# junkfilter # a junk e-mail filter system for procmail # Copyright 1997-98, Gregory Sutter # # $Id: junkfilter.four,v 1.8 1998/08/31 11:09:37 gsutter Exp $ # # Please read the file "junkfilter.readme" and the page # http://www.pobox.com/~gsutter/junkfilter/ before using # junkfilter. junkfilter is copyright 1997-98 Gregory # Sutter and is licensed under the terms of the GNU # General Public License, version 2. See the file # junkfilter.readme for details. # Four is the testing section. All recipes in beta. Careful! JFSEC=4 # Capital Bogosity In E-Mail Is A Near-Sure Sign Of Spam # Thanks, Era Erikkson and Phil Hord #:0D #* -59^0 #* 1^1 B ?? [-a-z'][,:;]?[ ]+[A-Z][-a-z'] #* 8^1 B ?? ()\<[A-Z][-a-z']+[,:;]?[ ]+[A-Z][-a-z']+[,:;]?[ ]+[A-Z][-a-z']+[,:;]? #{ JFMATCH="$JFSEC: Capital Bogosity" INCLUDERC=$JFDIR/junkfilter.match } # If only one Received: header AND from a common dialup, junk. (RFMS again) # Thanks Rik Kabel :0 * 2^0 * -1^1 ^\/Received:.* * $ MATCH ?? from [ ]+(($JFIPNUM\.)+|[-0-9a-z]+|$JFDIALUPS)[ ]+\(\/[-0-9a-z\.]+[ ] * MATCH ?? \\/[^ ]+ { JFMATCH="$JFSEC: RapidFire Mail Server: $MATCH" INCLUDERC=$JFDIR/junkfilter.match } # Hosts claiming to be other hosts... note trailing space :0 * $ ^X-Authentication-Warning:.*Host ($JFDOMDAM\.)*\/($JFDOMNAM)\.($JFTLD)\> { JFHOSTREAL=$MATCH :0 * $ ^X-Authentication-Warning:.*Host ($JFDOMDAM\.)*($JFDOMNAM)\.($JFTLD)\>[ ]+\[$JFIPNUM\.$JFIPNUM\.$JFIPNUM\.$JFIPNUM\][ ]+claimed to be[ ]+(($JFDOMDAM\.)*\/($JFDOMNAM)\.($JFTLD)|\[$JFIPNUM\.$JFIPNUM\.$JFIPNUM\.$JFIPNUM\])\> { JFHOSTCLAIM=$MATCH :0 * ! JFHOSTREAL ?? JFHOSTCLAIM { JFMATCH="$JFSEC: X-Authentication-Warning: a host in $JFHOSTCLAIM claimed to be in $JFHOSTREAL" INCLUDERC=$JFDIR/junkfilter.match } } } # Multiple simultaneous spaces or tabs in From: header # Hmmm... now requires three simultaneous. :0 * ()\/^From:.*[-_a-z0-9]+[ ][ ][ ]+.* { JFMATCH="$JFSEC: Spaces in From: header: $MATCH" INCLUDERC=$JFDIR/junkfilter.match } JFSEC # EOF junkfilter.four