mail.misc? What is the evidence for your paranoid belief that everyone,
except you, who posts here is some unknown arch-nemesis of yours?

7) How many times, or how often, do you believe is necessary to announce
that you do not read someone's posts? What is your reason for making these
regularly-scheduled proclamations? Who do you believe is so interested in
keeping track of your Usenet-reading habits?

8) When was the last time you saw Bigfoot (http://tinyurl.com/23r3f)?

9) If your C-R system employs a spam filter so that it won't challenge spam,
then why does any of the mail that passes the filter, and is thusly presumed
not to be spam, need to be challenged?

10) You claim that the software you use to read Usenet magically identifies
any post that makes fun of you. In http://tinyurl.com/3swes you explain
that "What I get in my newsreader is a mock post with fake headers and no
body, except for the first parts of the Subject and From headers."

Since your headers indicate that you use slrn and, as far as anyone knows,
the stock slrn doesn't work that way, is this interesting patch to slrn
available for download anywhere?

11) You regularly post alleged logs of your procmail recipe autodeleting a
bunch of irrelevant mail that you've received. Why, and who exactly do you
believe is interested in your mail logs?

12) How exactly do you "enforce" an "order" to stay out of your mailbox,
supposedly (http://tinyurl.com/cs8jt)? Since you issue this "order" about
every week, or so, apparently nobody wants to follow it. What are you going
to do about it?

13) What's with your fascination with shit? (also http://tinyurl.com/cs8jt)?

14) You complain about some arch-nemesis of yours always posting forged
messages in your name. Can you come up with even a single URL, as an example
of what you're talking about?

15) You always complain about some mythical spammers that pretend to be
spamfighters (http://tinyurl.com/br4td). Who exactly are those people, and
can you post a copy of a spam that you supposedly received from them, that
proves that they're really spammers, and not spamfighters?


--=_mimegpg-commodore.email-scan.com-21571-1145488446-0007
Content-Type: application/pgp-signature
Content-Transfer-Encoding: 7bit

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.2 (GNU/Linux)

iD8DBQBERsQ+x9p3GYHlUOIRAjS0AJsEvFXYe+nx5iXEy5sw3PZb3j9qgACe OSMl
8VoHV7xgAPWQ3F6cwtqJeuU=
=QbFg
-----END PGP SIGNATURE-----

--=_mimegpg-commodore.email-scan.com-21571-1145488446-0007--

Re: FAQ: Canonical list of questions Beavis refuses to answer (V1.50) (was Re: Pointer: Foil

am 20.04.2006 02:52:32 von Alan Connor

On comp.mail.misc, in , "Sam" wrote:

http://slrn.sourceforge.net/docs/README.offline>

So "Sam" expects a cartoon character to answer his questions.

Doesn't surprise me a bit.

[Note: I don't read the articles of "Sam" or his numerous
sockpuppets or his 'friends', nor any responses to them, and
haven't for years. He follows me all over the Usenet, and I
still don't read his articles. This _really_ pisses him off.
.]

Alan

--
http://home.earthlink.net/~alanconnor/contact.html
Other URLs of possible interest in my headers.