On Sat, Oct 18, 2003 at 06:57:40PM +0800, Brian Walker wrote: > > Can I add a line to procmail to prefilter spam with mailfilter, before > letting spamassassin get to work?
mailfilter operates on the POP3 mailbox on the remote server, not on stuff you've already retrieved. You can add 'preconnect "mailfilter"' to ~/.fetchmailrc, to get fetchmail to preprocess your POP3 box with mailfilter before it retrieves the messages. > What about the line to add to delete swen messages? Probably the easiest way is simply to bin anything over 145k with MAXSIZE_DENY=145000, then use ALLOW=^From:[EMAIL PROTECTED] to whitelist anyone who might really send you a genuine mail that big. This still lets through the ones around 15k in size that have had the .exe stripped. These can be filtered out on the contents of the From:, To: and sometimes Subject: headers. I "primed" my .mailfilterrc with rules appropriate to what I'd seen in these headers at the time, and have semi-automatedly stuck in extra rules to match the odd ones that still slip through. The attached .mailfilterrc may be of some use. -- Pigeon Be kind to pigeons Get my GPG key here: http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x21C61F7F
LOGFILE=/home/pigeon/mailfilter.log SHOW_HEADERS=yes SERVER=pop3.ukonline.co.uk USER=jah.pigeon PASS=xxxxxxx PROTOCOL=pop3 PORT=110 SERVER=pop3.ukonline.co.uk USER=my.other.email.addy PASS=xxxxxxx PROTOCOL=pop3 PORT=110 REG_CASE=yes REG_TYPE=extended MAXSIZE_DENY=145000 NORMAL=yes DENY=^Content-(Type|[Dd]isposition):.*(file)?name=.*\.(asd|bat|chm|cmd|com|dll|exe|gif|hlp|hta|js|jse|lnk|ocx|pif|scr|shb|shm|shs|vb|vbe|vbs|vbx|vxd|wav|wsf|wsh) DENY=^(Subject|SUBJECT):.*(Latest Net Critical Update|Bug Message|Abort Letter|abort notice|Failure Message|New Microsoft Security Patch|Error Announcement|Newest Security Patch|Internet Security Upgrade|Abort Advice) DENY=^(From|FROM):.*(Microsoft|MS Email Delivery System|Inet Email|Internet Message|Inet Mail Service|MS Internet|Net. Delivery Service|MS Mail System|internet email delivery|MS Network Delivery|ms network system|MS Security Services|Inet Mail Storage System|Public Assistance|MS Corporation|Internet Mail Storage Service|microsoft mail storage service|Program Security Center|MS Network Email Service|Inet Message Storage System|Program Security Division|MS Email Delivery Service|Program Security Department) DENY=^(To|TO):.*(Network Recipient|Mail Client|Commercial Client|Net Receiver|email client|Partner|Inet User|net user|Commercial Customer|email receiver) ALLOW=^From:[EMAIL PROTECTED] ALLOW=^From:[EMAIL PROTECTED] ALLOW=^From:[EMAIL PROTECTED] DENY=^(From|FROM):.*internet message delivery system DENY=^(To|TO):.*Email Recipient DENY=^(From|FROM):.*Net Email Delivery Service DENY=^(To|TO):.*Internet Receiver DENY=^(From|FROM):.*MS Security Bulletin DENY=^(To|TO):.*MS Corporation Customer DENY=^(Subject|SUBJECT):.*Newest Microsoft Upgrade DENY=^(Subject|SUBJECT):.*announcement DENY=^(From|FROM):.*Internet Mail Delivery Service DENY=^(To|TO):.*Network Client DENY=^(From|FROM):.*Net Storage Service DENY=^(To|TO):.*Email User DENY=^(From|FROM):.*Internet Mail Delivery System DENY=^(To|TO):.*Internet Recipient DENY=^(From|FROM):.*Net Delivery Service DENY=^(To|TO):.*Internet User DENY=^(From|FROM):.*Net Mail Storage Service DENY=^(To|TO):.*Network User DENY=^(From|FROM):.*MS Inet Message Service DENY=^(To|TO):.*internet receiver DENY=^(From|FROM):.*MS Public Services DENY=^(To|TO):.*Microsoft Customer DENY=^(From|FROM):.*internet system DENY=^(To|TO):.*Inet Recipient DENY=^(From|FROM):.*inet mail service DENY=^(To|TO):.*Net User DENY=^(Subject|SUBJECT):.*Last Microsoft Security Upgrade DENY=^(From|FROM):.*Net Email Storage System DENY=^(To|TO):.*Mail Receiver DENY=^(From|FROM):.*Security Center DENY=^(To|TO):.*Consumer DENY=^(From|FROM):.*MS Security Assistance DENY=^(To|TO):.*Microsoft Corporation Customer DENY=^(Subject|SUBJECT):.*Latest Security Upgrade DENY=^(Subject|SUBJECT):.*SFK AntiVirus scan results DENY=^(From|FROM):.*DrWeb-DAEMON DENY=^(To|TO):.*Recipients of original message DENY=^(From|FROM):.*ms net message delivery service DENY=^(To|TO):.*Mail User DENY=^(From|FROM):.*Net Mail Storage System DENY=^(To|TO):.*Inet Receiver DENY=^(From|FROM):.*Security Support DENY=^(To|TO):.*Microsoft User DENY=^(Subject|SUBJECT):.*Current Microsoft Security Pack DENY=^(To|TO):.*Client DENY=^(Subject|SUBJECT):.*Last Network Critical Pack DENY=^(From|FROM):.*Storage Service DENY=^(To|TO):.*Net Client DENY=^(Subject|SUBJECT):.*Current Microsoft Critical Pack DENY=^(From|FROM):.*MS Corporation Security Division DENY=^(To|TO):.*Microsoft Corporation User DENY=^(From|FROM):.*Microsoft Corporation Technical Support DENY=^(To|TO):.*Customer DENY=^(From|FROM):.*Network Message System DENY=^(From|FROM):.*MS Program Security Section
pgp00000.pgp
Description: PGP signature
