PDA

View Full Version : sending multiple addresses to /dev/null?



Frisky
11-14-2003, 05:43 PM
Hi all!

I've got about three or four (fictious) addresses that receive nothing but spam. I would like them all to be sent to /dev/null, but haven't been able to get more than just one to be deleted at the server.

What's the correct syntax for doing this? I've tried about every variation of this:

:0:
* ^To_spamattracter@mydomain.net
/dev/null

:0:
* ^X-Apparently-To: aliasedaddressfromsomewhereelse@them.com
/dev/null

for some reason, only one address is being /dev/null'd (how's that for syntax! ) The aliased address from the other domain has now gone bye-bye, but for some reason the address at mydomain.net continues to get to my catchall.

Can anyone give me a clue? The forum search didn't seem to turn up anything on this subject.

Frisky

FZ
11-15-2003, 09:49 AM
Try this:


:0:
* ^TO_(address1|address2|address3)@yourdomain.com
/dev/null


Send yourself some mail to each of the addresses you add there to make sure it is working, otherwise you might lose mail. In fact, you might want to consider moving mail to a file instead of /dev/null while you test this.

Frisky
11-15-2003, 03:20 PM
I'll give it a try. The addresses involved receive nothing but spam. They're the result of someone trying a dictionary attack on me a while back. It seems someone actually decided that a couple of the addresses from that attack should be sold as "guaranteed not to bounce". As a result, I get a lot of nonsense sent to addresses that have never even existed.

How do I ensure that the "x-apparently-to" address continues to get filtered out? It's an old moderators address from the Onelist days. Onelist doesn't even exist anymore, but every day I get spam that is "x-apparently-to" the old address, which yahoogroups (the new owner of onelist) dutifully forwards on to me at mydomain.com

Oh, and does the code go at the top, or the bottom of the procmailrc file?

Thanks for your patience, Fayez. You're a genuine asset to this forum.

FZ
11-15-2003, 04:32 PM
Thanks - glad to be of help.


Here's the modified code:


:0:
* ^(To|X-Apparently-To).*(address1|address2|address3)@yourdomain.com
/dev/null


Note that I had to replace the TO_ with To since the former can't be used in a rule like that as easily/efficiently (but it is possible). If you need to match all destination-specific headers (To:, CC:, BCC:, etc.) then you need to use TO_ - let me know.

The code can go anywhere in your .procmailrc If you are placing it in /etc/procmailrc you should place it above the SpamAssassin block so that you can save some processing power since you know you want to delete these e-mails whether they are found to be spam or not. If you need help with this, let me know - I'll need to see the "code" in your .procmailrc.

Frisky
11-15-2003, 05:15 PM
I took the cowards way out! Since the x-apparently-to address was being deleted properly, I used the account manager to create accounts for the addresses at my domain that were being spammed. Then I turned off e-mail and ftp access for those accounts.

Not quite as elegant a solution as I had hoped for, but it's working, so I'm content.

Thanks for the attempt to help me, though. I appreciate it, more than you can know.

Frisky

FZ
11-15-2003, 05:33 PM
No problem. Hmm, this actually seems to be a better solution... I tried it out and it actually bounces the mail! I guess the effectiveness of that would depend on if the From: on those e-mails you get is actually a monitored address or not.

Frisky
11-15-2003, 06:29 PM
now I just hope Jalal can tell me where I'm making my mistakes with his spamassassin upgrade notes. Still far too much stuff sneaking through.

I'm slowly getting happier and happier!

Frisky

jalal
11-16-2003, 02:57 AM
now I just hope Jalal can tell me where I'm making my mistakes with his spamassassin upgrade notes. Still far too much stuff sneaking through.

I'm slowly getting happier and happier!

Frisky

Not your mistake, my mistake. See other thread....
:(

cheers