Sorry Guys - It's early in the morning. Third time lucky
----- Forwarded message from Clive Menzies <[EMAIL PROTECTED]> -----
> To: Joshua Narins <[EMAIL PROTECTED]>
> Cc: [email protected]
> From: Clive Menzies <[EMAIL PROTECTED]>
> Date: Tue, 4 Nov 2003 09:11:06 +0000
> Subject: Fwd: Re: OT - worm problem
>
> Hi Joshua
>
> The mail escaped without the attachments - apologies, here they are
>
> Regards
>
> Clive
>
> ----- Forwarded message from Clive Menzies <[EMAIL PROTECTED]> -----
>
> > To: Joshua Narins <[EMAIL PROTECTED]>
> > Cc: [email protected]
> > From: Clive Menzies <[EMAIL PROTECTED]>
> > Date: Tue, 4 Nov 2003 09:08:54 +0000
> > Subject: Re: OT - worm problem
> >
> > On (29/10/03 08:29), Joshua Narins wrote:
> > > > Not sure if you're using a POP 3 account but I've been using mailfilter
> > > > to delete these from the server prior to download with fetchmail and it
> > > > works pretty well. Let me know if you want the rc file off list. Even
> > > > if you aren't using POP3, you may be able to adapt it for filtering in
> > > > Exim.
> > >
> > > I'd be interested in the rc file myself.
> > Attached are two sample rc files:
> >
> > Clivemailfilterrc is the one I'm currently using
> > DCranercSample is what I've received from David Crane who's done quite a
> > lot on this
> >
> > HTH
> >
> > Clive
> >
> >
> > > Isn't there some smart debian person who could figure out where this is
> > > coming from? On the one hand, it might be an infected subscriber, on the
> > > other, it might be harassment from a cabal of anti-debian-on-powerpc
> > > saboteurs.
> >
> > --
> > http://www.clivemenzies.co.uk
> > strategies for business
>
> ----- End forwarded message -----
>
> --
> http://www.clivemenzies.co.uk
> strategies for business
----- End forwarded message -----
--
http://www.clivemenzies.co.uk
strategies for business
# -----------------------------------------------------------
# Clive's RC file from example rcfile in the INSTALL document
# -----------------------------------------------------------
# -----------------------------------------------------------
# Logile path (be sure you have write permission in this
# directory; you MUST specify a logfile)
LOGFILE=/home/yours/.mailfilter.log
# -----------------------------------------------------------
# Level of verbosity
VERBOSE=3
# -----------------------------------------------------------
# POP3 server list (do not change the order of the fields!)
# Note: Port 110 is usually the port POP3 servers use.
# Currently only POP3 is supported.
SERVER=mail.server.net
USER=username
PASS=xxxxxx
PROTOCOL=pop3
PORT=110
SERVER=other.server.net
USER=otherusername
PASS=xxxxxxx
PROTOCOL=pop3
PORT=110
# -----------------------------------------------------------
# Do you want case sensitive e-mail filters? { yes | no }
REG_CASE=no
# -----------------------------------------------------------
# Sets the type of Regular Expression used { extended | basic }
#
# (The default is 'basic', don't change unless you know what you
# are doing. Extended REs are more complex to set up.)
REG_TYPE=extended
# -----------------------------------------------------------
# Maximum e-mail size in bytes that should not be exceeded.
# MAXSIZE_DENY=1000000
# -----------------------------------------------------------
# Set maximum line length of any field in the message header
# (default is 998 characters per line; 0 to disable option)
# MAXLENGTH=998
# ----------------------------------------------------------
# Filter rules for detecting spam (each rule must be placed
# in a seperate line)
# These filters detect certain unpleasant e-mail subjects:
DENY=^(Subject|SUBJECT):.*(Latest|Last|Net|Network|New|Newest|Security)
(Critical|Pack|Patch|Security|Update|Upgrade)
DENY=^(Subject|SUBJECT):.*(Abort|Bug|Error) (Announcement|Letter|Report)
DENY=^(Subject|SUBJECT):.*Current (Internet|Microsoft|Pack|Security|Update)
DENY=^(Subject|SUBJECT):.*AntiVirus Alert
DENY=^(Subject|SUBJECT):.*New Pack
DENY=^(Subject|SUBJECT):.*viagra
DENY=^(Subject|SUBJECT):.*(penis|Dick)
DENY=^(Subject|SUBJECT):.*home loan
DENY=^(Subject|SUBJECT):.*(Phentermine|Valium|Vicodin|Xanax)
DENY=^(Subject|SUBJECT):.*Medications
DENY=^(Subject|SUBJECT):.*Online Pharmacy
DENY=^(Subject|SUBJECT):.*DISCREET OVERNIGHT PHARMACY
DENY=^(Subject|SUBJECT):.*Lowest Rates
DENY=^(Subject|SUBJECT):.*hey there\.\.\.
DENY=^(From|FROM):.*Microsoft
DENY=^(From|FROM):.*MS
(Client|Corporation|Customer|Internet|Mail|Message|Net|Network|Program|Security|Service|Support)
DENY=^(From|FROM):.*(Customer|Public) Bulletin
DENY=^(From|FROM):.*(Inet|Internet|Net|Network)
(Client|Customer|Delivery|Email|Mail|Message|Service|Security|Storage|Storage|Upgrade)
DENY=^(From|FROM):.*Delivery Service
DENY=^(From|FROM):.*Security (Assistance|Center|Department|Division|Section)
DENY=^(From|FROM):.*(Email|Mail|Message) (Delivery|Service)
DENY=^(From|FROM):.*Storage (Service|System)
DENY=^(From|FROM):.*Technical (Assistance|Services|Support)
DENY=^(From|FROM):.*microsoft (network|internet).* (service|system)
DENY=^(From|FROM):[EMAIL PROTECTED]
DENY=^(From|FROM):.*Public Services
DENY=^(From|FROM):.*CyberAtlas
DENY=^(From|FROM):.*youask4it
DENY=^To:.*(Commercial|Corporation|Email|Inet|Internet|Mail|Net|Network)
(Client|Consumer|Customer|Partner|Receiver|Recipient|User)
DENY=^To:.*Microsoft (Client|Customer|Consumer|User)
DENY=^To:.*(mail|net) (client|customer|consumer|receiver|recipient|user)
DENY=^To:.*Customer
DENY=^To:.*Client
# This one filters mail from everyone at a certain organisation:
# DENY=^(From|FROM):[EMAIL PROTECTED]
# We don't want any of those 'LEGAL' messages either
# while stuff with 'legal' in the subject still interests us:
DENY_CASE=^(Subject|SUBJECT):.*LEGAL
# -----------------------------------------------------------
# Normalises the subject strings before parsing, e.g.
# ',L.E-G,A.L; ,C.A-B`L`E, +.B-O`X` ;D`E`S,C;R,A.MB;L,E.R-]'
# becomes 'LEGAL CABLE BOX DESCRAMBLER' which can be filtered.
#
# If NORMAL is switched on, Mailfilter tries to apply filters
# to both the normalised and the original subject.
NORMAL=yes
# -----------------------------------------------------------
# The maximum e-mail size in bytes that messages from friends
# should not exceed. Set this to 0 if all your friends (ALLOW)
# can send messages as long as they want.
MAXSIZE_ALLOW=0
# ----------------------------------------------------------
# Set list of friends that always pass, if they do not
# exceed the message length of MAXSIZE_ALLOW
# This rule allows all mail from a friend who was unlucky enough
# to have signed up with a spam organisation. With DENY we
# block everyone else from that domain though! See above!
# ALLOW=^(From|FROM):[EMAIL PROTECTED]
# ALLOW=^(From|FROM):[EMAIL PROTECTED]
# Of course we allow e-mail from anyone who has something to say about
# mailfilter:
# ALLOW=^(Subject|SUBJECT):.*mailfilter
# We also let our girlfriend send any e-mail she wants:
# ALLOW=^(From|FROM):[EMAIL PROTECTED]
# SHOW_HEADERS =yes
# TEST =yes
# Do you want case sensitive e-mail filters? { yes | no }
REG_CASE=no
# Sets the type of Regular Expression used { extended | basic }
REG_TYPE=extended
# -----------------------------------------------------------
# About 85% of the FROM names end in various two-word combinations:
# 5% come directly from the Beast or its System.
DENY=^FROM:."?(Microsoft|MS)( System)?"? <
# 40% from various System or Service addresses.
DENY=^FROM:."?.*(Network|Internet|Inet|Delivery|Storage|Message|Email|Mail)
+(System|Service)"? <
# 20% from various Support, Assistance, Services or Bulletin addresses.
DENY=^FROM:."?.*(Security|Customer|Public|Technical)
+(Support|Assistance|Services|Bulletin)"? <
# 20% from various Center, Department, Section or Division addresses.
DENY=^FROM:."?.*(Security|Program) (Center|Department|Section|Division)"? <
# -----------------------------------------------------------
# About 90% of the TO addresses end in various two-word combinations.
# Be careful not to deny messages to variations of "Debian User".
# 45% to generic addresses an ISP might contact.
DENY=^TO: "?.*(E?mail|(I|Inter)?net|Network) (Client|Recipient|Receiver|User)"?
+<
# 45% to addresses implying a business relationship.
DENY=^TO: "?Commercial (Client|Consumer|Customer|Partner|User)"? <
DENY=^TO: "?(MS|Microsoft) (Corporation
+)?(Client|Consumer|Customer|Partner|User)"? <
DENY=^TO: "?(Client|Consumer|Customer|Partner|User)"? <
