############################################################# # .procmailrc # Ronny Haryanto ############################################################# # Die spammers, DIE!!!! ############################################################# # Vars ############################################################# SHELL=/bin/bash VERBOSE=no #LOGABSTRACT=all #LOGFILE=$HOME/.log-procmail MAILDIR=$HOME/Mail #SENDMAIL=/usr/lib/sendmail ENVELOPE=`formail -x "From "` FROMHV=`formail -zx "From: "` TOHV=`formail -zx "To: "` # maximum message size (including headers, i think) in bytes MAX_SIZE=350000 OVERSIZEMSG=$HOME/.msgs/size MY_ADDR="me@mydomain.com" ############################################################# # security ############################################################# # WARNING: this is not too safe, check procmailex(5) # kill messages with the same msgid in cache #:0 Wh: msgid.lock #| formail -D 8192 msgid.cache # backup everything #:0 c #backup # #:0 ic #| cd backup && rm -f dummy `ls -t msg.* | sed -e 1,32d` ############################################################# # absolutely positively to /dev/null ############################################################# :0 * ^TO_members@gmx\.net { # "safer" LOGFILE=$HOME/.log-procmail DATE=`date` LOG="$DATE Rejected To: [$TOHV] " :0 /dev/null } :0 * ^From: [^,]*gmxred@gmx\.net$ * ^TO_members@gmx\.net { # "safer" LOGFILE=$HOME/.log-procmail DATE=`date` LOG="$DATE Rejected From: [$FROMHV], To: [$TOHV] " :0 /dev/null } ############################################################# # fix stuff ############################################################# # so that we can still see envelope :0fhw | formail -i "X-Envelope: $ENVELOPE" ############################################################# # tagging ############################################################# :0fhw * ^X-spanska: | formail -A "X-Reject: Possible Ska Virus" :0fhw: * !^To: * !^Cc: * !^Newsfetch: | formail -A "X-Reject: [UCE] Empty/No To:/Cc: header" :0fhw * $ FROMHV ?? $TOHV * !^(To|cc):.*id@li\.org * !^(To|cc):.*postfix | formail -A "X-Reject: [UCE] From = To" :0fhw * ^TO_.*@.*,.*@.*,.*@.*,.*@.*,.*@.*,.*@.*,.*@.*,.*@.*,.*@.*,.*@ | formail -A "X-Reject: excessive multiple recipients" :0fhw * > $MAX_SIZE | formail -A "X-Reject: Message size is over limit" :0B f * targetshop\.com | formail -A "X-Reject: [UCE] Body contains targetshop.com" :0B f * AKSARA | formail -A "X-Reject: [UCE] Body contains aksara" :0B f * \$\$\$ | formail -A "X-Reject: [UCE] body contains \$\$\$" :0fhw * ^Subject:.*\([0-9][0-9]+\) *$ | formail -A "X-Reject: [UCE] subject contains (xx+) at the end" :0fhw * ^Subject:.*dollar.*gratis | formail -A "X-Reject: [UCE] subject contains dollar gratis" :0fhw * ^Subject:.*peluang.*bisnis | formail -A "X-Reject: [UCE] subject contains peluang bisnis" :0fhw * ^Subject:.* MLM | formail -A "X-Reject: [UCE] subject contains MLM" :0fhw * ^Subject:.*increase.*sales | formail -A "X-Reject: [UCE] subject contains increase sales" :0fhw * ^Subject:.*you.*request | formail -A "X-Reject: [UCE] subject contains you request" :0fhw * ^Subject:.*\$\$\$ | formail -A "X-Reject: [UCE] Subject contains \$\$\$" :0fhw * ^Subject:.*boost your sex appeal | formail -A "X-Reject: [UCE] shitty subject" :0fhw * ^subject:.*adult site | formail -A "X-Reject: [UCE] shitty subject" :0fhw * ^subject:.*find your long lost friend | formail -A "X-Reject: [UCE] shitty subject" :0fhw * ^subject:.*viagra.*money back | formail -A "X-Reject: [UCE] shitty subject" :0fhw * ^Subject: (AD|ADV): | formail -A "X-Reject: [UCE] shitty subject" # this is because my forwarder is hosted at globecomm.net # so if a spammer who's lazy to put domain in rcpt to and mail from # the mailserver will use its default domain which is globecomm.net :0fhw * ^From:.*@globecomm.net * ^To:.*@globecomm.net | formail -A "X-Reject: [UCE] From and To contains @globecomm.net" # I don't have accounts on these domains # or at least it's not delivered here :0fhw * ^To: [^,]*@((usa\.net)|((aol|excite|yahoo|hotmail|iname|internet)\.com))$ * !^Cc: | formail -A "X-Reject: [UCE] don't have email on domain in To" # I don't think anybody want to have lusernames like these.. :0fhw * ^To: friend@.*[^,]*$ * !^Cc: | formail -A "X-Reject: [UCE] shitty To" :0fhw * ^To: user@[^,]*$ * !^Cc: | formail -A "X-Reject: [UCE] shitty To" :0fhw * ^To: .*stock.*invest.*@.*[^,]*$ * !^Cc: | formail -A "X-Reject: [UCE] shitty To" ########################################################################### # tag depends on previous tags ########################################################################### # these domains are full with spammers, from my experience.. # but can't be sure unless we see other indication(s), ie. previous # UCE tag :0fhw * ^From:.*smartfrog\.com * ^X-Reject: \[UCE\] | formail -A "X-Reject: [UCE] From: contains smartfrog.com" :0fhw * ^Received:.*smartfrog\.com * ^X-Reject: \[UCE\] | formail -A "X-Reject: [UCE] Received: contains smartfrog.com" :0fhw * ^Received:.*popsite\.net * ^X-Reject: \[UCE\] | formail -A "X-Reject: [UCE] Received: contains popsite.net" :0fhw * ^Received:.*da\.uu\.net * ^X-Reject: \[UCE\] | formail -A "X-Reject: [UCE] Received: contains da.uu.net" :0fhw * ^Received:.*203\.93\.48\.[0-9]* * ^X-Reject: \[UCE\] | formail -A "X-Reject: [UCE] Received: contains 203.93.48.*" :0fhw * ^Received:.*208\.25[012345]\.[0-9]* * ^X-Reject: \[UCE\] | formail -A "X-Reject: [UCE] Received: contains 208.25x" :0fhw * ^Received:.*205\.181\.166\.[0-9]* * ^X-Reject: \[UCE\] | formail -A "X-Reject: [UCE] Received: contains 208.181.166" :0fhw * ^Received:.*153.3[4567]\..* * ^X-Reject: \[UCE\] | formail -A "X-Reject: [UCE] Received: contains 153.3xx" :0fhw * ^received:.*efortress\.com * ^X-Reject: \[UCE\] | formail -A "X-Reject: [UCE] received contains efortress.com" ########################################################################### # actions ########################################################################### # autoresponder for oversized messages # comment out the whole thing if you don't want it LIST_MAILERS='((Mail(er)?-?)?daemon|root|LISTSERV|ListProc|\ [a-zA-Z0-9-]+-(list|request|owner)|(owner-)?list-[a-zA-Z0-9-]+|\ Majordomo|Mailagent|Postmaster|mmdf|news|n?uucp)|efax|egroups\.com' SENDER=`formail -rtzx To:` PRE_ADDR_SPAN='(.*[^-(.%@a-zA-Z0-9])?' POST_ADDR_SPAN='(([^),.!:a-zA-Z0-9].*)?(,|$[^>]))' FROMHDR="(^(((Resent-)?(From|Sender)|X-Envelope-From):|>?From )$PRE_ADDR_SPAN)" # don't respond to UCE tagged messages, or ones sent by known # listmailers, including efax :0h * > $MAX_SIZE * !^FROM_DAEMON * $! SENDER ?? $LIST_MAILERS * $!^X-Loop: *$MY_ADDR * $!^X-Reject: \[UCE\] * $!^Delivered-To: mailing list * $!^X-Mailing-List: { DELIVERED=yes COMSAT=off LOGFILE=$HOME/.log-procmail HDR=`formail -r -I"Subject:" -I"References" -I"In-Reply-To"` DATE=`date` LOG="$DATE sent autoreply (re: size) $HDR " LOGFILE :0fw | ( formail -rI"From: Ronny Haryanto <$MY_ADDR>" \ -I"Precedence: junk" \ -I"X-Loop: $MY_ADDR" \ -I"X-Mailer: Home-made procmailrc recipe" \ -I"References:" ; \ cat $OVERSIZEMSG ; echo $MAX_SIZE ) | $SENDMAIL -t } # delete luser junks.. :0 B fw * ^begin [0-9]* winmail\.dat$ | sed -e '/^begin [0-9][0-9][0-9] winmail\.dat$/,/^end$/d' :0 B fw * ^Content-Type: application/ms-tnef$ | sed -e '/^Content-Type: application.[Mm][Ss]-[Tt][Nn][Ee][Ff]$/,/^----/d' ########################################################################### # extreme recipes that depends on tags ########################################################################### # three UCE's in a row.. bah.. definitely a stupid spammer # put in mailbox spam :0: * ^X-Reject: \[UCE\](.+$)+X-Reject: \[UCE\](.+$)+X-Reject: \[UCE\] * !^Delivered-To: mailing list * !^X-Mailing-List: spam # check if body contain "remove" :0 * ^X-Reject: \[UCE\] { :0B * ((to be)|(if you want)|(subject)).*remove { :0fw | formail -A "X-Reject: [UCE] 'remove' in body" :0: spam } } # two rejects? go to spam folder... :0: * ^X-Reject:(.+$)+X-Reject: spam # one reject, might be legit.. :0: * ^X-Reject: quarantine