Brian Potkin([EMAIL PROTECTED]) is reported to have said: > On Wed, Feb 04, 2004 at 02:10:55PM +0000, Pigeon wrote: > > > On Wed, Feb 04, 2004 at 01:59:32AM +0000, Antony Gelberg wrote: > > [Snip] > > > > Anyone have a similar rule to nuke this new mymail worm? I have some > > > samples if anyone can tell me how to analyse them to paste the correct > > > thing in the BD line. > > > > This beastie doesn't set the Message-Id: header. I find I can zap it > > quite happily by looking for Message-Id: headers that have been added > > by my ISP's mail relay; the following mailfilter rule works: > > > > DENY=^Message-Id:.*<[EMAIL PROTECTED]> > > > > ...adjust to fit your ISP's relay and translate to procmailese. > > I use an identical rule in my mailfilterrc, or did until five minutes > ago. Its now commented out. > > Its usefulness in deleting spam and mail associated with the mymail worm > before downloading it has been offset by the deletion of a small number > of legitimate mails, including one a few minutes ago. The originating > mail server should have added a Message-Id but for some reason some > don't. Effective the rule might have been but I'd rather not lose mail. >
So use the rule with SCORE instead of DENY. If it's ligit mail other score rules will let it pass. I have yet to see any ligit mail get through (and I check daily) in well over 3 months of use. Wayne -- Any programming language is at its best before it is implemented and used. _______________________________________________________ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
