Re: [vps-mail] Sendmail or procmail? Filter question

[Abigail Marshall <webmaster@xxxxxxxxxxxx>]

MK> Hi all,

MK> - sometimes I get spam with one of these addresses in
MK> the To: field, and the others in the Cc: field, for
MK> instance:

MK> To: madeup@xxxxxxxxxxxx
MK> Cc: <webmaster@xxxxxxxxxxxx>, <alsofake@xxxxxxxxxxxx>

MK> Since this contains the made-up addresses, it's
MK> obviously spam; since it also contains one valid address
MK> (and isn't stopped by either blocklist), it stil gets
MK> through.

MK> Is there a way to reject such a mail based of the rule:
MK> if any of these made-up addresses occurs in either To:,
MK> Cc: or Bcc, reject the mail completely?

MK> I suspect though this is maybe a job for
MK> procmail.

You're right - I do this with procmail. First, I started by
imposing some conventions on existing names on my system -
so for example it is no longer "legal" to create a name on
my system with 2 or more numbers in it.  [I assign all POP
accounts directly, so I can control this]:

# Test: Recipient has numbers
:0H
* ^To:.*[0-9].*[0-9].*@mydomain\.com
{
  LOG="Number in Address  "
  :0
  /var/mail/spam
}

I have a similar recipe called the "Piglatin address" with
this line, which disallows any email to an address ending
in "ay":
* ^To:.*ay@mydomain\.com

Basically this just pick up patterns I see in the phony-name
type spam. Of course I could also list all the same names
that are in my exclude list on Access - I just find it is
more efficient to develop rules that are geared to patterns,
because they anticipate future issues as well.  The more
than you can create and enforce naming conventions on the
existing email, the more flexible you are in screening out
based on such patterns.

-Abigail

======================================================================
This is <vps-mail@xxxxxxxxxxxx>       <http://www.perlcode.org/lists/>
======================================================================