File: junkfilter.one

package info (click to toggle)
junkfilter 20010529-1
  • links: PTS
  • area: main
  • in suites: woody
  • size: 304 kB
  • ctags: 1
  • sloc: sh: 109; makefile: 34
file content (86 lines) | stat: -rw-r--r-- 4,025 bytes parent folder | download 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
 
# junkfilter
# a junk email filter system for procmail 
# Copyright 1997-2001 Gregory Sutter <gsutter@zer0.org>
#
# $Id: junkfilter.one,v 2.20 2001/05/28 10:45:14 gsutter Exp $
#
# Please read the file "README" and the page
# http://junkfilter.zer0.org/ before using junkfilter.

# This is junkfilter.one, 100% certainty spam catchers.

JFSEC=1

# Kills anything from an impossible IP address, but not IPv6 addresses.
:0
* ()\/^Received.*\[[0-9\.]*([03-9][0-9][0-9]|2[6-9][0-9]|25[6-9])
* ! ^Received:.*\[[0-9A-Fa-f:]*\]
{ JFMATCH="$JFSEC: Forged Received header: $MATCH" INCLUDERC=$JFDIR/junkfilter.match }

# Mail needs to have certain headers.
:0
* ! ()\/^(From|Date):[ 	]*.*
{ JFMATCH="$JFSEC: Missing necessary header: $MATCH" INCLUDERC=$JFDIR/junkfilter.match }

# junk mail / mail bomb software
:0D
* ^X-(Mailer|Sender):.*\/(Aristotle|Avalanche|Blaster|Bomber|DejaVu|[Dd]iffondi|eMerge|Extractor|E-Mail Magnet|Floodgate|friendlymail|fusion|GeoList|Group|Mach10|MegaPro|RAF|Red Spider|RamoMail|RIME|TURBO)\>
* ! $ ^X-(Mailer|Sender):.*\/(Aristotle|Avalanche|Blaster|Bomber|DejaVu|[Dd]iffondi|eMerge|Extractor|E-Mail Magnet|Floodgate|friendlymail|fusion|GeoList|Group|Mach10|MegaPro|RAF|Red Spider|RamoMail|RIME|TURBO)\.([-a-z0-9_]+\.)*$JFTLD
{ JFMATCH="$JFSEC: Junkmail software: $MATCH" INCLUDERC=$JFDIR/junkfilter.match }

:0D
* ()\/^(Received|Message-Id|X-(Mailer|Sender|Server)):.*(Advanced Direct Remailer|AutoMail|E-Broadcaster|Emailer Platinum|eMarksman|Extractor|e-Merge|Global Messenger|GroupMaster|List-X|Mailcast|MAILGOD|MailKing|Match10|MassE-Mail|massmail\.pl|NetContact|NetMailer|News Breaker|Powermailer|Quick Shot|Ready Aim Fire|'WE' Group Spamm?er|WindoZ|WinNT\'s Blat|WorldMerge|Yourdora)\>
{ JFMATCH="$JFSEC: Junkmail Software: $MATCH" INCLUDERC=$JFDIR/junkfilter.match }

# Pegasus mailer is the only mailer which legitimately generates 
# "Comments: Authenticated sender is ..." so kill anything else.
# This works for versions 2.54 and below only.
:0
* ^Comments:.*Authenticated sender
* !^X-Mailer:.*Pegasus Mail
* !^Resent-To:
* !^Return-Path:.*owner-
{ JFMATCH="$JFSEC: Forged Pegasus Mail authentication" INCLUDERC=$JFDIR/junkfilter.match }

# "unknown host" is not a valid Received: header
:0
* ()\/^Received:.*unknown host
{ JFMATCH="$JFSEC: Forged Received header: $MATCH" INCLUDERC=$JFDIR/junkfilter.match }

# Check to see if they're trying to exploit a security fault in
# Sendmail 8.8, like MailGod does.
:0
* ^Received:.....................................................\
..........................................................................\
..........................................................................\
..........................................................................\
..........................................................................\
..........................................................................\
..........................................................................\
..........................................................................\
..........................................................................\
..........................................................................\
..........................................................................\
..........................................................................\
..........................................................................\
..........................................................................
{ JFMATCH="$JFSEC: Received line longer than 1023 characters" INCLUDERC=$JFDIR/junkfilter.match }

# Stop the happy.exe / Spanska email worm
:0
* ^X-Span(ks|sk)a:
{ JFMATCH="$JFSEC: Happy.exe email worm present" INCLUDERC=$JFDIR/junkfilter.match }

# Stop the Melissa virus.  Damn these things!  
:0
* ^Subject:[ 	]*important message from
{
	:0 B
	* Here is that document you asked for
	* ^Content-[a-z]+:.*\.do[ct]
	{ JFMATCH="$JFSEC: Melissa email virus" INCLUDERC=$JFDIR/junkfilter.match }
}

JFSEC

# EOF junkfilter.one