|
|
| Author |
Message |
| 25 new of 251 responses total. |
jlamb
|
|
response 43 of 251:
| 
Jan 3 02:55 UTC 2003 |
resp:42 you should start an item on procmail, i would like to know how
to block spam from many different places i get them from
|
jmsaul
|
|
response 44 of 251:
|
Jan 3 03:05 UTC 2003 |
Re #42: No, because I haven't taken the time to learn it myself.
|
naftee
|
|
response 45 of 251:
|
Jan 3 03:09 UTC 2003 |
!man 5 procmailrc
|
remmers
|
|
response 46 of 251:
|
Jan 3 11:55 UTC 2003 |
I've been using procmail for a while, so I'll make a stab at a procmail
quickstart. Your .forward file should have one line, that looks like this:
"|IFS=' '&&exec /usr/local/bin/procmail -f-||exit 75 #USER"
where in place of USER you put your own login id. The .foward file must
be publicly readable. Then every time a mail message is received,
procmail will be run and consult your .procmailrc file to decide what
to do with the message.
The first line of .procmailrc should be this:
MAIL=PATH-TO-YOUR-INBOX
where in place of PATH-TO-YOUR-INBOX you put the full path of your mail
inbox. For keesan, this would be /var/spool/mail/k/e/keesan .
Subsequent lines of .procmailrc are filter rules. Lines that begin with
a # are comments. A filter rule that will will send all messages from
azhar.rajput@sympatico.ca to /dev/null would be this:
# Toss all mail from azhar.rajput
:0:
* ^From:.*azhar\.rajput@sympatico\.ca
/dev/null
The characters '.' and '*' are wildcards that match any single character
and any run of 0 or more characters, respectively. The purpose of the
the '.*' in the above rule is to skip over blanks between the From: header
and the email address. The purpose of the '\' preceding the periods in
the email address is to cause the periods to be interpreted literally
rather than as wildcard characters. The '^' character means "beginning
of line".
You can filter on "From:", "To:", "Subject:", or any other header, as well
as body content. For example, this rule tosses all mail with the phrase
"free sex site" in the subject line:
:0:
* ^Subject:.*free *sex *site
/dev/null
Here, the ' *' sequences match any number of blanks between the words, so
that this rule will catch the phrase even if the words are separated by
multiple spaces. Procmail does case-independent pattern matching, so the
rule will also filter "FREE SEX SITE", "Free Sex Site", etc.
The above examples are pretty simple. Procmail rules can be quite elaborate;
see "man procmailrc" and "man procmailex" for complete discussion and more
examples.
I actually don't use procmail rules to filter spam -- the spamassassin
program (not installed on Grex) is much more effective for this purpose.
My main use of procmail is to pre-sort mailing list messages into separate
folders.
|
krj
|
|
response 47 of 251:
|
Jan 3 13:57 UTC 2003 |
(That should probably be a separate item so it's easier to find it.
Thanks John!)
|
tsty
|
|
response 48 of 251:
|
Jan 3 15:34 UTC 2003 |
what are teh various pros/cons between procmail and mh. or does mh
also use procmail for a filter?
|
gelinas
|
|
response 49 of 251:
|
Jan 3 16:06 UTC 2003 |
Rather than responding further, let's start a new item for mail-processing.
If one hasn't been started by the time I finish reading currently new
responses, I'll start one.
|
remmers
|
|
response 50 of 251:
|
Jan 3 16:07 UTC 2003 |
Mh is just a mail reading/composing application. If it has any
filtering capabilities, they aren't very extensive. It's possible
to use procmail in conjuction with mh, or any other mail program
for that matter.
I'll copy my procmail quickstart to its own item.
|
remmers
|
|
response 51 of 251:
|
Jan 3 16:12 UTC 2003 |
Joe's $49 slipped in. I've already posted a mail processing item
and copied my procmail response over to it.
|
tonster
|
|
response 52 of 251:
|
Jan 3 21:51 UTC 2003 |
damn joe, why'd you throw $49 into an item ?
|
gelinas
|
|
response 53 of 251:
|
Jan 3 22:41 UTC 2003 |
'cause it was all I had on me at the time.
|
gull
|
|
response 54 of 251:
|
Jan 4 00:29 UTC 2003 |
Grex's network connection seems really laggy right now. I gave up and
dialed in because I kept getting 3 to 5 minute pauses.
|
aruba
|
|
response 55 of 251:
|
Jan 4 06:28 UTC 2003 |
Still really slow now.
|
gelinas
|
|
response 56 of 251:
|
Jan 4 06:40 UTC 2003 |
traceroute indicates a network problem; uptime says load is fine.
|
jor
|
|
response 57 of 251:
|
Jan 4 09:05 UTC 2003 |
peppy now
|
russ
|
|
response 58 of 251:
|
Jan 9 01:13 UTC 2003 |
Everything going over the Internet is extremely slow tonight.
|
drew
|
|
response 59 of 251:
|
Jan 10 18:20 UTC 2003 |
I am getting spam bounces, a coulple of samples of which I've saved in
/a/d/r/drew/spambounce. Apparantly someone is putting my login in the
"Return mail to:" line of their spam.
|
glenda
|
|
response 60 of 251:
|
Jan 10 18:36 UTC 2003 |
I am getting a bunch of them as well. Mine are all home mortage and
refinancing type spams being bounced. Steve says it sounds like someone has
Klez and it picked my address out of their address book to attach to the from.
|
mdw
|
|
response 61 of 251:
|
Jan 10 18:42 UTC 2003 |
Damn. *Please* save them all. If you get a bunch, please send mail to
"abuse@cyberspace.org". I know of 8 other IDs with the same problem.
In 6 of the 8 cases, the users ended up abandoning the accounts which
had then gotten reaped. In the other 2, the mailbox had filled up. In
some some of those cases, I saw bounces as often as once every 10
seconds. (I'm not looking forward to this. Yuck.)
I've already suggested to the board that we may need to consider pursing
legal or other action against this - this isn't just ordinary spam, this
is spam that could easily wipe our network connection out without
blinking, and without the real spammers even noticing or caring. I mean
to enter an item in coop talking about this (& perhaps one in garage to
deal with the inevitable "why can't we solve this technically" (which we
can't because we don't get involved until the bounce at which point
there's no way for us to duck the network/CPU hit.)) I haven't had time
to do this yet - got involved in dealing with another unrelated problem.
|
other
|
|
response 62 of 251:
|
Jan 10 19:04 UTC 2003 |
I have contacted the state AG about filing a complaint against the
perpetrators of the more extreme of these cases for Denial of Service
attacks.
I will post the relevant information in the item Marcus enters.
|
albaugh
|
|
response 63 of 251:
|
Jan 11 00:06 UTC 2003 |
Sorry for the drift, but can someone explain to me what seems to be the idiocy
of using someone else's From: address on SPAM? For the minute percentage of
recipients that might actually be interested in finding out more about
whatever product / service is being hawked in the SPAM, how are they supposed
to get that info with a bogus From: address?
|
gelinas
|
|
response 64 of 251:
|
Jan 11 00:16 UTC 2003 |
Spammers don't want a *reply* to their messages, they want to you to *buy*
something, which is available elsewhere. Further, they especially don't
want to deal with rejection notices and complaints. So directing that kind
of stuff to the great bit bucket in the sky, or to someone else's mailbox
(which, to the spammer, is the same thing) makes perfect sense.
|
albaugh
|
|
response 65 of 251:
|
Jan 11 00:25 UTC 2003 |
Then why don't they just select a bogus address? Why "pick on" an actual
someone, or is being a *total* asshole a perk of spamming?
|
russ
|
|
response 66 of 251:
|
Jan 11 00:30 UTC 2003 |
Faking the originating address so that "bounces" go to the
intended spam recipient is another nasty (but old) spammer trick.
|
gelinas
|
|
response 67 of 251:
|
Jan 11 00:57 UTC 2003 |
It's getting to the point that there are *no* bogus addresses.
|
