RE: [vps-mail] Filtering catch-all's misses

["Jim Smith" <maillists@xxxxxxxxxxxxxxxx>]

Thanks to Scott and Abigail for the great ideas. I went with Scott's
suggestion and it works very well. Abigail's idea sounds good and when I
become more comfortable with cron jobs, I may switch over. Thanks again!

Jim 

> -----Original Message-----
> From: owner-vps-mail@xxxxxxxxxxxx 
> [mailto:owner-vps-mail@xxxxxxxxxxxx] On Behalf Of Scott Wiersdorf
> Sent: Tuesday, February 24, 2004 4:21 PM
> To: vps-mail@xxxxxxxxxxxx
> Subject: Re: [vps-mail] Filtering catch-all's misses
> 
> On Tue, Feb 24, 2004 at 12:36:38PM -0500, Jim Smith wrote:
> <snip>
> > I set a Procmail rule to get rid of all such spams. It came 
> after my 
> > white & black list and gave 2 points to blarneystone and 
> subtracted 3 
> > points for any of my defined addresses. So anything with 2 
> points to 
> > blarneystone but nothing else went directly to spam as shown here:
> > 
> >  :0:
> >  * 2^0 ^TOblarneystone\.com
> >  * -3^0 ^TOjimsmith@xxxxxxxxxxxxxxxx
> >  * -3^0 ^TOjsmith@xxxxxxxxxxxxxxxx
> >           ...snipped out many more...
> >  * -3^0 ^TOsupport@xxxxxxxxxxxxxxxx
> >  * -3^0 ^TOmaillists@xxxxxxxxxxxxxxxx
> >  $HOME/spam
> > 
> > Now that I'm using Bayes, I'd like to somehow turn this 
> into a SA rule 
> > so it tags each of these as spam (right now it sends them 
> directly to 
> > spam folder without running through Bayes).
> > 
> > So, three questions:
> > 1. Is there a test that can be implemented in SA to find 
> emails with 
> > forged To/CC/BCC fields?
> 
> Not trivially--it's domain specific so you'll need to write a 
> customized rule/regex to detect that. Your procmail version 
> will be more efficient.
> 
> > 2. Can a Procmail action mark up a header like SA does so I 
> can then 
> > send it thru SA with a SA rule to recognize the mark and 
> tag it with a high score?
> 
> Yes; use something like this:
> 
>     DOMAIN="blarneystone\.com"
> 
>     :0
>     *  2^0 $ ^TO_${DOMAIN}
>     * -3^0 $ ^TO_jimsmith@${DOMAIN}
>     * -3^0 $ ^TO_jsmith@${DOMAIN}
>     ...
>     * -3^0 $ ^TO_support@${DOMAIN}
>     * -3^0 $ ^TO_maillists@${DOMAIN}
>     {
>       :0 fhw
>       | formail -A"X-Blarney-Spam: invalid TO/BCC detected"
>     }
> 
> Then create an SA rule in local.cf:
> 
>   header   BLARNEY_INVALID_TO        X-Blarney-Spam =~ 
> /invalid TO\/BCC detected/
>   describe BLARNEY_INVALID_TO        Blarney spam test 
> "invalid TO/BCC" triggered
>   score    BLARNEY_INVALID_TO        6.0
> 
> This hasn't been tested, btw. The filter above (formail pipe) 
> is non-delivering, so mail will continue to the next recipe 
> in the procmailrc file (e.g., the one that runs it through 
> spamassassin,
> etc.)
> 
> Scott
> --
> Scott Wiersdorf
> scott@xxxxxxxxxxxx
> ======================================================================
> This is <vps-mail@xxxxxxxxxxxx>       <http://www.perlcode.org/lists/>
> Before posting a question, please search the archives (see above URL).
> 

======================================================================
This is <vps-mail@xxxxxxxxxxxx>       <http://www.perlcode.org/lists/>
Before posting a question, please search the archives (see above URL).