Re: Spam mail question
On Mon, Jun 03, 2002 at 02:34:01PM +, Paulo Henrique Baptista de Oliveira wrote: | | Hi all, | How to reject mail with from like this: "<>" at a Debian GNU/Linux | box and Exim? What you mean by "from"? There are two meanings of it 1) the envelope This is specified in the MAIL FROM: command during the SMTP session 2) the message itself This is specified by the From: header inside the message Email, just like snail mail, has envelopes that can (and many times (legitimately) do) differ from the letter inside the envelope. If the envelope is <>, then either rejecting or blackholing the message will get you in dsn.rfc-ignorant.org. There are a few MS worms/virii that abuse the RFCs by setting the envelope sender to <>, and those can be identified by other characteristics and blackholed separately. If you're aware of such messages, try discussing it on the spamassassin lists so that it can be properly identified and trashed. If the message itself has "From: <>" that's a different story, and shouldn't occur. Again, though, see if a discussion on sa-talk can't yield some rules for tagging (and trashing) the junk. One feature of exim that I really like is (version 3.x config) : headers_check_syntax = true If a message has syntactically incorrect headers it will be rejected. For example (from my rejectlog) : 2002-06-05 11:36:26 17Fdlp-0007lt-00 H=pony-express.cs.rit.edu [129.21.30.24] F=<[EMAIL PROTECTED]> rejected after DATA: "@" or "." expected after "Not": failing address in "To" header is: Obviously a spam message (routed through my school address). -D -- Windows, hmmm, does it come with a GUI interface that works or just pretty blue screens? GnuPG key : http://dman.ddts.net/~dman/public_key.gpg pgp7cT4Ax5dua.pgp Description: PGP signature
Re: Spam mail question - yuppers
Em Tue, 4 Jun 2002 11:10:39 -0700 Vineet Kumar <[EMAIL PROTECTED]>, conhecido dependente de drogas (Coke e BigMac's), wrote: > * prover ([EMAIL PROTECTED]) [020604 10:56]: > > I'M NOT MEMER OF YOUR MAILING LISTS. > > (...ad nauseum) > [some snipping done] > > Surely, I can change the scores on my own, but I would have expected > that adding someone to the blacklist would, well, blacklist them. It > should be something strong enough to overpower the other checks. > Anybody else have an opinion on that? Should I file a wish? I am using sylpheed and filtering the sender. While it is not desirable to return the e-mail (can be considered a 'not kind action' by their's ISP), it is being directly trashed. In a speedy link it's ok, but if someone is in a dialup line... :-( -- saudações, irado furioso com tudo Linux User 179402 mais crimes são cometidos em nome das religiões do que em nome do ateísmo. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Spam mail question - yuppers
* Vineet Kumar ([EMAIL PROTECTED]) [020604 12:53]: > In the same vein, a question: What's the easiest way to remove this > joker from my AWL? Nevermind. I had spamassassin(1p) open in another xterm as I was writing this email; I should have finished reading it first! -R Remove all email addresses, in the headers and body of the mail message read from STDIN, from the automatic whitelist. > good times, > Vineet -- Currently seeking opportunities in the SF Bay Area Please see http://www.doorstop.net/resume.shtml pgpq5b4xGQzP7.pgp Description: PGP signature
Re: Spam mail question - yuppers
* prover ([EMAIL PROTECTED]) [020604 10:56]: > I'M NOT MEMER OF YOUR MAILING LISTS. (...ad nauseum) I gotta say, I'm disappointed in spamassassin's default config in this case. I blacklisted the moron and the mails keep coming through. It seems he's managed his way into my auto-whitelist, and even blacklist isn't enough to mark it spam? Surely, I can change the scores on my own, but I would have expected that adding someone to the blacklist would, well, blacklist them. It should be something strong enough to overpower the other checks. Anybody else have an opinion on that? Should I file a wish? In the same vein, a question: What's the easiest way to remove this joker from my AWL? good times, Vineet P.S. I've replied to "prover" in the manner of Wade Richards' reply to Layne, back in the day. Hopefully that'll have gotten rid of him (though probably not; he's already demonstrated his inability to read this: > To UNSUBSCRIBE, email to [EMAIL PROTECTED] > with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED] ...so I don't know why I expect he might be able to read and reply to the unsubscription ping from the membership bot.) -- Currently seeking opportunities in the SF Bay Area Please see http://www.doorstop.net/resume.shtml pgpkz062JXEbr.pgp Description: PGP signature
Re: mail filtering / qmail - tangent to "spam mail question"
I'M NOT MEMER OF YOUR MAILING LISTS. MY MAIL IS : [EMAIL PROTECTED]
([EMAIL PROTECTED] IS ONLY FORWARD FROM [EMAIL PROTECTED]).
WHY THIS MAILS COME TO ME?
EVERY DAY COME TO ME 200 MAILS FROM YOUR MAILING LISTS.
CAN YOU DO SOMETHING WITH IT?
THANK YOU.
- Original Message -
From: "Paul Miller" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>;
Sent: Tuesday, June 04, 2002 6:46 AM
Subject: Re: mail filtering / qmail - tangent to "spam mail question"
> Cool! I got it to work! Thanks!!!
> -Paul
>
> # cat .qmail
> |maildrop .mailfilter Maildir/
>
> # cat .qmail-ext
> |maildrop .mailfilter mail/$EXT
>
> # cat .mailfilter
> if ( /^X-Spam-Status: Yes/ )
> {
> to $HOME/mail/SPAM/
> }
> else
> {
> to $HOME/$1
> }
>
>
> On Tue, 4 Jun 2002 00:20:08 -0400
> "Paul Miller" <[EMAIL PROTECTED]> wrote:
>
> > Do you know if maildrop can use qmail's variables? I'd like to avoid
> > separate filter files for every .qmail-ext I have.
> >
> > Thanks!
> > -Paul
> >
> > On Mon, 3 Jun 2002 22:18:46 -0500
> > "Jamin W. Collins" <[EMAIL PROTECTED]> wrote:
> >
> > > On Mon, 3 Jun 2002 23:00:42 -0400
> > > "Paul Miller" <[EMAIL PROTECTED]> wrote:
> > >
> > > > I'm using qmail/rblsmtpd, qmailscanner, and spamassassin. All my
> > > > incoming mail are marked with "X-Spam-Status:" and I'd like to
> > > > have mail with spam status of "Yes" put into a separate maildir.
> > > > I'm using qmail maildirs, and I'd like to continue using maildirs.
> > > > How
> > > > can I filter my mail using dot-qmail files?
> > >
> > > I do this with maildrop and a ~/.mailfilter file like so:
> > >
> > > xfilter "spamassassin -P"
> > >
> > > if ( /^X-Spam-Flag: YES/ )
> > > {
> > >to $DEFAULT/.Spam/
> > > }
> > >
> > > and the following in your ~/.qmail file:
> > >
> > > | /usr/bin/maildrop
> > >
> > > --
> > > Jamin W. Collins
> > >
> > >
> > > --
> > > To UNSUBSCRIBE, email to [EMAIL PROTECTED]
> > > with a subject of "unsubscribe". Trouble? Contact
> > > [EMAIL PROTECTED]
> > >
> >
> >
> > --
> > To UNSUBSCRIBE, email to [EMAIL PROTECTED]
> > with a subject of "unsubscribe". Trouble? Contact
> > [EMAIL PROTECTED]
> >
>
>
> --
> To UNSUBSCRIBE, email to [EMAIL PROTECTED]
> with a subject of "unsubscribe". Trouble? Contact
[EMAIL PROTECTED]
>
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: mail filtering / qmail - tangent to "spam mail question"
I'M NOT MEMER OF YOUR MAILING LISTS. MY MAIL IS : [EMAIL PROTECTED]
([EMAIL PROTECTED] IS ONLY FORWARD FROM [EMAIL PROTECTED]).
WHY THIS MAILS COME TO ME?
EVERY DAY COME TO ME 200 MAILS FROM YOUR MAILING LISTS.
CAN YOU DO SOMETHING WITH IT?
THANK YOU.
- Original Message -
From: "Paul Miller" <[EMAIL PROTECTED]>
To: "Jamin W. Collins" <[EMAIL PROTECTED]>
Cc:
Sent: Tuesday, June 04, 2002 6:20 AM
Subject: Re: mail filtering / qmail - tangent to "spam mail question"
> Do you know if maildrop can use qmail's variables? I'd like to avoid
> separate filter files for every .qmail-ext I have.
>
> Thanks!
> -Paul
>
> On Mon, 3 Jun 2002 22:18:46 -0500
> "Jamin W. Collins" <[EMAIL PROTECTED]> wrote:
>
> > On Mon, 3 Jun 2002 23:00:42 -0400
> > "Paul Miller" <[EMAIL PROTECTED]> wrote:
> >
> > > I'm using qmail/rblsmtpd, qmailscanner, and spamassassin. All my
> > > incoming mail are marked with "X-Spam-Status:" and I'd like to have
> > > mail with spam status of "Yes" put into a separate maildir. I'm
> > > using qmail maildirs, and I'd like to continue using maildirs. How
> > > can I filter my mail using dot-qmail files?
> >
> > I do this with maildrop and a ~/.mailfilter file like so:
> >
> > xfilter "spamassassin -P"
> >
> > if ( /^X-Spam-Flag: YES/ )
> > {
> >to $DEFAULT/.Spam/
> > }
> >
> > and the following in your ~/.qmail file:
> >
> > | /usr/bin/maildrop
> >
> > --
> > Jamin W. Collins
> >
> >
> > --
> > To UNSUBSCRIBE, email to [EMAIL PROTECTED]
> > with a subject of "unsubscribe". Trouble? Contact
> > [EMAIL PROTECTED]
> >
>
>
> --
> To UNSUBSCRIBE, email to [EMAIL PROTECTED]
> with a subject of "unsubscribe". Trouble? Contact
[EMAIL PROTECTED]
>
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Spam mail question - yuppers
I'M NOT MEMER OF YOUR MAILING LISTS. WHY THIS MAILS COME TO ME? EVERY DAY COME TO ME 200 MAILS FROM YOUR MAILING LISTS. CAN YOU DO SOMETHING WITH IT? THANK YOU. - Original Message - From: "Jens Gecius" <[EMAIL PROTECTED]> To: "Noah Meyerhans" <[EMAIL PROTECTED]> Cc: "Alvin Oga" <[EMAIL PROTECTED]>; Sent: Tuesday, June 04, 2002 4:33 AM Subject: Re: Spam mail question - yuppers > Noah Meyerhans <[EMAIL PROTECTED]> writes: > > > On Mon, Jun 03, 2002 at 06:25:40PM -0700, Alvin Oga wrote: > >> and the From <> is a nuisance from some spammers is a > >> good thing to reject ( ie ... <> and "is spammer" ) > >> - havent figured it out yet .. > > > > My point was that if you configure your mail server to reject mail > > From <> then you are in violation of several RFCs and are likely to be > > placed on the DSN blacklist at rfc-ignorant.org. Please don't do it. > > > > Now, if you're not the postmaster at your domain, and are only blocking > > it for your own personal mail (e.g. via ~/.procmailrc), then go ahead. > > But realize that if you do then you'll be filtering out legitimate > > messages from MAILER-DAEMON in addition to whatever spam you filter. > > If you're the postmaster at your domain, use postfix and setup some > decent header/body filters to reject the mail with an appropriate > smtp-response to the sending host. Postfix is also able to pass such > <> bounces (just tested it locally). Furthermore, you're able to > filter hosts which do not have a valid hostname in their HELO/EHLO > command, which is often not setup correctly by spammers. > > This is IMHO the only way to let the spammers know that they are > unwanted. Although, if I look at my logs, some of them are just > ridiculously persistent... > > Oh, and every once in a while I get caught by the debian-list. > > I wrote to the listmaster twice or more already, never got an answer. > If I had too many bounces, I got kicked off the list. > > I could understand this, if the number of rejects is high enough. But, > because the listserver is doing only one delivery attempt, I feel, the > number (which I haven't figured out, yet...) is currently too low. > > In one case I was kicked off the list, even though there was no recent > bounce in my logs, just accepted mails. :-( This, I didn't understand. > > One more nuisance: if spam hits debian-user and I get trapped by that > listserver-soft, I get kicked off any debian-* list! > > If I would get kicked off the list I bounced, ok, understandable, but > _all_ lists?? > > Anybody else around here to answer those questions? > > -- > Tschoe,http://gecius.de/gpg-key.txt - Fingerprint: > Jens 1AAB 67A2 1068 77CA 6B0A 41A4 18D4 A89B 28D0 F097 > > > -- > To UNSUBSCRIBE, email to [EMAIL PROTECTED] > with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED] > -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Spam mail question - yuppers
I'M NOT MEMER OF YOUR MAILING LISTS. WHY THIS MAILS COME TO ME? EVERY DAY COME TO ME 200 MAILS FROM YOUR MAILING LISTS. CAN YOU DO SOMETHING WITH IT? THANK YOU. - Original Message - From: "Alvin Oga" <[EMAIL PROTECTED]> To: "Noah Meyerhans" <[EMAIL PROTECTED]> Cc: Sent: Tuesday, June 04, 2002 5:45 AM Subject: Re: Spam mail question - yuppers > > hi ya noah > > yes.. thanx for the warnings ... > > > have fun > alvin > > On Mon, 3 Jun 2002, Noah Meyerhans wrote: > > > On Mon, Jun 03, 2002 at 06:25:40PM -0700, Alvin Oga wrote: > > > and the From <> is a nuisance from some spammers is a > > > good thing to reject ( ie ... <> and "is spammer" ) > > > - havent figured it out yet .. > > > > My point was that if you configure your mail server to reject mail > > From <> then you are in violation of several RFCs and are likely to be > > placed on the DSN blacklist at rfc-ignorant.org. Please don't do it. > > > > Now, if you're not the postmaster at your domain, and are only blocking > > it for your own personal mail (e.g. via ~/.procmailrc), then go ahead. > > But realize that if you do then you'll be filtering out legitimate > > messages from MAILER-DAEMON in addition to whatever spam you filter. > > > > noah > > > > -- > > ___ > > | Web: http://web.morgul.net/~frodo/ > > | PGP Public Key: http://web.morgul.net/~frodo/mail.html > > > > > -- > To UNSUBSCRIBE, email to [EMAIL PROTECTED] > with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED] > -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: mail filtering / qmail - tangent to "spam mail question"
I'M NOT MEMER OF YOUR MAILING LISTS.
WHY THIS MAILS COME TO ME?
EVERY DAY COME TO ME 200 MAILS FROM YOUR MAILING LISTS.
CAN YOU DO SOMETHING WITH IT?
THANK YOU.
- Original Message -
From: "Jamin W.Collins" <[EMAIL PROTECTED]>
To:
Sent: Tuesday, June 04, 2002 5:18 AM
Subject: Re: mail filtering / qmail - tangent to "spam mail question"
> On Mon, 3 Jun 2002 23:00:42 -0400
> "Paul Miller" <[EMAIL PROTECTED]> wrote:
>
> > I'm using qmail/rblsmtpd, qmailscanner, and spamassassin. All my
> > incoming mail are marked with "X-Spam-Status:" and I'd like to have mail
> > with spam status of "Yes" put into a separate maildir. I'm using qmail
> > maildirs, and I'd like to continue using maildirs. How can I filter my
> > mail using dot-qmail files?
>
> I do this with maildrop and a ~/.mailfilter file like so:
>
> xfilter "spamassassin -P"
>
> if ( /^X-Spam-Flag: YES/ )
> {
>to $DEFAULT/.Spam/
> }
>
> and the following in your ~/.qmail file:
>
> | /usr/bin/maildrop
>
> --
> Jamin W. Collins
>
>
> --
> To UNSUBSCRIBE, email to [EMAIL PROTECTED]
> with a subject of "unsubscribe". Trouble? Contact
[EMAIL PROTECTED]
>
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: mail filtering / qmail - tangent to "spam mail question"
I'M NOT MEMER OF YOUR MAILING LISTS. WHY THIS MAILS COME TO ME? EVERY DAY COME TO ME 200 MAILS FROM YOUR MAILING LISTS. CAN YOU DO SOMETHING WITH IT? THANK YOU. - Original Message - From: "Paul Miller" <[EMAIL PROTECTED]> To: "debian" Sent: Tuesday, June 04, 2002 5:00 AM Subject: mail filtering / qmail - tangent to "spam mail question" > > Hey all, > I'm using qmail/rblsmtpd, qmailscanner, and spamassassin. All my incoming mail are marked with "X-Spam-Status:" and I'd like to have mail with spam status of "Yes" put into a separate maildir. I'm using qmail maildirs, and I'd like to continue using maildirs. How can I filter my mail using dot-qmail files? > > I know I need to use |command... > > Thanks! > -Paul > > > -- > To UNSUBSCRIBE, email to [EMAIL PROTECTED] > with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED] > -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Spam mail question - yuppers
I'M NOT MEMER OF YOUR MAILING LISTS. WHY THIS MAILS COME TO ME? EVERY DAY COME TO ME 200 MAILS FROM YOUR MAILING LISTS. CAN YOU DO SOMETHING WITH IT? THANK YOU. - Original Message - From: "Noah Meyerhans" <[EMAIL PROTECTED]> To: "Alvin Oga" <[EMAIL PROTECTED]> Cc: Sent: Tuesday, June 04, 2002 4:02 AM Subject: Re: Spam mail question - yuppers -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Spam mail question - yuppers
I'M NOT MEMER OF YOUR MAILING LISTS. WHY THIS MAILS COME TO ME? EVERY DAY COME TO ME 200 MAILS FROM YOUR MAILING LISTS. CAN YOU DO SOMETHING WITH IT? THANK YOU. - Original Message - From: "Alvin Oga" <[EMAIL PROTECTED]> To: "Noah Meyerhans" <[EMAIL PROTECTED]> Cc: "Paulo Henrique Baptista de Oliveira" <[EMAIL PROTECTED]>; Sent: Tuesday, June 04, 2002 3:25 AM Subject: Re: Spam mail question - yuppers > > hi ya noah > > yes... it's possible to get dumped into the bl.. > ( havent yet ... since i haven't implmented spamfilters > ( on some servers > > - and did get blacklisted by accident... when going to > open relay test sites to test one of my servers...fixed > the open relay.. resubmitted and was out of there just > as quickly... > - online open relay tests > http://www.paladincorp.com.au/unix/spam/spamlart/ > http://www.Linux-Sec.net/Mail/openrelay.gwif.html > > - am experimenting though .. :-) > and the From <> is a nuisance from some spammers is a > good thing to reject ( ie ... <> and "is spammer" ) > - havent figured it out yet .. > > -- and in my silly preferences.. i do NOT even want the /dev/null to >show up ( cluttering ) anywhere in my mail logs > - which it currently does for some users that's been nulled > > -- and another dumb preference... i dont want the spam email to even >arrive to be be put into folders ... defeats the purpose to have to go >look at it ... usually being a 1MB base64 attachments or html'ized >jibberish w/ lots-o-attachments ... > - am currently rejecting most all of the html jibberish > > ( i think the senders "dead.letter" box is getting bigger > ( which is what i like to (indirectly) see ... :-) > > -- i dont have procmail or any (additional mda ) filters yet.. > - just a semi-baked but functional(?) sendmail w/ antispam turned > on w/ check_local ... > > http://www.Linux-Sec.net/Mail/sendmail.gwif.html#Macro > - has RBLs turned on and header checking > ( and is full of bugz :-) > > - lots of playing/learningannoying too fun thou... > > c ya > alvin > > > On Mon, 3 Jun 2002, Noah Meyerhans wrote: > > > On Mon, Jun 03, 2002 at 03:44:43PM -0700, Alvin Oga wrote: > > > > > > sometimes ... ( lots )... more often than not... > > > i get tons of "spams" from <> ... which i too would like to bounce/reject > > > > OK, but if you reject mail from <> you're likely to be blacklisted. I > > certainly won't accept mail from domains that reject bounces! I am > > definitely not alone in this. I think you'd be better off trying to > > find a blacklist that isn't too fascist. I have had luck with the > > rfc-ignorant.org blacklists and bl.spamcop.net. > > > > Also, by the time the message gets passed off to procmail, exim will > > already have replaced the <> with MAILER-DAEMON. If you want to > > procmail any mail from MAILER-DAEMON, go ahead, but if I were you, I'd > > just put it in its own folder rather than /dev/null. You are risking > > losing something useful if you filter such messages. > > > > > -- > To UNSUBSCRIBE, email to [EMAIL PROTECTED] > with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED] > -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Spam mail question
I'M NOT MEMER OF YOUR MAILING LISTS. WHY THIS MAILS COME TO ME? EVERY DAY COME TO ME 200 MAILS FROM YOUR MAILING LISTS. CAN YOU DO SOMETHING WITH IT? THANK YOU. - Original Message - From: "Paulo Henrique Baptista de Oliveira" <[EMAIL PROTECTED]> To: "Noah Meyerhans" <[EMAIL PROTECTED]>; "Alvin Oga" <[EMAIL PROTECTED]>; Cc: "Paulo Henrique Baptista" <[EMAIL PROTECTED]> Sent: Tuesday, June 04, 2002 1:42 AM Subject: Re: Spam mail question > Hi, > I will not reject. I will only send them to /dev/null. :)) > What procmail rule is it? > TIA, Paulo Henrique > Quoting Noah Meyerhans ([EMAIL PROTECTED]): > > On Mon, Jun 03, 2002 at 03:44:43PM -0700, Alvin Oga wrote: > > > > > > sometimes ... ( lots )... more often than not... > > > i get tons of "spams" from <> ... which i too would like to bounce/reject > > > > OK, but if you reject mail from <> you're likely to be blacklisted. I > > certainly won't accept mail from domains that reject bounces! I am > > definitely not alone in this. I think you'd be better off trying to > > find a blacklist that isn't too fascist. I have had luck with the > > rfc-ignorant.org blacklists and bl.spamcop.net. > > > > Also, by the time the message gets passed off to procmail, exim will > > already have replaced the <> with MAILER-DAEMON. If you want to > > procmail any mail from MAILER-DAEMON, go ahead, but if I were you, I'd > > just put it in its own folder rather than /dev/null. You are risking > > losing something useful if you filter such messages. > > > > noah > > > > -- > > ___ > > | Web: http://web.morgul.net/~frodo/ > > | PGP Public Key: http://web.morgul.net/~frodo/mail.html > > > > -- > To UNSUBSCRIBE, email to [EMAIL PROTECTED] > with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED] > > -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Spam mail question
I'M NOT MEMER OF YOUR MAILING LISTS. WHY THIS MAILS COME TO ME? EVERY DAY COME TO ME 200 MAILS FROM YOUR MAILING LISTS. CAN YOU DO SOMETHING WITH IT? THANK YOU. - Original Message - From: "Noah Meyerhans" <[EMAIL PROTECTED]> To: "Alvin Oga" <[EMAIL PROTECTED]> Cc: "Noah Meyerhans" <[EMAIL PROTECTED]>; "Paulo Henrique Baptista de Oliveira" <[EMAIL PROTECTED]>; Sent: Tuesday, June 04, 2002 1:02 AM Subject: Re: Spam mail question -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: mail filtering / qmail - tangent to "spam mail question"
Cool! I got it to work! Thanks!!!
-Paul
# cat .qmail
|maildrop .mailfilter Maildir/
# cat .qmail-ext
|maildrop .mailfilter mail/$EXT
# cat .mailfilter
if ( /^X-Spam-Status: Yes/ )
{
to $HOME/mail/SPAM/
}
else
{
to $HOME/$1
}
On Tue, 4 Jun 2002 00:20:08 -0400
"Paul Miller" <[EMAIL PROTECTED]> wrote:
> Do you know if maildrop can use qmail's variables? I'd like to avoid
> separate filter files for every .qmail-ext I have.
>
> Thanks!
> -Paul
>
> On Mon, 3 Jun 2002 22:18:46 -0500
> "Jamin W. Collins" <[EMAIL PROTECTED]> wrote:
>
> > On Mon, 3 Jun 2002 23:00:42 -0400
> > "Paul Miller" <[EMAIL PROTECTED]> wrote:
> >
> > > I'm using qmail/rblsmtpd, qmailscanner, and spamassassin. All my
> > > incoming mail are marked with "X-Spam-Status:" and I'd like to
> > > have mail with spam status of "Yes" put into a separate maildir.
> > > I'm using qmail maildirs, and I'd like to continue using maildirs.
> > > How
> > > can I filter my mail using dot-qmail files?
> >
> > I do this with maildrop and a ~/.mailfilter file like so:
> >
> > xfilter "spamassassin -P"
> >
> > if ( /^X-Spam-Flag: YES/ )
> > {
> >to $DEFAULT/.Spam/
> > }
> >
> > and the following in your ~/.qmail file:
> >
> > | /usr/bin/maildrop
> >
> > --
> > Jamin W. Collins
> >
> >
> > --
> > To UNSUBSCRIBE, email to [EMAIL PROTECTED]
> > with a subject of "unsubscribe". Trouble? Contact
> > [EMAIL PROTECTED]
> >
>
>
> --
> To UNSUBSCRIBE, email to [EMAIL PROTECTED]
> with a subject of "unsubscribe". Trouble? Contact
> [EMAIL PROTECTED]
>
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: mail filtering / qmail - tangent to "spam mail question"
Do you know if maildrop can use qmail's variables? I'd like to avoid
separate filter files for every .qmail-ext I have.
Thanks!
-Paul
On Mon, 3 Jun 2002 22:18:46 -0500
"Jamin W. Collins" <[EMAIL PROTECTED]> wrote:
> On Mon, 3 Jun 2002 23:00:42 -0400
> "Paul Miller" <[EMAIL PROTECTED]> wrote:
>
> > I'm using qmail/rblsmtpd, qmailscanner, and spamassassin. All my
> > incoming mail are marked with "X-Spam-Status:" and I'd like to have
> > mail with spam status of "Yes" put into a separate maildir. I'm
> > using qmail maildirs, and I'd like to continue using maildirs. How
> > can I filter my mail using dot-qmail files?
>
> I do this with maildrop and a ~/.mailfilter file like so:
>
> xfilter "spamassassin -P"
>
> if ( /^X-Spam-Flag: YES/ )
> {
>to $DEFAULT/.Spam/
> }
>
> and the following in your ~/.qmail file:
>
> | /usr/bin/maildrop
>
> --
> Jamin W. Collins
>
>
> --
> To UNSUBSCRIBE, email to [EMAIL PROTECTED]
> with a subject of "unsubscribe". Trouble? Contact
> [EMAIL PROTECTED]
>
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Spam mail question - yuppers
hi ya noah yes.. thanx for the warnings ... have fun alvin On Mon, 3 Jun 2002, Noah Meyerhans wrote: > On Mon, Jun 03, 2002 at 06:25:40PM -0700, Alvin Oga wrote: > > and the From <> is a nuisance from some spammers is a > > good thing to reject ( ie ... <> and "is spammer" ) > > - havent figured it out yet .. > > My point was that if you configure your mail server to reject mail > From <> then you are in violation of several RFCs and are likely to be > placed on the DSN blacklist at rfc-ignorant.org. Please don't do it. > > Now, if you're not the postmaster at your domain, and are only blocking > it for your own personal mail (e.g. via ~/.procmailrc), then go ahead. > But realize that if you do then you'll be filtering out legitimate > messages from MAILER-DAEMON in addition to whatever spam you filter. > > noah > > -- > ___ > | Web: http://web.morgul.net/~frodo/ > | PGP Public Key: http://web.morgul.net/~frodo/mail.html > -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: mail filtering / qmail - tangent to "spam mail question"
On Mon, 3 Jun 2002 23:00:42 -0400
"Paul Miller" <[EMAIL PROTECTED]> wrote:
> I'm using qmail/rblsmtpd, qmailscanner, and spamassassin. All my
> incoming mail are marked with "X-Spam-Status:" and I'd like to have mail
> with spam status of "Yes" put into a separate maildir. I'm using qmail
> maildirs, and I'd like to continue using maildirs. How can I filter my
> mail using dot-qmail files?
I do this with maildrop and a ~/.mailfilter file like so:
xfilter "spamassassin -P"
if ( /^X-Spam-Flag: YES/ )
{
to $DEFAULT/.Spam/
}
and the following in your ~/.qmail file:
| /usr/bin/maildrop
--
Jamin W. Collins
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
mail filtering / qmail - tangent to "spam mail question"
Hey all, I'm using qmail/rblsmtpd, qmailscanner, and spamassassin. All my incoming mail are marked with "X-Spam-Status:" and I'd like to have mail with spam status of "Yes" put into a separate maildir. I'm using qmail maildirs, and I'd like to continue using maildirs. How can I filter my mail using dot-qmail files? I know I need to use |command... Thanks! -Paul -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Spam mail question - yuppers
Noah Meyerhans <[EMAIL PROTECTED]> writes: > On Mon, Jun 03, 2002 at 06:25:40PM -0700, Alvin Oga wrote: >> and the From <> is a nuisance from some spammers is a >> good thing to reject ( ie ... <> and "is spammer" ) >> - havent figured it out yet .. > > My point was that if you configure your mail server to reject mail > From <> then you are in violation of several RFCs and are likely to be > placed on the DSN blacklist at rfc-ignorant.org. Please don't do it. > > Now, if you're not the postmaster at your domain, and are only blocking > it for your own personal mail (e.g. via ~/.procmailrc), then go ahead. > But realize that if you do then you'll be filtering out legitimate > messages from MAILER-DAEMON in addition to whatever spam you filter. If you're the postmaster at your domain, use postfix and setup some decent header/body filters to reject the mail with an appropriate smtp-response to the sending host. Postfix is also able to pass such <> bounces (just tested it locally). Furthermore, you're able to filter hosts which do not have a valid hostname in their HELO/EHLO command, which is often not setup correctly by spammers. This is IMHO the only way to let the spammers know that they are unwanted. Although, if I look at my logs, some of them are just ridiculously persistent... Oh, and every once in a while I get caught by the debian-list. I wrote to the listmaster twice or more already, never got an answer. If I had too many bounces, I got kicked off the list. I could understand this, if the number of rejects is high enough. But, because the listserver is doing only one delivery attempt, I feel, the number (which I haven't figured out, yet...) is currently too low. In one case I was kicked off the list, even though there was no recent bounce in my logs, just accepted mails. :-( This, I didn't understand. One more nuisance: if spam hits debian-user and I get trapped by that listserver-soft, I get kicked off any debian-* list! If I would get kicked off the list I bounced, ok, understandable, but _all_ lists?? Anybody else around here to answer those questions? -- Tschoe,http://gecius.de/gpg-key.txt - Fingerprint: Jens 1AAB 67A2 1068 77CA 6B0A 41A4 18D4 A89B 28D0 F097 -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Spam mail question - yuppers
On Mon, Jun 03, 2002 at 06:25:40PM -0700, Alvin Oga wrote: > and the From <> is a nuisance from some spammers is a > good thing to reject ( ie ... <> and "is spammer" ) > - havent figured it out yet .. My point was that if you configure your mail server to reject mail From <> then you are in violation of several RFCs and are likely to be placed on the DSN blacklist at rfc-ignorant.org. Please don't do it. Now, if you're not the postmaster at your domain, and are only blocking it for your own personal mail (e.g. via ~/.procmailrc), then go ahead. But realize that if you do then you'll be filtering out legitimate messages from MAILER-DAEMON in addition to whatever spam you filter. noah -- ___ | Web: http://web.morgul.net/~frodo/ | PGP Public Key: http://web.morgul.net/~frodo/mail.html pgpQDakatu1U0.pgp Description: PGP signature
Re: Spam mail question - yuppers
hi ya noah yes... it's possible to get dumped into the bl.. ( havent yet ... since i haven't implmented spamfilters ( on some servers - and did get blacklisted by accident... when going to open relay test sites to test one of my servers...fixed the open relay.. resubmitted and was out of there just as quickly... - online open relay tests http://www.paladincorp.com.au/unix/spam/spamlart/ http://www.Linux-Sec.net/Mail/openrelay.gwif.html - am experimenting though .. :-) and the From <> is a nuisance from some spammers is a good thing to reject ( ie ... <> and "is spammer" ) - havent figured it out yet .. -- and in my silly preferences.. i do NOT even want the /dev/null to show up ( cluttering ) anywhere in my mail logs - which it currently does for some users that's been nulled -- and another dumb preference... i dont want the spam email to even arrive to be be put into folders ... defeats the purpose to have to go look at it ... usually being a 1MB base64 attachments or html'ized jibberish w/ lots-o-attachments ... - am currently rejecting most all of the html jibberish ( i think the senders "dead.letter" box is getting bigger ( which is what i like to (indirectly) see ... :-) -- i dont have procmail or any (additional mda ) filters yet.. - just a semi-baked but functional(?) sendmail w/ antispam turned on w/ check_local ... http://www.Linux-Sec.net/Mail/sendmail.gwif.html#Macro - has RBLs turned on and header checking ( and is full of bugz :-) - lots of playing/learningannoying too fun thou... c ya alvin On Mon, 3 Jun 2002, Noah Meyerhans wrote: > On Mon, Jun 03, 2002 at 03:44:43PM -0700, Alvin Oga wrote: > > > > sometimes ... ( lots )... more often than not... > > i get tons of "spams" from <> ... which i too would like to bounce/reject > > OK, but if you reject mail from <> you're likely to be blacklisted. I > certainly won't accept mail from domains that reject bounces! I am > definitely not alone in this. I think you'd be better off trying to > find a blacklist that isn't too fascist. I have had luck with the > rfc-ignorant.org blacklists and bl.spamcop.net. > > Also, by the time the message gets passed off to procmail, exim will > already have replaced the <> with MAILER-DAEMON. If you want to > procmail any mail from MAILER-DAEMON, go ahead, but if I were you, I'd > just put it in its own folder rather than /dev/null. You are risking > losing something useful if you filter such messages. > -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Spam mail question
Hi, I will not reject. I will only send them to /dev/null. :)) What procmail rule is it? TIA,Paulo Henrique Quoting Noah Meyerhans ([EMAIL PROTECTED]): > On Mon, Jun 03, 2002 at 03:44:43PM -0700, Alvin Oga wrote: > > > > sometimes ... ( lots )... more often than not... > > i get tons of "spams" from <> ... which i too would like to bounce/reject > > OK, but if you reject mail from <> you're likely to be blacklisted. I > certainly won't accept mail from domains that reject bounces! I am > definitely not alone in this. I think you'd be better off trying to > find a blacklist that isn't too fascist. I have had luck with the > rfc-ignorant.org blacklists and bl.spamcop.net. > > Also, by the time the message gets passed off to procmail, exim will > already have replaced the <> with MAILER-DAEMON. If you want to > procmail any mail from MAILER-DAEMON, go ahead, but if I were you, I'd > just put it in its own folder rather than /dev/null. You are risking > losing something useful if you filter such messages. > > noah > > -- > ___ > | Web: http://web.morgul.net/~frodo/ > | PGP Public Key: http://web.morgul.net/~frodo/mail.html -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Spam mail question
On Mon, Jun 03, 2002 at 03:44:43PM -0700, Alvin Oga wrote: > > sometimes ... ( lots )... more often than not... > i get tons of "spams" from <> ... which i too would like to bounce/reject OK, but if you reject mail from <> you're likely to be blacklisted. I certainly won't accept mail from domains that reject bounces! I am definitely not alone in this. I think you'd be better off trying to find a blacklist that isn't too fascist. I have had luck with the rfc-ignorant.org blacklists and bl.spamcop.net. Also, by the time the message gets passed off to procmail, exim will already have replaced the <> with MAILER-DAEMON. If you want to procmail any mail from MAILER-DAEMON, go ahead, but if I were you, I'd just put it in its own folder rather than /dev/null. You are risking losing something useful if you filter such messages. noah -- ___ | Web: http://web.morgul.net/~frodo/ | PGP Public Key: http://web.morgul.net/~frodo/mail.html pgpOpJSCEXtxM.pgp Description: PGP signature
Re: Spam mail question
hi ya noah... > http://www.rfc-ignorant.org/policy-dsn.html for more info. By rejecting very true ... but... sometimes ... ( lots )... more often than not... i get tons of "spams" from <> ... which i too would like to bounce/reject - and any email that is outgoing that bounced is usually caught within hours of its bounce .. and hopefully fixed ... - it doesn't need to wait the 5 days woth of retries - most people nowdays expects emails to be sent and received within minutes... or they generate more emails ... "did you get it yet" adding to the bounces and queues if there was a problem... - bounced messages should go to a real person/postmaster ... anyway... if one can figure ut how to reject "From: <>"... than one could also reject those incoming emails addressed to "To: <>" -- just another way of handling occasional bounces vs guranteed spams... - thers a lot more spam than there are bounces nowdays.. just my twist... donno ... i'll go back under the rock... --- and for the original questions lots of procmail filters - - one of um probably will have a "From" or similar example ?? - http://www.Linux-Sec.net/Mail/filters.gwif.html c ya alvin On Mon, 3 Jun 2002, Noah Meyerhans wrote: > On Mon, Jun 03, 2002 at 02:34:01PM +, Paulo Henrique Baptista de > Oliveira wrote: > > How to reject mail with from like this: "<>" at a Debian > > GNU/Linux box and Exim? With procmail? > > Don't do that! It's in violation of an RFC. See > http://www.rfc-ignorant.org/policy-dsn.html for more info. By rejecting > mail from <> you are rejecting bounces. That will make people very > unhappy as you'll never know if your mail system is broken. > -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Spam mail question
On Mon, Jun 03, 2002 at 02:34:01PM +, Paulo Henrique Baptista de Oliveira wrote: > How to reject mail with from like this: "<>" at a Debian > GNU/Linux box and Exim? With procmail? Don't do that! It's in violation of an RFC. See http://www.rfc-ignorant.org/policy-dsn.html for more info. By rejecting mail from <> you are rejecting bounces. That will make people very unhappy as you'll never know if your mail system is broken. noah -- ___ | Web: http://web.morgul.net/~frodo/ | PGP Public Key: http://web.morgul.net/~frodo/mail.html pgp1lrvQ8mGDa.pgp Description: PGP signature
Re: Spam mail question
On Mon, Jun 03, 2002 at 02:34:01PM +, Paulo Henrique Baptista de Oliveira wrote: > > Hi all, > How to reject mail with from like this: "<>" at a Debian GNU/Linux box > and Exim? > With procmail? > TIA,Paulo Henrique. Well, I am biased, but you can get a nice procmail script for spam removal that handles that case and many more at http://spastic.sourceforge.net. Best Regards, Keith -- LPIC-2, MCSE, N+ Got spam? Get spastic http://spastic.sourceforge.net -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Spam mail question
Hi all, How to reject mail with from like this: "<>" at a Debian GNU/Linux box and Exim? With procmail? TIA,Paulo Henrique. -- Paulo Henrique B de Oliveira Gerente de Operações - Linux Solutions - http://www.linuxsolutions.com.br O maior conteúdo de Linux em língua portuguesa - OLinux - http://www.olinux.com.br (21) 2526-7262 ramal 31 -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
