# junkfilter # a junk e-mail filter system for procmail # Copyright 1997-98, Gregory Sutter # and Matthew Hunt # # Please read the file "junkfilter.readme" and the page # http://www.pobox.com/~gsutter/junkfilter/ before using # junkfilter. junkfilter is copyright 1997-98 Gregory # Sutter and Matthew Hunt. All rights reserved. # This is junkfilter.one, 100% certainty spam catchers. JFSEC=1 # Kills anything from an impossible IP address :0 * ()\/^Received.*\[[0-9\.]*([03-9][0-9][0-9]|2[6-9][0-9]|25[6-9]) { JFEXP="$JFSEC: Forged Received: header: $MATCH" } # Mail needs to have certain headers. :0 * ! ()\/^(From|Date):[ ]*.* { JFEXP="$JFSEC: Missing necessary header: $MATCH" } # Checks date. Because -0600 is either CST, MDT, or water, NOTHING should # ever have a time-zone of "-0600 (EST)". :0 * ^(Date|Received):.* -0600 \(EST\) { JFEXP="$JFSEC: Invalid datestamp" } # junk mail / mail bomb software :0D * ()\/^X-(Mailer|Sender):.*(Aristotle|Avalanche|Blaster|Bomber|DejaVu|eMerge|Extractor|Floodgate|fusion|GeoList|Group|Mach10|MegaPro|RAF|RIME|TURBO)\> { JFEXP="$JFSEC: Junkmail software: $MATCH" } :0D * ()\/^(Received|Message-Id|X-(Mailer|Sender)):.*(AutoMail|E-Broadcaster|Emailer Platinum|eMarksman|Extractor|e-Merge|from stealth|Global Messenger|GroupMaster|List-X|Mailcast|MailKing|Match10|MassE-Mail|massmail\.pl|NetContact|NetMailer|News Breaker|Powermailer|Quick Shot|Ready Aim Fire|Sonic|Stalker|WindoZ|WinNT\'s Blat|WorldMerge|Yourdora)\> { JFEXP="$JFSEC: Junkmail Software: $MATCH" } # Pegasus mailer is the only mailer which legitimately generates # "Comments: Authenticated sender is ..." so kill anything else. # This works for versions 2.54 and below only. :0 * ^Comments:.*Authenticated sender * !^X-Mailer:.*Pegasus Mail * !^Resent-To: * !^Return-Path:.*owner- { JFEXP="$JFSEC: Forged Pegasus Mail authentication" } # "unknown host" is not a valid Received: header :0 * ^Received:.*unknown host { JFEXP="$JFSEC: Forged Received: header" } # All-capitalized headers are used only by spam programs. :0D * ()\/^(FROM|TO|DATE|SUBJECT) { JFEXP="$JFSEC: $MATCH header in all caps" } JFSEC # EOF junkfilter.one