# ~jhs/.procmailrc.fonts included by ~jhs/.procmailrc. # This file deals with font spam & other generic spam, # but other files included from ~jhs/.procmailrc deal # with specific spam phrases & domains. # USA 1st Can Spam case in court Jan 2006, # law applies as of beginning of 2004: # Controlling the Assault of Non-Solicited Pornography and Marketing Act # http://www.spiegel.de/netzwelt/politik/0,1518,395648,00.html # ----------------------------------------------------------------------------- SPAM_NULL_FONT=$SPAM_NULL_NO_RCVSTORE # SPAM_NULL_FONT=spam/font/. SPAM_NULL_NUMERIC_IP=$SPAM_NULL_NO_RCVSTORE # SPAM_NULL_NUMERIC_IP=spam/numeric_ip/. SPAM_NULL_FORMAT=$SPAM_NULL_NO_RCVSTORE # SPAM_NULL_FORMAT=spam/audio/. :0 B # ------------------------------------------------------------------------ * charset="windows-1250" * ^Content-Type: text/plain # | $RCVSTORE +$SPAM_NULL_FONT # Note $RCVSTORE must have a directory, # not a file such as $SPAM_NULL_NO_RCVSTORE # so as I often define $SPAM_NULL_FONT to # $SPAM_NULL_NO_RCVSTORE, avoid rcvstore. $SPAM_NULL_FONT :0 B # ------------------------------------------------------------------------ # Thai * ^Content-type:.text/html; charset=windows-874 # Message-Id: # | $RCVSTORE +$SPAM_NULL_FONT # Note $RCVSTORE must have a directory, # not a file such as $SPAM_NULL_NO_RCVSTORE # so as I often define $SPAM_NULL_FONT to # $SPAM_NULL_NO_RCVSTORE, avoid rcvstore. $SPAM_NULL_FONT # ----------------------------------------------------------------------------- # Jewish/ Israel .il :0 H # - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - * ^MIME-Version: 1.0 * ^Content-Type: text/plain; * charset="windows-1255" * ^Content-Transfer-Encoding: 8bit * ^X-MIME-Autoconverted: from quoted-printable to 8bit by # by flat.berklix.org { :0 H # - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - * ^From: "=\?windows-1255\?Q\?=*".*\<.*@[a-z0-9\.\-]+\.il\> # From: "=?windows-1255?Q?=F4=E9=F7=F1?=" # $SPAM_NULL_FONT spam/font/. :0 H # - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - * ^Subject: =\?windows-1255\?Q\?= # $SPAM_NULL_FONT spam/font/. } # JJLATER New rule 2007.11.23 , I want to keep an eye on it. # ie Might it also catch genuine replies from abuse@ postmasters, # who I mailed as abuse@ # ----------------------------------------------------------------------------- # Turkish .tr # Content-Type: text/plain; charset="windows-1254" # Content-Transfer-Encoding: 8bit # X-MIME-Autoconverted: from quoted-printable to 8bit by flat.berklix.org :0 H # - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - * ^Content-Type: text/plain; charset="windows-1254" * ^Content-Transfer-Encoding: 8bit * ^X-MIME-Autoconverted: from quoted-printable to 8bit by spam/font/. # ----------------------------------------------------------------------------- # Korean spam body :0 HB # ----------------------------------------------------------------------- * charset= "ks_c_5601-1987" $SPAM_NULL_FONT :0 HB # ----------------------------------------------------------------------- * content="text/html; charset=euc-kr" $SPAM_NULL_FONT :0 HB # ----------------------------------------------------------------------- * charset="euc-kr" $SPAM_NULL_FONT :0 HB # ----------------------------------------------------------------------- * charset=euc-kr $SPAM_NULL_FONT :0 HB # ----------------------------------------------------------------------- * charset=3Deuc-kr $SPAM_NULL_FONT :0 HB # ----------------------------------------------------------------------- * charset="ks_c_5601-1987" $SPAM_NULL_FONT :0 HB # ----------------------------------------------------------------------- * charset=ks_c_5601-1987 $SPAM_NULL_FONT :0 HB # ----------------------------------------------------------------------- * charset="ISO-2022-KR" $SPAM_NULL_FONT # ----------------------------------------------------------------------------- # Illegible Font # :0 H # * ^Subject:.*\>\>_\Ç\ö- # Subject:.*\>\>_Çö-±Ý ´ë¹Ú »çÀÌÆ® °¡ÀÔ3õ¿øÁö±Þ vnuejvwus mebb cppe # $SPAM_NULL_FONT # ----------------------------------------------------------------------------- # Subject:.*¿Â¶óÀÎ ´ë¹Ú Ä«Áö³ë ¹«·á°¡ÀÔ3õ¿ø Çö±ÝÃæÀü! 0w tdpi # 0: H # * ^Subject:.*\¿\ # $SPAM_NULL_FONT :0 H # ------------------------------------------------------------------------ * ^Subject:.*=\?iso-8859-9\? # Subject:.*=?iso-8859-9?B?S0FMRElSSU1BLCBMT0dPTlVaVSwgTUFSS0FOSVpJIFlBTlNJVElOISBLQU1QQU5ZQUxJIEbdWUFU ISE=?= # Subject: =?iso-8859-9?B?TmFrbGl5YXTn/Wxhci5jb20=?= { :0 B # ---------------------------------------------------------------- * \ * \ * \ $SPAM_NULL_FONT :0 spam/font/. } :0 H # ------------------------------------------------------------------------ * ^Subject: =\?x-mac-thai\?B $SPAM_NULL_FONT :0 H # ------------------------------------------------------------------------ * ^Content-type: text/plain; charset="x-mac-thai" $SPAM_NULL_FONT # ----------------------------------------------------------------------------- # Chinese spam header :0 H # ------------------------------------------------------------------------ # Subject:.*²³¹¿µÄ¨èÜ· * ^Subject:.*²³¹ $SPAM_NULL_FONT :0 H # ------------------------------------------------------------------------ * ^Subject:.*=\?Big5 $SPAM_NULL_FONT :0 H # ------------------------------------------------------------------------ * ^Subject:.*=\?Big5 $SPAM_NULL_FONT :0 H # ------------------------------------------------------------------------ * ^Subject:=\?big5\? $SPAM_NULL_FONT :0 H # ------------------------------------------------------------------------ * ^From:.*=\?Big5\? $SPAM_NULL_FONT :0 H # ------------------------------------------------------------------------ * =\?big5\? $SPAM_NULL_FONT # ----------------------------------------------------------------------------- # No idea what language this 1252 spam is. Maybe Korean ? :0 HB # ----------------------------------------------------------------------- * ^Subject:.*=\\?Windows-1252\\?B\\? $SPAM_NULL_FONT :0 HB # ----------------------------------------------------------------------- * ^From:.*=\\?Windows-1252\\?B\\? $SPAM_NULL_FONT # ----------------------------------------------------------------------------- # Chinese spam body :0 HB # ----------------------------------------------------------------------- * charset=big5 $SPAM_NULL_FONT :0 HB # ----------------------------------------------------------------------- * charset="BIG-5" $SPAM_NULL_FONT :0 HB # ----------------------------------------------------------------------- * charset="big5" $SPAM_NULL_FONT :0 HB # ----------------------------------------------------------------------- * charset= "big5" $SPAM_NULL_FONT :0 HB # ----------------------------------------------------------------------- * charset=3Dbig5 $SPAM_NULL_FONT :0 HB # ----------------------------------------------------------------------- * charset=gb2312 $SPAM_NULL_FONT :0 H # ------------------------------------------------------------------------ * ^Subject:.*=\?GB2312\?B\? $SPAM_NULL_FONT :0 HB # ----------------------------------------------------------------------- * charset="GB2312" $SPAM_NULL_FONT :0 B # ------------------------------------------------------------------------ * charset="CHINESEBIG5" $SPAM_NULL_FONT :0 HB # ----------------------------------------------------------------------- # Russian spam Cyrillic * charset=koi8-r $SPAM_NULL_FONT :0 HB # ----------------------------------------------------------------------- * charset="koi8-r" $SPAM_NULL_FONT :0 HB # ----------------------------------------------------------------------- # Japanese spam * charset="Shift_JIS" $SPAM_NULL_FONT :0 HB # ----------------------------------------------------------------------- * charset=ISO-2022-JP $SPAM_NULL_FONT :0 H # ------------------------------------------------------------------------ * ^Subject:.*=\?ISO-2022-JP\? $SPAM_NULL_FONT :0 H # ------------------------------------------------------------------------ * ^Subject:.*=\?ISO-2022-JP\? $SPAM_NULL_FONT :0 H # ------------------------------------------------------------------------ * ^Subject:.*=\?shift-jis\? $SPAM_NULL_FONT :0 HB # ----------------------------------------------------------------------- * charset="iso-2022-jp" $SPAM_NULL_FONT :0 B # ------------------------------------------------------------------------ # Content-Type: text/plain * charset="shift-jis" $SPAM_NULL_FONT :0 HB # ----------------------------------------------------------------------- * ^Content-Type: text/plain; charset=koi8-r $SPAM_NULL_FONT :0 H # ------------------------------------------------------------------------ * ^Subject:.*=\?koi8-r\? $SPAM_NULL_FONT :0 HB # ----------------------------------------------------------------------- * charset=Windows-1251 $SPAM_NULL_FONT :0 HB # ----------------------------------------------------------------------- * charset=3DWindows-1251 $SPAM_NULL_FONT :0 B # ------------------------------------------------------------------------ * charset="iso-2838-4" | $RCVSTORE +spam/charset # ----------------------------------------------------------------------------- # Anyone quoting a numeric is suspicious, maybe a spammer, # or someone on dynamic DNS who doesnt want to be traced back. :0 B # ------------------------------------------------------------------------ # JJLATER might FAIL: * http://[[:digit:]]+\.[[:digit:]]+\.[[:digit:]]+\.[[:digit:]]+ * http://[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+ $SPAM_NULL_NUMERIC_IP :0 B # ------------------------------------------------------------------------ * http://% $SPAM_NULL_NUMERIC_IP :0 B # ------------------------------------------------------------------------ * http://www\.% $SPAM_NULL_NUMERIC_IP # ----------------------------------------------------------------------------- # EG: http://%11%11.%11%11%11.%11%11%11%1e%11%11/%11%11%1a%1f%11%11%11%11%11 # ----------------------------------------------------------------------------- # All 1-9 converted to 1 so the spammers dont benefit # http://o%11%1Eo%11o%11s @oow %1Coosao%11ed bo%1A/ooo %11 /?fo %11oo :0 B # ------------------------------------------------------------------------ * http://\&# # The # in the line above does not need to be delimited. $SPAM_NULL_NUMERIC_IP # ----------------------------------------------------------------------------- # http://sdisrupt.net@www.teopo.biz # :0 B # ------------------------------------------------------------------------ # * \&#[0-2][0-9][0-9]; # $SPAM_NULL_NUMERIC_IP # ----------------------------------------------------------------------------- # The problem # http://gloriana@11.111.111.111/cgi-bin/unsubscribe.cgi # solution needed # ----------------------------------------------------------------------------- # Problem yet to solve # http://acl ro @wwo.oogoooono io/ooo /?o oteo # http://joocaooa1 @oow.hugoooooo boo/unoobocoibo.ooo?oiveoy # ----------------------------------------------------------------------------- # Intercept: http://11.111.111.11/ads/precision/debtspecialist # But not intercept EG 01051.com which is a non spamming # (as far as I know) cheap phone caller. # I have tested next line, it works. # ----------------------------------------------------------------------------- # As spammers send spam masquerading as me, lots of sites reject back to me # spam that I never sent. # I used to have these reject messages in my spam phrases list, # but to allow for times (such as during a reconfig) when I suspect I really # may have had a genuine bounce, it is better to seperate them here. # \<\<\< 550 Email rejected by sandiego.com spam blocker :0 B # ------------------------------------------------------------------------ * ^banned filename in an email to you from: | $RCVSTORE +spam/filename :0 B # ------------------------------------------------------------------------ * ^\<\<\< 550 Email rejected by * spam blocker | $RCVSTORE +spam/blocker :0 B # ------------------------------------------------------------------------ * Action: failed * Relaying denied\. Proper authentication required\. | $RCVSTORE +error/auth-sasl :0 H # ------------------------------------------------------------------------ * ^Received: by mail\.brierdr\.com # brierdr runs amavisd detector, forwards to me # Subject:.*\*\*\* JUNK MAIL \*\*\*Original_spam_subject # Mime-Version: 1.0 # X-Spam-Status: Yes, hits=3.187 tagged_above=-999 required=1 tests=BAYES_00, # HELO_DYNAMIC_DHCP, HTML_10_20, HTML_IMAGE_ONLY_24, HTML_MESSAGE, # MSGID_FROM_MTA_ID # X-Spam-Level: \*\*\* # X-Spam-Flag: YES * ^Subject:.*\*\*\* JUNK MAIL \*\*\* * ^X-Spam-Flag: YES | $RCVSTORE +spam/amavisd # ----------------------------------------------------------------------------- # Hashed out, as it caught mail from mjm@codito._ERASE_.de & one other person. # :0 # * ^Received: from unknown # | $RCVSTORE +spam/unknown # ----------------------------------------------------------------------------- # JJLATER Block commented out till I add something, eg a "to:" clause # someone who genuinely mailed me as they were webmaster@www.somewhere # get caught by this # :0 B # * .[a-z][a-z][a-z]@www # JJLATER # | $RCVSTORE +spam/redirect # ----------------------------------------------------------------------------- # 2 letter country codes EG uk fm tv us it de # :0 B # * .[a-z][a-z]@www # | $RCVSTORE +spam/redirect # ----------------------------------------------------------------------------- # Other odd top level domain names: # :0 B # * .family@www # | $RCVSTORE +spam/redirect # :0 B # * .info@www # | $RCVSTORE +spam/redirect # :0 B # * .name@www # | $RCVSTORE +spam/redirect :0 B # MIME Enclosures: Much is just HTML spam, but not all. # ---------------- * ^Content-type: audio $SPAM_NULL_FORMAT :0 B # ------------------------------------------------------------------------ * ^Content-Type: application/x-shockwave-flash $SPAM_NULL_FORMAT :0 B # ------------------------------------------------------------------------ * ^Content-Type: application/x-msdownload $SPAM_NULL_FORMAT :0 B # ------------------------------------------------------------------------ * ^Content-Type: audio/x-midi $SPAM_NULL_FORMAT # Cant use # * ^MIME-Version: # as EG Gary & Ernst send: # Mime-version: 1.0 # Content-type: text/plain; charset=us-ascii :0 H # ------------------------------------------------------------------------ # Incompetent spammers run spam software unloaded # with addresses & subject, sending generic macro spam. * !^Subject: { :0 B * ^Content-Type: text/html * ^Date: \%CURRENT_DATE_TIME * ^\%MESSAGE_BODY $SPAM_NULL_FORMAT }