######################################################### procmailrc-attachments #------------------------------------------------------------------------------ # Filter these attachments #------------------------------------------------------------------------------ :0 B * name=.*\.(pif|pi|scr|bat|exe|vbs|lnk|.com) { LOGFILE=$PMDIR/log-attachments :0 /dev/null } ######################################################### procmailrc-base64 #------------------------------------------------------------------------------ # A message with something to hide via Base64 encoding #------------------------------------------------------------------------------ :0 * 1^0 B ?? Content-Type: text/(html|plain)(;[ ]*$?[ ]*charset="iso-8859-1")?($Content-Disposition: inline)?$Content-Transfer-Encoding: base64 { LOGFILE=$PMDIR/log-base64 :0 fhw * BBOXHEADER ?? ON | $FORMAIL -A "$BBOXTAG: bbox.com-procmailrc-base64" :0 fhw * BBOXWARN ?? ON | $FORMAIL -i "Subject: SPAM-BASE-64-$SUB" } ######################################################### procmailrc-body #------------------------------------------------------------------------------ # Filter mail based on subject. #------------------------------------------------------------------------------ :0 B #* 2147483647^1 \$ #* 2147483647^1 \% * 2147483647^1 cock * 2147483647^1 debt * 2147483647^1 dick * 2147483647^1 diploma * 2147483647^1 ejaculation * 2147483647^1 enlarge * 2147483647^1 erection * 2147483647^1 free.*ship * 2147483647^1 home.*loan * 2147483647^1 interest.*rate * 2147483647^1 low.*rate * 2147483647^1 manhood * 2147483647^1 medication * 2147483647^1 meds * 2147483647^1 microsoft.*adobe * 2147483647^1 mortgage * 2147483647^1 orgasm * 2147483647^1 penis * 2147483647^1 pill * 2147483647^1 porn * 2147483647^1 pussy * 2147483647^1 pharmacy * 2147483647^1 prescription * 2147483647^1 refinance * 2147483647^1 rolex * 2147483647^1 sex * 2147483647^1 university.*degree * 2147483647^1 viagra * 2147483647^1 vicodin * 2147483647^1 weight.*loss * 2147483647^1 xanax * 2147483647^1 xxx { LOGFILE=$PMDIR/log-body :0 fhw * BBOXHEADER ?? ON | $FORMAIL -A "$BBOXTAG: bbox.com-procmailrc-body" :0 fhw * BBOXWARN ?? ON | $FORMAIL -i "Subject: SPAM-SUSPICIOUS-CONTENT-$SUB" } ######################################################### procmailrc-domains #------------------------------------------------------------------------------ # By Top Level Domain. .biz, Taiwan, China #------------------------------------------------------------------------------ :0 HB * 2147483647^1 .+\.(biz|tw|cn|pl|de|cz|za|ch|ie|be) { LOGFILE=$PMDIR/log-domains :0 fhw * BBOXHEADER ?? ON | $FORMAIL -A "$BBOXTAG: bbox.com-procmailrc-domains" :0 fhw * BBOXWARN ?? ON | $FORMAIL -i "Subject: SPAM-APPARENTLY-TO-$SUB" } ######################################################### procmailrc-forgedfrom #------------------------------------------------------------------------------ # Check for mail using a hotmail.com address that didn't originate from # hotmail.com's email servers: # http://bradthemad.ath.cx/tech/hacks/procmail_tricks.php #------------------------------------------------------------------------------ :0 H * ^(From|Return-Path):.+@hotmail\.com { :0 * ^From: ".+" <[a-z0-9_.-]+@hotmail\.com> * ^X-OriginalArrivalTime: * ^X-Originating-IP: \[[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+] * ^Received: from hotmail.com \(\/... * $ ^Message-ID: <${MATCH}.+@hotmail\.com> { } :0 E { LOGFILE=$PMDIR/log-forgedfrom :0 fhw * BBOXHEADER ?? ON | $FORMAIL -A "$BBOXTAG: bbox.com-procmailrc-forgedfrom" :0 fhw * BBOXWARN ?? ON | $FORMAIL -i "Subject: SPAM-FORGED-HOTMAIL-$SUB" } } #------------------------------------------------------------------------------ # Check for mail using a yahoo.com address that didn't originate from # yahoo.com's servers: #------------------------------------------------------------------------------ :0 H * ^(From|Return-Path):.+@yahoo\.[a-z]+ { :0 * ^Message-ID: <[0-9]+\.[0-9]+\.qmail@[a-z0-9]+\.mail\.yahoo\.com { } :0 E { LOGFILE=$PMDIR/log-forgedfrom :0 fhw * BBOXHEADER ?? ON | $FORMAIL -A "$BBOXTAG: bbox.com-procmailrc-forgedfrom" :0 fhw * BBOXWARN ?? ON | $FORMAIL -i "Subject: SPAM-FORGED-YAHOO-$SUB" } } #------------------------------------------------------------------------------ # Check for mail using a netscape.net address that didn't originate from # there: #------------------------------------------------------------------------------ :0 H * ^(From|Return-Path):.+@netscape\. { :0 * ^X-Mailer: Atlas * ^Received: from +netscape.*MAILIN * ^Return-Path: <\/[a-z0-9_.-]+@netscape\.[a-z.]+ * $ ^From:.*$MATCH * $ ^Received: from $MATCH.*by [a-z0-9.-]+\.aol\.com * ^Message-ID: <[a-z0-9]+\.[a-z0-9]+\.[a-z0-9]+@netscape\.[a-z.]+ { } :0 E { LOGFILE=$PMDIR/log-forgedfrom :0 fhw * BBOXHEADER ?? ON | $FORMAIL -A "$BBOXTAG: bbox.com-procmailrc-forgedfrom" :0 fhw * BBOXWARN ?? ON | $FORMAIL -i "Subject: SPAM-FORGED-NETSCAPE-$SUB" } } ######################################################### procmailrc-from #---------------------------------------------------- # Reject mail from these addresses. KNOWN SPAMMERS #---------------------------------------------------- :0 HB * 2147483647^1 controllablerx * 2147483647^1 dailyintake * 2147483647^1 freetixxflix * 2147483647^1 freetixflikks * 2147483647^1 freeflixtix * 2147483647^1 justonepill * 2147483647^1 medserver * 2147483647^1 moxio * 2147483647^1 moxmail * 2147483647^1 openpharmacy * 2147483647^1 personalhealthzone * 2147483647^1 pharmacy12008 * 2147483647^1 pharmacyforlife * 2147483647^1 pillomatic * 2147483647^1 planet-rx * 2147483647^1 rxvendor { LOGFILE=$PMDIR/log-from :0 /dev/null } ######################################################### procmailrc-headers #------------------------------------------------------------------------------ # Too many "Apparently-To:" lines. #------------------------------------------------------------------------------ :0 H * -3^0 * 1^1 ^Apparently-To: { LOGFILE=$PMDIR/log-headers :0 fhw * BBOXHEADER ?? ON | $FORMAIL -A "$BBOXTAG: bbox.com-procmailrc-headers" :0 fhw * BBOXWARN ?? ON | $FORMAIL -i "Subject: SPAM-APPARENTLY-TO-$SUB" } #------------------------------------------------------------------------------ # Suppressed recipient list, mail that came from an extractor, or other # headers. #------------------------------------------------------------------------------ :0 H * 2147483647^1 ^TOsuppressed * 2147483647^1 ^X-Mailer:.*(Extractor|Floodgate|WorldMerge|Aristotle|NetMailer|Market) * 2147483647^1 ^X-Advertisement * 2147483647^1 ^X-Advertisment * 2147483647^1 ^Message-Id: <> { LOGFILE=$PMDIR/log-headers :0 fhw * BBOXHEADER ?? ON | $FORMAIL -A "$BBOXTAG: bbox.com-procmailrc-headers" :0 fhw * BBOXWARN ?? ON | $FORMAIL -i "Subject: SPAM-SUPPRESSED-RECIPIENT-$SUB" } #------------------------------------------------------------------------------ # Kill numeric only addresses (no-one I know of uses only numbers, even # Compuserve adds a period. #------------------------------------------------------------------------------ :0 H * ^From:[ ]*[0-9]+@.*(\>|$) { LOGFILE=$PMDIR/log-headers :0 fhw * BBOXHEADER ?? ON | $FORMAIL -A "$BBOXTAG: bbox.com-procmailrc-headers" :0 fhw * BBOXWARN ?? ON | $FORMAIL -i "Subject: SPAM-NUMERIC-ADDRESS-$SUB" } #------------------------------------------------------------------------------ # Cyberpromo and several other of the similar groups actually add this header #------------------------------------------------------------------------------ :0 H * ^X-Advertisement:.* { LOGFILE=$PMDIR/log-headers :0 fhw * BBOXHEADER ?? ON | $FORMAIL -A "$BBOXTAG: bbox.com-procmailrc-headers" :0 fhw * BBOXWARN ?? ON | $FORMAIL -i "Subject: SPAM-X-ADVERTISEMENT-$SUB" } #------------------------------------------------------------------------------ # Edward J. Sabol : E-mails with # X-UIDL: headers are almost definitely spam unless they've been # Resent-To: me by someone. Also, valid X-UIDL: headers have 32 # hexadecimal digits exactly. #------------------------------------------------------------------------------ :0 H * ^X-UIDL: * !^X-UIDL:[ ]*[0-9a-f][0-9a-f][0-9a-f][0-9a-f][0-9a-f][0-9a-f][0-9a-f]\ [0-9a-f][0-9a-f][0-9a-f][0-9a-f][0-9a-f][0-9a-f][0-9a-f]\ [0-9a-f][0-9a-f][0-9a-f][0-9a-f][0-9a-f][0-9a-f][0-9a-f]\ [0-9a-f][0-9a-f][0-9a-f][0-9a-f][0-9a-f][0-9a-f][0-9a-f]\ [0-9a-f][0-9a-f][0-9a-f][0-9a-f][ ]*$ * !^Resent-To: { LOGFILE=$PMDIR/log-headers :0 fhw * BBOXHEADER ?? ON | $FORMAIL -A "$BBOXTAG: bbox.com-procmailrc-headers" :0 fhw * BBOXWARN ?? ON | $FORMAIL -i "Subject: SPAM-X-UIDL-$SUB" } #------------------------------------------------------------------------------ # Invalid Message-Id:s are likely SPAM, any non-RFC complaint ID gets nailed #------------------------------------------------------------------------------ :0 H * ! ^Message-Id:[ ]*<[^ <>@]+@[^ <>@]+>[ ]*$ { LOGFILE=$PMDIR/log-headers :0 fhw * BBOXHEADER ?? ON | $FORMAIL -A "$BBOXTAG: bbox.com-procmailrc-headers" :0 fhw * BBOXWARN ?? ON | $FORMAIL -i "Subject: SPAM-INVALID-MSG-ID-$SUB" } ######################################################### procmailrc-htmlonly #------------------------------------------------------------------------------ # Check for spammers sending HTML without setting proper Content-type #------------------------------------------------------------------------------ :0 * ^Content-type: text/html * ! html; charset= * ! from hotmail { LOGFILE=$PMDIR/log-htmlonly :0 fhw * BBOXHEADER ?? ON | $FORMAIL -A "$BBOXTAG: bbox.com-procmailrc-htmlonly" :0 fhw * BBOXWARN ?? ON | $FORMAIL -i "Subject: SPAM-HTMLONLY-$SUB" } ######################################################### procmailrc-ip #------------------------------------------------------------------------------ # Invalid IP and domains #------------------------------------------------------------------------------ :0 H * ^Received.*\[[0-9\.]*([03-9][0-9][0-9]|2[6-9][0-9]|25[6-9]) { LOGFILE=$PMDIR/log-ip :0 fhw * BBOXHEADER ?? ON | $FORMAIL -A "$BBOXTAG: bbox.com-procmailrc-ip" :0 fhw * BBOXWARN ?? ON | $FORMAIL -i "Subject: SPAM-INVALID-IP-$SUB" } #------------------------------------------------------------------------------ # Forged (invalid) IP addresses #------------------------------------------------------------------------------ :0 H * ^Received:.*\[[0-9\.]*([03-9][0-9][0-9]|2[6-9][0-9]|25[6-9]) { LOGFILE=$PMDIR/log-ip :0 fhw * BBOXHEADER ?? ON | $FORMAIL -A "$BBOXTAG: bbox.com-procmailrc-ip" :0 fhw * BBOXWARN ?? ON | $FORMAIL -i "Subject: SPAM-FORGED-IP-$SUB" } #------------------------------------------------------------------------------ # More bogus IP addresses (0.0.0.0) #------------------------------------------------------------------------------ :0 H * ^Received:.*\[0+\.0+\.0+\.0+\] { LOGFILE=$PMDIR/log-ip :0 fhw * BBOXHEADER ?? ON | $FORMAIL -A "$BBOXTAG: bbox.com-procmailrc-ip" :0 fhw * BBOXWARN ?? ON | $FORMAIL -i "Subject: SPAM-INVALID-0-IP-$SUB" } ######################################################### procmailrc-subject #------------------------------------------------------------------------------ # Filter mail based on subject. #------------------------------------------------------------------------------ :0 H * 2147483647^1 ^Subject:.*call.now * 2147483647^1 ^Subject:.*enlarge * 2147483647^1 ^Subject:.*erection * 2147483647^1 ^Subject:.*free.*ship * 2147483647^1 ^Subject:.*home.*loan * 2147483647^1 ^Subject:.*medication * 2147483647^1 ^Subject:.*meds * 2147483647^1 ^Subject:.*microsoft.*adobe * 2147483647^1 ^Subject:.*mortgage * 2147483647^1 ^Subject:.*orgasm * 2147483647^1 ^Subject:.*penis * 2147483647^1 ^Subject:.*pharmacy * 2147483647^1 ^Subject:.*pill * 2147483647^1 ^Subject:.*prescription * 2147483647^1 ^Subject:.*refinance * 2147483647^1 ^Subject:.*rolex * 2147483647^1 ^Subject:.*software * 2147483647^1 ^Subject:.*spamhaus * 2147483647^1 ^Subject:.*university.*degree * 2147483647^1 ^Subject:.*viagra * 2147483647^1 ^Subject:.*vicodin * 2147483647^1 ^Subject:.*weight.*loss * 2147483647^1 ^Subject:.*xanax * 2147483647^1 ^Subject:.*xxx { LOGFILE=$PMDIR/log-subject :0 fhw * BBOXHEADER ?? ON | $FORMAIL -A "$BBOXTAG: bbox.com-procmailrc-subject" :0 fhw * BBOXWARN ?? ON | $FORMAIL -i "Subject: SPAM-SUSPICIOUS-SUBJECT-$SUB" }