# junkfilter # a junk email filter system for procmail # Copyright 1997-2000 Gregory Sutter # # $Id: junkfilter.three,v 2.17 2000/11/30 08:31:07 gsutter Exp $ # # Please read the file "README" and the page # http://junkfilter.zer0.org/ before using junkfilter. # Section Three, recipes that catch some legitimate mail. JFSEC=3 # Phil Guenther's Message-Id: rule # modified by allowing a trailing "." after the domain... :0 * ^Message-Id:\/.* * ! ^Message-Id:[ ]*<[ ]*("([^"\]|\\.)*"|[-!#-'*+/-9=?A-Z^-~]+)\ ([ ]*\.[ ]*("([^"\]|\\.)*"|[-!#-'*+/-9=?A-Z^-~]+))*\ [ ]*@[ ]*\ (\[[ ]*([^][\]|\\.)*[ ]*\]|\ [-!#-'*+/-9=?A-Z^-~]+([ ]*\.[ ]*[-!#-'*+/-9=?A-Z^-~]+)*)\.?\ [ ]*> { JFMATCH="$JFSEC: Invalid Message-Id: $MATCH" INCLUDERC=$JFDIR/junkfilter.match } # Message-ID added by an enroute or local mail machine :0 * $ ^Message-Id:[ ]+<.*@([-_a-z0-9]+\.)*$JFMAILDOM> * ^From:.*@ * $! ^From:.*@([-_a-z0-9]+\.)*$JFMAILDOM * $ 1^1 ^Received:.*from * $ -1^1 ^Received:.*from.*\(([-_a-z0-9]+\.)*$JFMAILDOM\> { JFMATCH="$JFSEC: Message-Id added after initial transmission" INCLUDERC=$JFDIR/junkfilter.match } # AOL, Hotmail, Juno forged From: headers. :0 * ^From:.*@\/(hotmail|juno|aol).com * ! ^Received:.*(hotmail|juno|aol).com * ! ^Return-Path:.*owner- { JFMATCH="$JFSEC: Forged From header from $MATCH" INCLUDERC=$JFDIR/junkfilter.match } # All-capitalized headers are used only by spam programs. # and HP OpenMail. Grrr.... :0D * ! ^X-OpenMail * ^(FROM|TO|DATE|SUBJECT) { JFMATCH="$JFSEC: Header in all caps" INCLUDERC=$JFDIR/junkfilter.match } # Verify decent Date: line. RFC822 and Real World taken into account. # the first condition is full of very noncompliant mailers. :0 * ! ^X-Mailer:.*(Windows Eudora (Light|Pro) Version 3\.0\.[0-9] \(16\)|NetMailer v|PMMail 1\.[0-9]+ for OS/2) * ! $ ^Date:$JFWS((Sun|Mon|Tue|Wed|Thu|Fri|Sat),$JFWS)?\ (0?[1-9]|[12][0-9]|3[01])$JFWS\ (Jan|Feb|Mar|Apr|May|Jun|Jul|Aug|Sep|Oct|Nov|Dec)$JFWS\ ((19)?[789][0-9]|(20)?[01][0-9])$JFWS\ (0?[0-9]|1[0-9]|2[0-3]):(0?|[1-5])[0-9](:(0?|[1-5])[0-9])?$JFWS\ (([+-][0-1][0-4]([03]0|45))|("?\(?(UT|GMT|EST|EDT|CST|CDT|MST|MDT|PST|PDT|[A-I]|[K-Z])\)?"?))? { JFMATCH="$JFSEC: Bad Date line" INCLUDERC=$JFDIR/junkfilter.match } # ([+-][0-1][0-4]([03]0|45)|"?\(?(UT|GMT|EST|EDT|CST|CDT|MST|MDT|PST|PDT|[A-I]|[K-Z])\)?"?) # New New -0600 datestamp check # Got to think of a better way to say "not MDT|CST", this one's a hack. :0 * ^(Date|Received):.* \/-0600 * ! MATCH ?? ^[(-0600 \((MD|CS)T\))] { JFMATCH="$JFSEC: invalid datestamp: $MATCH" INCLUDERC=$JFDIR/junkfilter.match } JFSEC # EOF junkfilter.three