File: junkfilter.one

package info (click to toggle)
junkfilter 20030115-2
  • links: PTS
  • area: main
  • in suites: etch, etch-m68k, lenny
  • size: 284 kB
  • ctags: 16
  • sloc: makefile: 149; sh: 115
file content (93 lines) | stat: -rw-r--r-- 4,231 bytes parent folder | download | duplicates (3) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
 
# junkfilter
# a junk email filter system for procmail 
# Copyright 1997-2002 Gregory Sutter <gsutter@zer0.org>
#
# $Id: junkfilter.one,v 2.30 2002/06/23 03:16:37 gsutter Exp $
#
# Please read the file "README" and the page
# http://junkfilter.zer0.org/ before using junkfilter.

# This is junkfilter.one, 100% certainty spam catchers.

JFSEC=1

# Kills anything from an impossible IP address, but not IPv6 addresses.
:0
* ^Received:.*\[\/[0-9\.]*([03-9][0-9][0-9]|2[6-9][0-9]|25[6-9])
* ! ^Received:.*\[[0-9A-Fa-f:]*\]
{ JFMATCH="$JFSEC: Forged IP address: $MATCH" INCLUDERC=$JFDIR/junkfilter.match }

# Mail needs to have certain headers.
:0
* ! ()\/^(From|Date):[ 	]*.*
{ JFMATCH="$JFSEC: Missing necessary header: $MATCH" INCLUDERC=$JFDIR/junkfilter.match }

# junk mail / mail bomb software
JFBADMAILER="(Achi-Kochi|Aristotle|Avalanche|Blaster|Bomber|Bulk ?Mailer|DejaVu|[Dd]iffondi|Direct Email|Dynamic Opt-In Emailer|eMerge|Extractor|E-Mail Magnet|Floodgate|friendlymail|fusion|GeoList|Group|Mach10|MegaPro|MilMailer|My e-Mailer v|QuickSender|RAF|Red Spider|RamoMail|RIME|TURBO)"

:0D
* $ ^X-(Mailer|Sender):.*\/${JFBADMAILER}\>
* ! $ ^X-(Mailer|Sender):.*\/${JFBADMAILER}\.([-a-z0-9_]+\.)*$JFTLD
{ JFMATCH="$JFSEC: Junkmail software: $MATCH" INCLUDERC=$JFDIR/junkfilter.match }

:0D
* ^(Received|Message-Id|X-(Mail(er|-Agent)|Sender|Server)):.*\/(Advanced Direct Remailer|AutoMail|BSMTP DLL|E-Broadcaster|Emailer Platinum|eMarksman|Extractor|e-Merge|Global Messenger|GroupMaster|List-X|Mailcast|MAILGOD|MailKing|Match10|MassE-Mail|massmail\.pl|NetContact|NetMailer|News Breaker|Powermailer|Quick Shot|Ready Aim Fire|'WE' Group Spamm?er|WindoZ|WinNT\'s Blat|WorldMerge|Yourdora)\>
{ JFMATCH="$JFSEC: Junkmail Software: $MATCH" INCLUDERC=$JFDIR/junkfilter.match }

# Pegasus mailer is the only mailer which legitimately generates 
# "Comments: Authenticated sender is ..." so kill anything else.
# This works for versions 2.54 and below only.
:0
* ^Comments:.*Authenticated sender
* !^X-Mailer:.*Pegasus Mail
* !^Resent-To:
* !^Return-Path:.*owner-
{ JFMATCH="$JFSEC: Forged Pegasus Mail authentication" INCLUDERC=$JFDIR/junkfilter.match }

# "unknown host" is not a valid Received: header
:0
* ()\/^Received:.*unknown host
{ JFMATCH="$JFSEC: Forged Received header: $MATCH" INCLUDERC=$JFDIR/junkfilter.match }

# Check to see if they're trying to exploit a security fault in
# Sendmail 8.8, like MailGod does.
:0
* ^Received:.....................................................\
..........................................................................\
..........................................................................\
..........................................................................\
..........................................................................\
..........................................................................\
..........................................................................\
..........................................................................\
..........................................................................\
..........................................................................\
..........................................................................\
..........................................................................\
..........................................................................\
..........................................................................
{ JFMATCH="$JFSEC: Received line longer than 1023 characters" INCLUDERC=$JFDIR/junkfilter.match }

# Stop the happy.exe / Spanska email worm
:0
* ^X-Span(ks|sk)a:
{ JFMATCH="$JFSEC: Happy.exe email worm present" INCLUDERC=$JFDIR/junkfilter.match }

# Stop the Melissa virus.  Damn these things!  
:0
* ^Subject:[ 	]*important message from
{
	:0 B
	* Here is that document you asked for
	* ^Content-[a-z]+:.*\.do[ct]
	{ JFMATCH="$JFSEC: email virus: Melissa" INCLUDERC=$JFDIR/junkfilter.match }
}

# Flag messages with unsafe email attachments
:0 B
* $ ^Content-(Type|Disposition):.*;($)?[ 	]*name *= *\"?\/.+\.${JFBADATT}([^-_.,+a-z0-9]|$)
{ JFMATCH="$JFSEC: unsafe email attachment: $MATCH" INCLUDERC=$JFDIR/junkfilter.match }

JFSEC

# EOF junkfilter.one