View Single Post
Old 17 Oct 2005, 04:34 AM   #47
xii
Junior Member
 
Join Date: Oct 2005
Posts: 3
I have a procmail filter that -- amongst other things -- filters international character sets and brute force attempts to a 'grey' folder. Combined with spamassassin, it surely stops a lot of email that normally would have ended up in my mailbox. I haven't taken a good look at how it can be implemented with RB yet, as there's no support for rules with multiple conditions, but here are some character sets that could be filtered into a 'grey' folder (regexp):

Code:
^Content-Type:.*charset=\"(koi8-r|iso-2022-jp|windows-1251|big5)\"
^Subject:.*=\?(koi8-r|iso-2022-jp|windows-1251|big5)\?
... it works best if you combine it with a check for spamassassin scores that are high, but not high enough for the message to be marked as spam. You probably could make custom spamassassin rules for this, too.

If you get a lot of brute force spam, a rule like this can help you (regexp):

Code:
!^(From|Reply-To):.*(postmaster|yourname(+[a-zA-Z0-9]*)?)@[0-9a-zA-Z.]*.com
^(To|Cc):.*<?[a-zA-Z0-9.%+-]*@runbox.com>?,.*<?[a-zA-Z0-9.%+-]*@runbox.com>?,.*<?[a-zA-Z0-9.%+-]*@runbox.com>?
... the point being that any email received that was sent to at least 3 people at RB at the same time, is spam. That is assuming you don't know 3 other people at RB, ofcourse.

I just post it for what it is, it might help some to write a filter rule to stop these kinds of spam.


PS: Runbox does not support procmail (yet?), so don't go looking for it in the settings.
xii is offline   Reply With Quote