1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
|
# junkfilter
# a junk email filter system for procmail
# Copyright 1997-2001 Gregory Sutter <gsutter@zer0.org>
#
# $Id: junkfilter.three,v 2.18 2001/05/28 20:10:50 gsutter Exp $
#
# Please read the file "README" and the page
# http://junkfilter.zer0.org/ before using junkfilter.
# Section Three, recipes that catch some legitimate mail.
JFSEC=3
# Phil Guenther's Message-Id: rule
# modified by allowing a trailing "." after the domain...
:0
* ^Message-Id:\/.*
* ! ^Message-Id:[ ]*<[ ]*("([^"\]|\\.)*"|[-!#-'*+/-9=?A-Z^-~]+)\
([ ]*\.[ ]*("([^"\]|\\.)*"|[-!#-'*+/-9=?A-Z^-~]+))*\
[ ]*@[ ]*\
(\[[ ]*([^][\]|\\.)*[ ]*\]|\
[-!#-'*+/-9=?A-Z^-~]+([ ]*\.[ ]*[-!#-'*+/-9=?A-Z^-~]+)*)\.?\
[ ]*>
{ JFMATCH="$JFSEC: Invalid Message-Id: $MATCH" INCLUDERC=$JFDIR/junkfilter.match }
# Message-ID added by an enroute or local mail machine
:0
* $ ^Message-Id:[ ]+<.*@([-_a-z0-9]+\.)*$JFMAILDOM>
* ^From:.*@
* $! ^From:.*@([-_a-z0-9]+\.)*$JFMAILDOM
* $ 1^1 ^Received:.*from
* $ -1^1 ^Received:.*from.*\(([-_a-z0-9]+\.)*$JFMAILDOM\>
{ JFMATCH="$JFSEC: Message-Id added after initial transmission" INCLUDERC=$JFDIR/junkfilter.match }
# AOL, Hotmail, Juno forged From: headers.
:0
* ^From:.*@\/(hotmail|juno|aol).com
* ! ^Received:.*(hotmail|juno|aol).com
* ! ^Return-Path:.*owner-
{ JFMATCH="$JFSEC: Forged From header from $MATCH" INCLUDERC=$JFDIR/junkfilter.match }
# All-capitalized headers are used only by spam programs.
# and HP OpenMail. Grrr....
:0D
* ! ^X-OpenMail
* ^(FROM|TO|DATE|SUBJECT)
{ JFMATCH="$JFSEC: Header in all caps" INCLUDERC=$JFDIR/junkfilter.match }
# Verify decent Date: line. RFC822 and Real World taken into account.
# the first condition is full of very noncompliant mailers.
:0
* ! ^X-Mailer:.*(Windows Eudora (Light|Pro) Version 3\.0\.[0-9] \(16\)|NetMailer v|PMMail 1\.[0-9]+ for OS/2)
* ! $ ^Date:$JFWS((Sun|Mon|Tue|Wed|Thu|Fri|Sat),$JFWS)?\
(0?[1-9]|[12][0-9]|3[01])$JFWS\
(Jan|Feb|Mar|Apr|May|Jun|Jul|Aug|Sep|Oct|Nov|Dec)$JFWS\
((19)?[789][0-9]|(20)?[01][0-9])$JFWS\
(0?[0-9]|1[0-9]|2[0-3]):(0?|[1-5])[0-9](:(0?|[1-5])[0-9])?$JFWS\
(([+-][0-1][0-4]([03]0|45))|("?\(?(UT|GMT|EST|EDT|CST|CDT|MST|MDT|PST|PDT|[A-I]|[K-Z])\)?"?))?
{ JFMATCH="$JFSEC: Bad Date line" INCLUDERC=$JFDIR/junkfilter.match }
# ([+-][0-1][0-4]([03]0|45)|"?\(?(UT|GMT|EST|EDT|CST|CDT|MST|MDT|PST|PDT|[A-I]|[K-Z])\)?"?)
# New New -0600 datestamp check
# Got to think of a better way to say "not MDT|CST", this one's a hack.
:0
* ^(Date|Received):.* \/-0600
* ! MATCH ?? ^[(-0600 \((MD|CS)T\))]
{ JFMATCH="$JFSEC: invalid datestamp: $MATCH" INCLUDERC=$JFDIR/junkfilter.match }
JFSEC
# EOF junkfilter.three
|
