SendMail / Spamassassin / Procmail just not catching spam
am 18.01.2008 19:11:18 von Jim G
There are 2 types of messages that regardless of what I do, spamassassin and
or procmail is just not stopping the crap from getting through. (running
sendmail 8.14.1 on fedora core 6)
The email message:
Fri, 18 Jan 2008 06:35:05 +0200 SALE 71% OFF on Pfizer
or
Fri, 18 Jan 2008 06:35:05 +0200 SALE 78% OFF on Pfizer
or
Fri, 18 Jan 2008 06:35:05 +0200 SALE 79% OFF on Pfizer
It comes from admin@viagra.com or admin@Viagra.com which is a bogus email as
you know. Each email that comes in the header "from" shows a different
address (which is typical of spammers). I have used procmail to try to catch
the word pfizer or Pfizer. I have a reject rule setup in sendmail to reject
any email from admin@viagra.com or admin@Viagra.com (which is probably
useless) I also have subject line blocks setup in my sendmail.mc that look
at 2 files in my /etc/mail folder called subjects_full and subjects_part.
The subject_part file will block (or is suppose to block) any email
containing this word in the subject. The subjects_full file will block any
email matching the the whole subject. A restart of sendmail is not
necessary, just add the keywords on a separate line to the subjects_* file
that you want and your good to go.
Here is the entry that I have in my sendmail.mc for blocking subjects.
LOCAL_RULESETS
############################################################ ##########
###
### Email Virus and Anti-SPAM stuff...
###
### Add exact-match subject lines to /etc/mail/subjects_full
### Add substrings to match in subject lines to /etc/mail/subjects_part
### In both files, all spaces MUST be replaced with periods (.)
###
### Create two files called /etc/mail/subjects_full and
### /etc/mail/subjects_part. The former has complete
### unwanted 'subject' lines, while the latter has only
### substrings within 'subject' lines.
###
### As an example, suppose you want to filter out 'viagra'
### spam. The following entry in your subjects_part
### file would do it:
### viagra
###
### In the case of multi-word entries, all spaces MUST be
### replaced with periods. For example:
### herbal.viagra
### massive.weight.loss.guaranteed
### These filters are not case-sensitive.
###
############################################################ ##########
F{FullSubjects} -o /etc/mail/subjects_full
F{PartSubjects} -o /etc/mail/subjects_part
HSubject: $>CheckSubject
SCheckSubject
R$={FullSubjects}$* $: REJECTSUBJECT
R$* $={PartSubjects} $* $: REJECTSUBJECT
R$* REJECTSUBJECT $* $#error $: "553 Access Denied - MSG may contain
SPAM/WORM/VIRUS/HOAX."
Anyone have another idea to stop this crap?
Thanks
Jim
Re: SendMail / Spamassassin / Procmail just not catching spam
am 20.01.2008 19:34:05 von seaPea
Jim G wrote:
> There are 2 types of messages that regardless of what I do, spamassassin and
> or procmail is just not stopping the crap from getting through. (running
> sendmail 8.14.1 on fedora core 6)
>
> The email message:
>
> Fri, 18 Jan 2008 06:35:05 +0200 SALE 71% OFF on Pfizer
>
> or
>
> Fri, 18 Jan 2008 06:35:05 +0200 SALE 78% OFF on Pfizer
>
> or
>
>
> Fri, 18 Jan 2008 06:35:05 +0200 SALE 79% OFF on Pfizer
>
> It comes from admin@viagra.com or admin@Viagra.com which is a bogus email as
> you know. Each email that comes in the header "from" shows a different
> address (which is typical of spammers). I have used procmail to try to catch
> the word pfizer or Pfizer. I have a reject rule setup in sendmail to reject
> any email from admin@viagra.com or admin@Viagra.com (which is probably
> useless) I also have subject line blocks setup in my sendmail.mc that look
> at 2 files in my /etc/mail folder called subjects_full and subjects_part.
> The subject_part file will block (or is suppose to block) any email
> containing this word in the subject. The subjects_full file will block any
> email matching the the whole subject. A restart of sendmail is not
> necessary, just add the keywords on a separate line to the subjects_* file
> that you want and your good to go.
>
> Here is the entry that I have in my sendmail.mc for blocking subjects.
>
> LOCAL_RULESETS
> ############################################################ ##########
> ###
> ### Email Virus and Anti-SPAM stuff...
> ###
> ### Add exact-match subject lines to /etc/mail/subjects_full
> ### Add substrings to match in subject lines to /etc/mail/subjects_part
> ### In both files, all spaces MUST be replaced with periods (.)
> ###
> ### Create two files called /etc/mail/subjects_full and
> ### /etc/mail/subjects_part. The former has complete
> ### unwanted 'subject' lines, while the latter has only
> ### substrings within 'subject' lines.
> ###
> ### As an example, suppose you want to filter out 'viagra'
> ### spam. The following entry in your subjects_part
> ### file would do it:
> ### viagra
> ###
> ### In the case of multi-word entries, all spaces MUST be
> ### replaced with periods. For example:
> ### herbal.viagra
> ### massive.weight.loss.guaranteed
> ### These filters are not case-sensitive.
> ###
> ############################################################ ##########
> F{FullSubjects} -o /etc/mail/subjects_full
> F{PartSubjects} -o /etc/mail/subjects_part
> HSubject: $>CheckSubject
> SCheckSubject
> R$={FullSubjects}$* $: REJECTSUBJECT
> R$* $={PartSubjects} $* $: REJECTSUBJECT
> R$* REJECTSUBJECT $* $#error $: "553 Access Denied - MSG may contain
> SPAM/WORM/VIRUS/HOAX."
>
> Anyone have another idea to stop this crap?
>
> Thanks
> Jim
Are you positive that the word "Viagra" is actually being used and not
some misspelling or camouflage like "\/iagra" ?
You might want to use bogofilter and/or milter-greylist as an
additional filter.