# junkfilter # a junk e-mail filter system for procmail # Copyright 1997-98, Gregory Sutter # # $Id: junkfilter.three,v 1.7 1998/08/30 09:32:19 gsutter Exp $ # # Please read the file "junkfilter.readme" and the page # http://www.pobox.com/~gsutter/junkfilter/ before using # junkfilter. junkfilter is copyright 1997-98 Gregory # Sutter and is licensed under the terms of the GNU # General Public License, version 2. See the file # junkfilter.readme for details. # Section Three, recipes that catch some legitimate mail. JFSEC=3 # Phil Guenther's Message-Id: rule :0 * ()^Message-Id:\/.* * ! ^Message-Id:[ ]*<[ ]*("([^"\]|\\.)*"|[-!#-'*+/-9=?A-Z^-~]+)\ ([ ]*\.[ ]*("([^"\]|\\.)*"|[-!#-'*+/-9=?A-Z^-~]+))*\ [ ]*@[ ]*\ (\[[ ]*([^][\]|\\.)*[ ]*\]|\ [-!#-'*+/-9=?A-Z^-~]+([ ]*\.[ ]*[-!#-'*+/-9=?A-Z^-~]+)*)\ [ ]*> { JFMATCH="$JFSEC: Invalid Message-Id: $MATCH" INCLUDERC=$JFDIR/junkfilter.match } # Message-ID added by an enroute or local mail machine :0 * $ ^Message-Id:[ ]+<.*@([-_a-z0-9]+\.)*$JFMAILDOM> * ^From:.*@ * $! ^From:.*@([-_a-z0-9]+\.)*$JFMAILDOM * $ 1^1 ^Received:.*from * $ -1^1 ^Received:.*from.*\(([-_a-z0-9]+\.)*$JFMAILDOM\> { JFMATCH="$JFSEC: Message-Id added after initial transmission" INCLUDERC=$JFDIR/junkfilter.match } # AOL, Hotmail, Juno, USA forged From: headers. Note the space at the end # of the last line. :0 * ^From:.*@\/((hotmail|juno|aol).com|usa.net) * ! ^(Received|Message-Id):.*(((hotmail|juno|aol).com|usa.net) ) * ! ^Return-Path:.*owner- { JFMATCH="$JFSEC: Forged From header from $MATCH" INCLUDERC=$JFDIR/junkfilter.match } # All-capitalized headers are used only by spam programs. # and HP OpenMail. Grrr.... :0D * ! ^X-OpenMail * ()\/^(FROM|TO|DATE|SUBJECT) { JFMATCH="$JFSEC: $MATCH header in all caps" INCLUDERC=$JFDIR/junkfilter.match } # Verify RFC822-compliant Date: line :0 * ! ^X-Mailer: Windows Eudora Light Version 3.0.1 (16) * ! ^Date:[ ]+((Sun|Mon|Tue|Wed|Thu|Fri|Sat),[ ]+)?\ [0-3]?[0-9][ ]+\ (Jan|Feb|Mar|Apr|May|Jun|Jul|Aug|Sep|Oct|Nov|Dec)[ ]+\ ((19)?[789][0-9]|(20)?[01][0-9])[ ]+\ (0?[0-9]|1[0-9]|2[0-3]):[0-5][0-9](:[0-5][0-9])?[ ]+\ ([+-][0-1][0-9][03]0|"?\(?(UT|GMT|EST|EDT|CST|CDT|MST|MDT|PST|PDT|[A-I]|[K-Z])\)?"?) { JFMATCH="$JFSEC: Noncompliant Date line" INCLUDERC=$JFDIR/junkfilter.match } # New -0600 datestamp check # Got to think of a better way to say "not MDT|CST", this one's a hack. :0 * ^(Date|Received):.* \/-0600 \([^MC][a-z][a-z]\) { JFMATCH="$JFSEC: invalid datestamp: $MATCH" INCLUDERC=$JFDIR/junkfilter.match } JFSEC # EOF junkfilter.three