PDA

View Full Version : spam slips by



ccwebb
05-05-2004, 07:12 PM
Say my email address is xyz@xyz.com. At one time I had an alias set up as abc@xyz.com. It started to get a lot of spam.

So I set up a procmail recipe (with Fayez help) to dev/null any email to abc@xyz.com.

Now spam is slipping by because it is coming in with no TO address. If you look in the header there is a FOR abc@xyz.com.

Any thoughts on how to trap this spam?

Thanks

Charlie

FZ
05-06-2004, 03:08 PM
You could modify your To: rule to include checking the Received: header...


:0H:
^(TO_|Received).*abc@xyz.com
/dev/null

As always, move mail to a folder instead of /dev/null'ing it, and do thorough testing before you start trashing it.

ccwebb
05-12-2004, 09:04 PM
Fayez:

Thanks for your response - I apologize for being late at getting back to this thread - been busy...

Here is what I have now:


:0
* ^TO_abc@xyz.com|^X-Spam-Level: *\*\*\*\*\*\*\*\*\*\*\*\*\*\*
/dev/null


Is this how I incorporate your response into existing code?


:0
* ^(TO_|Received).*abc@xyz.com |^X-Spam-Level: *\*\*\*\*\*\*\*\*\*\*\*\*\*\*
/dev/null



Thanks

Charlie

FZ
05-13-2004, 06:34 AM
Thanks for your response - I apologize for being late at getting back to this thread - been busy...

No problem - I know the feeling.

Yeah, that's correct, except for the space before the | Here is what should work:



:0:
* ^(TO_|Received).*abc@xyz.com|^X-Spam-Level: *\*\*\*\*\*\*\*\*\*\*\*\*\*\*
/dev/null


Let me know how it works out.

ccwebb
05-13-2004, 07:25 AM
Fayez:

Thanks I'll try that...

Just for my info - what is the difference between :0 and :0:

Thanks

Charlie

jalal
05-13-2004, 07:56 AM
:0
* ^TO_abc@xyz.com|^X-Spam-Level: *\*\*\*\*\*\*\*\*\*\*\*\*\*\*
/dev/null


Hi Charlie
You'd be better off splitting that into two rules (or, at least, its easier to see whats happening) there's no advantage to stuffing them into one rule.

Also, if you really want to dump mail that goes to abc@xyz.com, then the best way would be to have sendmail reject it. Which you should be able to do by creating an account for abc@xyz.com and then disabling it.

HTH

BTW,
:0: creates a locking file
:0 doesn't.

ccwebb
05-15-2004, 08:36 AM
Jalal:

Thanks for the info:

I did split the rule into two.

Charlie

FZ
05-15-2004, 09:30 AM
Have you solved your spam problem, Charlie?

ccwebb
05-15-2004, 10:03 AM
Fayez:

I put in procmail the rule that you helped me with and all seems well.

These spammers always seem one step ahead. At least I have blocked one alias and now I know how to block others if they start getting spam with no TO address.

Thanks again Fayez - you are great!

Charlie

FZ
05-15-2004, 10:27 AM
No problem. Glad it worked.

rufus
05-20-2004, 10:17 AM
BTW,
:0: creates a locking file
:0 doesn't.

I'm a little unclear about locking files. Is it better to lock or not to lock(that is the question)?

Thanks in advance

jalal
05-20-2004, 10:50 AM
If you are sending the email off to /dev/null (i.e. dumping it) then there is no need to lock anything.
If you are saving the email to a file, then its best to lock the file while writing to it.
However, for most of us, its probably not a big deal...

8)