# ~jhs/.procmailrc.owner.dump included by ~jhs/.procmailrc. # This file holds stuff for lists owner & # majordomo owner & postmaster # It does Not deal with normal end user type list subscriptions, # For that see ~/.procmailrc.lists # ----------------------------------------------------------------------------- # Clueless gea@ & other subscribers running Micro$oft get their # machines raped by viruses, which harvest address inc @berklix list, # these get sent back to spam list vendors, that sell to spammers, # ----------------------------------------------------------------------------- # Spammers lie & masquerade as my domain excretia arrives # at innocent list owners. # ----------------------------------------------------------------------------- # Grey List Messages: # 451 4.7.1 Greylisting in action, please come back in # Deferred: 450 4.7.1 \<*@*\>: Recipient address rejected: # Greylisted for # Deferred: 451 4.7.1 Greylisting in action, please come back in # Deferred: 451 4.7.1 Greylisting in action, please come back later # Deferred: 451 GL - temporary problem. Please try again later. # Deferred: 451 Please try again later. # Deferred: 451 mail server temporarily rejected message (#4.3.0) # Deferred: 454 4.7.1 \<*@*\>: Recipient address rejected: # Greylisting active, try again in # Recipient address rejected: Greylisted for # Recipient address rejected: Greylisting active, try again in :0 WH # ----------------------------------------------------------------------- # Discard reports to postmaster@*.berklix of failure to reply to an # address masqueraded by a spammer, when that spammer was sending # to an invalid guessed address@berklix # However do Not discard all to/ from re @berklix as occasional genuine. * ^From: Mail Delivery Subsystem \ * ^To:.*(postmaster|mailer-daemon)@((flat|tower|slim|js)\.|)(berklix|bsdpie|surfacevision|monometro)\.(org|com|net|eu|co\.uk) * ^MIME-Version: 1\.0 * ^Content-Type: multipart/report; report-type=delivery-status * ^Subject:.*Postmaster notify: see transcript for details * ^Auto-Submitted: auto-generated \(postmaster-notification\) { :0 WB # --------------------------------------------------------------- # Dump spammers (& normal people) addresing eg realuser@tower. # @user\.berklix has moved from @tower to @flat, * ^\ \ \ \ \(reason: 550 5\.1\.1 \<[a-z0-9\.\-]+@(tower|slim)\.(berklix|bsdpie|surfacevision|monometro)\.(org|com|net|eu|co\.uk)\>\.\.\. User unknown\) $SPAM_NULL_NO_RCVSTORE :0 WB # Someone spamming Graham --------------------------------------- # Next line comes from a spammer (or inncocent # masqueraded by a spammer), which refuses to accept # the reject reply from yahoo, after someone spams # info@surfacevision\.com # * Mailbox disabled for this recipient # However I then saw another reject from yahoo, without that # line above which is now disabled. * The following addresses had permanent fatal errors * ^grahamcripps42@yahoo\.co\.uk * Please visit http://help\.yahoo\.com # Above comes when someone spams Graham $SPAM_NULL_NO_RCVSTORE :0 WB # --------------------------------------------------------------- * ^\ \ \ ----- The following addresses had permanent fatal errors ----- * ^Content-Type: message/delivery-status * ^Reporting-MTA: dns; ((flat|tower|slim|js)\.|)(berklix|bsdpie|surfacevision|monometro)\.(org|com|net|eu|co\.uk) { :0 WB # ------------------------------------------------------- * ^To:.*\<[a-z0-9\.\-]+\-(request|subscribe)@((flat|tower|slim|js)\.|)(berklix|bsdpie|surfacevision|monometro)\.(org|com|net|eu|co\.uk) # A bounced spammer masquerading as eg cdrom-announce-request@ $SPAM_NULL_NO_RCVSTORE :0 WB # ------------------------------------------------------- * 550 5\.1\.1 \<[a-z0-9\.\-]+@((flat|tower|slim|js)\.|)(berklix|bsdpie|surfacevision|monometro)\.(org|com|net|eu|co\.uk)\>\.\.\. User unknown { :0 WB # ----------------------------------------------- # * \(may be forged\) # JJLATER why does procfile.log report: # procmail: Invalid regexp "(may be forged\)" # ( brackets.c matcher * may be forged\) $SPAM_NULL_NO_RCVSTORE :0 WB # ----------------------------------------------- * ^\ \ \ \ \(reason: 550 5\.7\.1 \<[a-z0-9\.\-]+@[a-z0-9\.\-]+\>\.\.\. Relaying denied\) $SPAM_NULL_NO_RCVSTORE :0 WB # ----------------------------------------------- * ^\<\<\< 550 5\.7\.1 \<[a-z0-9\.\-]+@[a-z0-9\.\-]+\>\.\.\. Relaying denied $SPAM_NULL_NO_RCVSTORE :0 WB # ----------------------------------------------- * charset="iso-2022-jp" $SPAM_NULL_NO_RCVSTORE :0 WB # ----------------------------------------------- * This is a multi-part message in MIME format. $SPAM_NULL_NO_RCVSTORE :0 WB # ----------------------------------------------- | $RCVSTORE +error/unknown } :0 WB # ------------------------------------------------------- * ^\ \ \ \ \(reason: 550 5\.2\.1 \<[a-z0-9\.\-]+@[a-z0-9\.\-]+\>\.\.\. Mailbox disabled for this recipient\) | $RCVSTORE +error/unknown } :0 WB # --------------------------------------------------------------- * ^\ \ \ \ \(reason: 550 No Such User Here\) | $RCVSTORE +error/unknown } # ----------------------------------------------------------------------------- :0 WH # ----------------------------------------------------------------------- # Grab some spam with a faked from address eg * ^To:.*[a-z0-9\.\-]+\-approval@((lists|flat|tower|slim|js)\.|)(berklix|bsdpie|surfacevision|monometro)\.(org|com|net|eu|co\.uk) { :0 WH # --------------------------------------------------------------- * ^From:.*owner\-majordomo@((lists|flat|tower|slim|js)\.|)berklix\.org # owner-lists do send to *approval, but not owner-maj I think ? # so trap owner-maj before allowing other owner to escape. # | $RCVSTORE +spam/fake/approval-from-domo spam/fake/approval-from-domo/. # JJLATER maybe $SPAM_NULL_NO_RCVSTORE :0 WH # --------------------------------------------------------------- # Avoid grabbing genuine taboo traps eg: # From: owner-zz-test@ * !^From:.*owner\-[a-z0-9\.\-]+@((lists|flat|tower|slim|js)\.|)berklix\.org # - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - # Avoid grabbing genuine subs unsubs # (which are grabbed later by .procmailrc.owner_keep) eg: # From: majordomo@berk # Subject: (|UN)SUBSCRIBE [a-z]+ * !^From:.*majordomo@((lists|flat|tower|slim|js)\.|)berklix\.org # - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - # Store ready for auto deletion. # | $RCVSTORE +spam/fake/approval-other spam/fake/approval-other/. # JJLATER maybe $SPAM_NULL_NO_RCVSTORE } # ----------------------------------------------------------------------------- # Discard generic to lists owner & majordomo owner, # before later discarding specific just to majordomo. :0 WH # ----------------------------------------------------------------------- # Would like to use [[:print:]] rather than [[:alnum:]], to allow # for first '-' in eg bim-leaflet-approval@ & gea-ski-approval@, # But double bracket macros seem to fail. # I also have names such as zz-test2-approval@, # There are addresses such as owner-bim@ but not bim-owner@ # exception is majordomo, where: # majordomo-owner: Postmaster # owner-majordomo: majordomo-owner # JJLATER FAILS * ^To:.*([[:alnum:]]|\-)+\-(approval|owner)@ # JJLATER FAILS: $ owner-[a-z0-9\-_]+@ # JJLATER FAILS: * ^Subject:.*BOUNCE [a-z0-9\-_]+@list # JJLATER FAILS: * ^To:.*[[:print:]]+\-(approval|owner)@ # JJLATER FAILS: * ^To:[[:blank:]]*[[:print:]]+\-(approval|owner)@ # JJLATER FAILS: * ^To:[[:blank:]]*[a-z0-9\-]+\-(approval|owner)@ # JJLATER MATCH: $ owner-[a-z0-9\-]+@ # JJLATER MATCH: * ^To:.*([a-z0-9\-\.]+\-(approval|request|subscribe)|owner\-[a-z0-9\-\.]+|Majordomo)@ # JJLATER MATCH: * ^To:.*([a-z0-9\.\-]+\-(approval|request|subscribe)|owner\-[a-z0-9\-\.]+|Majordomo)@ # --------------------------------------------------------------------- # Add supports for spam to owner-bim-leaflet@berklix * ^To:.*(([a-z0-9\.\-]+\-(approval|request|subscribe))|(owner\-[a-z0-9\.\-]+)|Majordomo|Majordomo-owner|owner-majordomo)@((lists|flat|tower|slim|js)\.|)(berklix|bsdpie|surfacevision|monometro)\.(org|com|net|eu|co\.uk) # ----------------------------------- # /site/domain/berklix/etc/mail/aliases: Analysis of (approval|owner|request|subscribe) # ([a-z0-9\.\-]+\-(approval|owner|request|subscribe))@ # lots of *-approval exist, # lots of *-request exist, # lots of *-subscribe exist, # no *-owner exist for majordomo lists, just for majordomo & mailman & mailman lists later. # ((approval|owner|request|subscribe)\-[a-z0-9\.\-]+)@ # lots of owner-* exist # no approval-* exist # no request-* exist # no subscribe-* exist # --------------------------------------------------------------------- { # To a list owner for approval, often spam. :0 WH # Non Subscribed Bounces For Approval, Mostly Spam ------------ * ^X-Authentication-Warning: ((lists|flat|tower|slim|js)\.|)(berklix|bsdpie|surfacevision|monometro)\.(org|com|net|eu|co\.uk): majordom set sender to owner-[a-z0-9\.\-]+@((lists|flat|tower|slim|js)\.|)(berklix|bsdpie|surfacevision|monometro)\.(org|com|net|eu|co\.uk) using -f # JJLATER likely might FAIL owner-[:print:]+@( * ^From:.*owner\-.[a-z0-9\.\-]+@((lists|flat|tower|slim|js)\.|)(berklix|bsdpie|surfacevision|monometro)\.(org|com|net|eu|co\.uk) # JJLATER might FAIL: * ^From:.*owner\-.[[:print:]]+@ * ^Subject:.*BOUNCE [a-z0-9\.\-]+@list: \ \ \ Non-member submission from # JJLATER might FAIL: * ^Subject:.*BOUNCE [[:print:]]+@list { # ----------------------------------------------------------- # If a non susbscribed address bounces for approval, # & contains MIME HTML http gif jpg etc it is probably # a spammer, or possibly a double incompetent, so # dump them. # Tough luck on any bouncing rare non spammer who # has http:// in their header or signature (as I do too). # Intelligent people would strip headers to minimum when debugging. :0 WB # Fowarded by domo, so forwarded header in body. -------- * ^MIME-Version: { :0 WB # ----------------------------------------------- * ^Content-Type: multipart { :0 WB # Spam to list in HTML & ASCII # -------- * ^Content-Type: multipart/alternative * ^Content-Type: text/plain * ^Content-Type: text/html $SPAM_NULL_NO_RCVSTORE :0 WB # --------------------------------------- * ^Content-Type: multipart/mixed { :0 WB # Spam to list in PDF & ASCII # -- * ^Content-Type: text/plain * ^Content-Type: application/pdf $SPAM_NULL_NO_RCVSTORE } :0 WB # --------------------------------------- * ^Content-Transfer-Encoding: base64 { :0 WB # ------------------------------- * ^Content-Type: text/html * \ #HOLZ# $SPAM_NULL_NO_RCVSTORE :0 WB # ------------------------------------------------------- # Japanese, majordomo forwards to owner: spam. * From:.*=\?shift-jis\? $SPAM_NULL_NO_RCVSTORE :0 WB # ------------------------------------------------------- # Received: from bodnja (dsl85-107-22108.ttnet.net.tr [85.107.86.92] (may be forged)) * Received: from.*\([a-z0-9\.\-]+ \[[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+\] \(may be forged\)\) $SPAM_NULL_NO_RCVSTORE :0 WB # ------------------------------------------------------- # Likely a spammer, but note, # This body includes the forwarded header of original. # tough luck on innocents with eg X-organization: http://something\.org * http:// * !http://(www\.|)(berklix|bsdpie|surfacevision|monometro)\.(org|com|net|eu|co\.uk) $SPAM_NULL_NO_RCVSTORE } :0 WH # Subject: BOUNCE gea-ski@lists: taboo body match "/http:\/\/(www\.|)gea\-muc\.de/i" at line 188 # Let taboos in header or body slide through to be later # caught by .procmailrc.owner_keep * ! taboo { # ------------------------------------------------------------- # Spam not via a list bounce, either, direct to my servers, # or bounced from net where spammer masqueraded as my domains. :0 WB # ------------------------------------------------------- * ^\<\!DOCTYPE HTML PUBLIC $SPAM_NULL_NO_RCVSTORE :0 WB # ------------------------------------------------------- * ^Content-Type: text/html $SPAM_NULL_NO_RCVSTORE :0 WB # ------------------------------------------------------- * ^Content-Type: application/pdf $SPAM_NULL_NO_RCVSTORE :0 WB # ------------------------------------------------------- * ^Content-Type: application/octet-stream $SPAM_NULL_NO_RCVSTORE :0 WB # ------------------------------------------------------- # Catch a lot of spam & a few innocents, but will not lose business. * http:// * !http://(www\.|)(berklix|bsdpie|surfacevision|monometro)\.(org|com|net|eu|co\.uk) $SPAM_NULL_NO_RCVSTORE :0 WB # ------------------------------------------------------- * because the recipient mailbox is * full $SPAM_NULL_NO_RCVSTORE :0 WB # ------------------------------------------------------- * mailbox is full $SPAM_NULL_NO_RCVSTORE :0 WB # ------------------------------------------------------- * User\'s mailbox is full: * Unable to deliver mail. $SPAM_NULL_NO_RCVSTORE :0 WB # ------------------------------------------------------- * Temporary local problem - please try later $SPAM_NULL_NO_RCVSTORE :0 WB # ------------------------------------------------------- * The following addresses had permanent fatal errors $SPAM_NULL_NO_RCVSTORE :0 WB # ------------------------------------------------------- * ^Failed to deliver to '\<[a-z0-9\.\-]+@[a-z0-9\.\-]\>' * ^\ unknown user account $SPAM_NULL_NO_RCVSTORE :0 WB # ------------------------------------------------------- * ^User\'s mailbox is full: \<[a-z0-9\.\-]+@[a-z0-9\.\-]+\> * ^Unable to deliver mail\. $SPAM_NULL_NO_RCVSTORE :0 WB # ------------------------------------------------------- * 550 5\.1\.1 Mailbox \<[a-z0-9\.\-]+@[a-z0-9\.\-]+\> does not exist\) $SPAM_NULL_NO_RCVSTORE :0 WB # ------------------------------------------------------- * ^5\.1\.0 - Unknown address error 550-\'5\.1\.1 Recipient unknown\' $SPAM_NULL_NO_RCVSTORE :0 WB # ------------------------------------------------------- * ^\ \ \ ----- The following addresses had permanent delivery errors ----- $SPAM_NULL_NO_RCVSTORE :0 WB # ------------------------------------------------------- * This message has not been delivered after [0-9]+ hours. * Therefore it is being returned to you $SPAM_NULL_NO_RCVSTORE :0 WB # ------------------------------------------------------- * Please re send to my new email: $SPAM_NULL_NO_RCVSTORE :0 WB # ------------------------------------------------------- * ^Content-Transfer-Encoding: quoted-printable # Probably a spammer, tough if its a real person they will have to use Ascii # before they get me. $SPAM_NULL_NO_RCVSTORE :0 WB # Dump any HTML ----------------------------------------- * ^Content-Type: text/html $SPAM_NULL_NO_RCVSTORE } } # ----------------------------------------------------------------------------- # JJLATER move some domo rules, to become generic for all list+domo owners. :0 WH # ----------------------------------------------------------------------- # Used to be just Majordomo-Owner@ # but some spam bouncers seem to send back to majordomo@ # yet my berklix server aliases don''t # forward it to robot, but seem to give me at least a copy - Why ? * ^To:.*\? { :0 WH # --------------------------------------------------------------- * ^From:.*majordomo@((lists|flat|tower|slim|js)\.|)(berklix|bsdpie|surfacevision|monometro)\.(org|com|net|eu|co\.uk) { :0 WH # ------------------------------------------------------- * ^Subject:.*MAJORDOMO ABORT \(mj_majordomo\) { :0 WB # ----------------------------------------------- # (_dhcp|_pflogd|abuse|admin|apache|avahi|bin|bind|copyright|cups|cyrus|daemon|dhcpd|dumper|exmh-bug-master|faxmanager|faxmaster|fetchmail|ftp|ftp-admin|ftp-bugs|ftpmaster|games|haldaemon|hostmaster|kmem|listproc|listserv|mailer-daemon|mailman|mailnull|majordom|majordomo|majordomo-h|majordomo-owner|majordomo1|majordomo2|majordomo3|man|messagebus|msgs|nagios|news|newsmaster|nobody|null-notify|operator|owner-majordomo|polkit|pop|postmaster|proxy|release|root|saned|smmsp|squid|sshd|subscribe|system|toor|tty|usenet|uucp|webmaster|www|www-test|xten) * ^majordomo@berklix\.org: not replying to .* to avoid mail loop. $SPAM_NULL_NO_RCVSTORE } :0 WB # ------------------------------------------------------- * is not a valid return address $SPAM_NULL_NO_RCVSTORE } :0 WH # --------------------------------------------------------------- * ^Subject:.*Undeliver[a-z]+ Mail { :0 WH # ------------------------------------------------------- * ^Subject:.*Undelivered Mail Returned to Sender $SPAM_NULL_NO_RCVSTORE :0 WH # ------------------------------------------------------- * ^Subject:.*Undeliverable mail: Majordomo results: $SPAM_NULL_NO_RCVSTORE } :0 WH # --------------------------------------------------------------- * ^Subject:.*Delivery Notification: Delivery has failed $SPAM_NULL_NO_RCVSTORE :0 WH # --------------------------------------------------------------- * ^Subject:.*Delivery Notification { :0 WB * ^This is a delivery status notification, automatically generated by MTA * Regarding recipient * Delivery status : Failed. Message could not be delivered to domain $SPAM_NULL_NO_RCVSTORE } :0 WH # --------------------------------------------------------------- * ^Subject:.*There was an error sending your mail $SPAM_NULL_NO_RCVSTORE :0 WH # --------------------------------------------------------------- * ^Subject:.*Returned mail { :0 WH # ------------------------------------------------------- * ^Subject:.*Returned mail: see transcript for details { :0 WB # ----------------------------------------------- # " \ \ ----- The following addresses had permanent fatal errors # brackets.c " * The following addresses had permanent fatal errors * ^Subject:.*Majordomo results: * ^This help message is being sent to you from the Majordomo mailing list $SPAM_NULL_NO_RCVSTORE } :0 WH # ------------------------------------------------------- * ^Subject: Returned mail: Service unavailable { :0 WB # ----------------------------------------------- # From: Mail Delivery Subsystem * ^Your e-mail is being returned to you because there was a problem with its $SPAM_NULL_NO_RCVSTORE } :0 WH # ------------------------------------------------------- * ^Subject: Returned Mail: \"Majordomo results: # \" brackets.c matcher { :0 WB # ----------------------------------------------- * ^could not be delivered to some or all of the intended recipients # User - (550 a@b.c... No such user) $SPAM_NULL_NO_RCVSTORE } :0 WH # ------------------------------------------------------- * ^Subject: Returned mail: User unknown $SPAM_NULL_NO_RCVSTORE :0 WB # ------------------------------------------------------- * Mailbox unknown or not accepting mail # 550 a@b.c... No such user $SPAM_NULL_NO_RCVSTORE :0 WB # ------------------------------------------------------- # sent by Kerio MailServer 6.0.6 * Mailbox invalid or does not exist $SPAM_NULL_NO_RCVSTORE } :0 WH # --------------------------------------------------------------- * ^Subject:.*failure notice { :0 WB # ------------------------------------------------------- * there are no users here by that name $SPAM_NULL_NO_RCVSTORE :0 WB # ------------------------------------------------------- * ^Hi\. This is the qmail-send program at * ^I\'m afraid I wasn\'t able to deliver your message to the following addresses. # brackets.c ' * ^This is a permanent error; I\'ve given up. Sorry it didn\'t work out. # brackets.c ' $SPAM_NULL_NO_RCVSTORE :0 WB # ------------------------------------------------------- * ^We\'re sorry. There\'s a problem with the e-mail address\(es\) you\'re trying # brackets.c \' $SPAM_NULL_NO_RCVSTORE :0 WB # ------------------------------------------------------- * ^This address no longer accepts mail. $SPAM_NULL_NO_RCVSTORE :0 WB # ------------------------------------------------------- * ^Sorry, no mailbox here by that name. vpopmail \(#5.1.1\) $SPAM_NULL_NO_RCVSTORE :0 WB # ------------------------------------------------------- * ^Remote host said: 550 sorry, no mailbox here by that name. \(#5.7.17\) $SPAM_NULL_NO_RCVSTORE :0 WB # ------------------------------------------------------- * ^NO FUE POSIBLE ENTREGAR SU MENSAJE A LAS SIGUIENTES DIRECCIONES. * ^LO SIENTO, EL BUZON NO EXISTE. \(#5.1.1\) $SPAM_NULL_NO_RCVSTORE :0 WB # ------------------------------------------------------- * ^Error en la entrega a los siguientes destinatarios $SPAM_NULL_NO_RCVSTORE :0 WB # ------------------------------------------------------- * Hi. This is the qmail-send program at * Invalid or unknown virtual user $SPAM_NULL_NO_RCVSTORE } :0 WH # --------------------------------------------------------------- * ^Subject:.*Delivery Status Notification \(Delay\) { :0 WB # ------------------------------------------------------- * ^This is an automatically generated Delivery Status Notification * THIS IS A WARNING MESSAGE ONLY. * YOU DO NOT NEED TO RESEND YOUR MESSAGE. * Delivery to the following recipient has been delayed: $SPAM_NULL_NO_RCVSTORE } :0 WH # --------------------------------------------------------------- * ^Subject:.*Delivery Status Notification \(Failure\) { :0 WB # ------------------------------------------------------- * ^Delivery to the following recipients failed $SPAM_NULL_NO_RCVSTORE :0 WB # ------------------------------------------------------- # The following message to was undeliverable. # JJLATER might FAIL: * ^The following message to \<[[:print:]]+@[[:print:]]+\> was undeliverable\. * ^The following message to \<[a-z0-9\.\-]+@[a-z0-9\.\-]+\> was undeliverable\. $SPAM_NULL_NO_RCVSTORE :0 WB # ------------------------------------------------------- * ^5\.1\.0 - Unknown address error 550- { :0 WB # ----------------------------------------------- * \'5\.1\.1 unknown or illegal alias: # \' brackets.c matcher $SPAM_NULL_NO_RCVSTORE :0 WB # ----------------------------------------------- * \'User does not exist\' $SPAM_NULL_NO_RCVSTORE :0 WB # ----------------------------------------------- * \'5\.1\.1 User unknown\' $SPAM_NULL_NO_RCVSTORE } :0 WB # ------------------------------------------------------- * \>\.\.\. Address invalid $SPAM_NULL_NO_RCVSTORE } :0 WH # --------------------------------------------------------------- * ^Subject:.*Automatically rejected mail # Your message was automatically rejected by Dovecot Mail Delivery Agent # The following reason was given: # Quota exceeded $SPAM_NULL_NO_RCVSTORE :0 WH # --------------------------------------------------------------- * ^MIME-Version: { :0 WH #-------------------------------------------------------- * ^Content-Type: multipart/report; report-type=delivery-status { :0 WH # ----------------------------------------------- * ^Subject:.*Warning: could not send message for past { :0 WB # --------------------------------------- * Deferred: Operation timed out with $SPAM_NULL_NO_RCVSTORE :0 WB # --------------------------------------- * THIS IS A WARNING MESSAGE ONLY * YOU DO NOT NEED TO RESEND YOUR MESSAGE $SPAM_NULL_NO_RCVSTORE :0 WB # -------------------------------------- * ^Warning: message still undelivered after . days $SPAM_NULL_NO_RCVSTORE :0 WB # --------------------------------------- * ^Will keep trying until message is . days old $SPAM_NULL_NO_RCVSTORE } } :0 WH #-------------------------------------------------------- * ^Content-Type: multipart/related { :0 WB #------------------------------------------------ * ^Content-Type: image/jpg $SPAM_NULL_NO_RCVSTORE } } :0 WH # --------------------------------------------------------------- * ^From Mail Delivery Subsystem \: 550 5.1.1 User unknown * : 550 5.1.1 User unknown $SPAM_NULL_NO_RCVSTORE :0 WB # ------------------------------------------------------- # ^550 5.1.1 : Recipient address rejected: User unknown in local recipient table * ^550 5\.1\.1 \<[a-z\-\.\_]+\@[a-z\-\.\_]+\>: Recipient address rejected $SPAM_NULL_NO_RCVSTORE :0 WB # ------------------------------------------------------- * ^The message has not been collected after [0-9]+ days $SPAM_NULL_NO_RCVSTORE } :0 WH # --------------------------------------------------------------- * ^Subject:.*Undeliverable: { :0 WB # ------------------------------------------------------- * ^did not reach the following recipient $SPAM_NULL_NO_RCVSTORE } :0 WH # Yahoo are so ignorant they reply to majordomo ! --------------- # From:.*Yahoo\! Groups \ * ^Subject:.*Unable to process your message { :0 WB # ------------------------------------------------------- * ^We are unable to process the message from \ # Your message was addressed to a group (eusdreams) # that does not exist. # Please check to make sure you spelled the group name # correctly. $SPAM_NULL_NO_RCVSTORE :0 WB # ------------------------------------------------------- # For further assistance, please visit http://help\.yahoo\.com/help/us/groups/ * ^For further assistance, please visit http:// $SPAM_NULL_NO_RCVSTORE } :0 WH # --------------------------------------------------------------- * charset="Windows-1252" $SPAM_NULL_NO_RCVSTORE :0 WH # --------------------------------------------------------------- * ^From:.*Mail Delivery System \ $SPAM_NULL_NO_RCVSTORE :0 WH # --------------------------------------------------------------- # From: mailmarshal@wiley.com * ^From: mailmarshal@ $SPAM_NULL_NO_RCVSTORE :0 WH # --------------------------------------------------------------- * ^Subject: failure delivery # Received: from mta832.mail.ukl.yahoo.com # *^Can\'t open mailbox for [a-z0-9\.\-]+@[a-z0-9\.\-]+ Temporary error # *^\/\/I\'m not going to try again; this message has been in the queue too long. $SPAM_NULL_NO_RCVSTORE # ------------- above here :0 WH, below is :0 WB ---------------------- :0 WB # --------------------------------------------------------------- * 5\.1\.0 - Unknown address error 550- { :0 WB # ------------------------------------------------------- * User unknown\. * ^The following message to * was undeliverable\. * ^The reason for the problem: * User unknown\' # brackets.c ' $SPAM_NULL_NO_RCVSTORE :0 WB # ------------------------------------------------------- # 5\.1\.0 - Unknown address error 550-'vdnw@kbcsecurities.fr... No such user' * No such user\' # brackets.c ' $SPAM_NULL_NO_RCVSTORE } :0 WB # --------------------------------------------------------------- * Failed to deliver to * User unknown\. $SPAM_NULL_NO_RCVSTORE :0 WH # --------------------------------------------------------------- * ^Subject:.*Returned mail: see transcript for details { :0 WB * \(reason: 550 5.1.1 * User unknown\) $SPAM_NULL_NO_RCVSTORE } :0 WH # --------------------------------------------------------------- * ^Subject: Delivery status notification { :0 WB # ------------------------------------------------------- * ^Delivery to the following recipients failed permanently: $SPAM_NULL_NO_RCVSTORE } :0 WB # --------------------------------------------------------------- * (berklix|bsdpie|surfacevision|monometro)\.(org|com|net|eu|co\.uk): not replying to majordomo to avoid mail loop\. $SPAM_NULL_NO_RCVSTORE :0 WB # --------------------------------------------------------------- * ^Hi\. This is the qmail-send program at { :0 WB # ------------------------------------------------------- * ^user is over quota $SPAM_USER_SUSPENDED :0 WB # ------------------------------------------------------- * ^is not a valid return address $SPAM_NULL_NO_ACCESS } :0 WB # --------------------------------------------------------------- * ^MAJORDOMO ABORT \(mj_majordomo\)\!\! { :0 WB # ------------------------------------------------------- * ^majordomo\@((lists|flat|tower|slim|js)\.|)(berklix|bsdpie|surfacevision|monometro)\.(org|com|net|eu|co\.uk) punting to avoid mail loop\. $SPAM_NULL_NO_RCVSTORE :0 WB # ------------------------------------------------------- * ^HOSTILE ADDRESS \(invalid first char or \|\) $SPAM_NULL_NO_RCVSTORE :0 WB # ------------------------------------------------------- * ^HOSTILE ADDRESS \(no x400 c=\) $SPAM_NULL_NO_RCVSTORE :0 WB # ------------------------------------------------------- * ^majordomo@((lists|flat|tower|slim|js)\.|)(berklix|bsdpie|surfacevision|monometro)\.(org|com|net|eu|co\.uk) * is not a valid return address\. $SPAM_NULL_NO_RCVSTORE } :0 WB # --------------------------------------------------------------- * not listed in Domino Directory $SPAM_NULL_NO_RCVSTORE :0 WB # HTML In Body # ------------------------------------------------ * ^\<\!DOCTYPE html PUBLIC * \ $SPAM_NULL_NO_RCVSTORE :0 WB # PDF In Body # ------------------------------------------------- * ^Content-Type: application/pdf $SPAM_NULL_NO_RCVSTORE :0 WB # --------------------------------------------------------------- * ^This message is in MIME format. Since your mail reader does not understand * ^this format, some or all of this message may not be legible. $SPAM_NULL_NO_RCVSTORE :0 WB # --------------------------------------------------------------- * ^Subject: Majordomo results: # ( brackets.c matcher * 550 5\.1\.1 Mailbox \<[a-z0-9\.\-]+@[a-z0-9\.\-]\> does not exist\) $SPAM_NULL_NO_RCVSTORE :0 WB # --------------------------------------------------------------- * ^Sorry. Your message could not be delivered to: $SPAM_NULL_NO_RCVSTORE :0 WB # --------------------------------------------------------------- * ^Your message could not be delivered to $SPAM_NULL_NO_RCVSTORE :0 WB # --------------------------------------------------------------- * ^Votre message n'a pas pu etre delivre a # brackets.c ' } :0 WH # ----------------------------------------------------------------------- * ^Reply-To:.*majordomo@((lists|flat|tower|slim|js)\.|)(berklix|bsdpie|surfacevision|monometro)\.(org|com|net|eu|co\.uk) * ^From:.*majordomo@((lists|flat|tower|slim|js)\.|)(berklix|bsdpie|surfacevision|monometro)\.(org|com|net|eu|co\.uk) { :0 WB # HTML spam # --------------------------------------------------- * ^\*\*\*\* Command \'content-type:\' not recognized\. * ^Command \'content-transfer-encoding:\' not recognized\. $SPAM_NULL_NO_RCVSTORE } :0 WB # Dump reports of majordomo failing to reply to spam. ------------------ * THIS IS A WARNING MESSAGE ONLY * YOU DO NOT NEED TO RESEND YOUR MESSAGE * Transcript of session follows * while talking to * ^From:.*majordomo@((lists|flat|tower|slim|js)\.|)(berklix|bsdpie|surfacevision|monometro)\.(org|com|net|eu|co\.uk) * ^Subject:.*Majordomo results: * ^Reply-To:.*majordomo@((lists|flat|tower|slim|js)\.|)(berklix|bsdpie|surfacevision|monometro)\.(org|com|net|eu|co\.uk) * ^\*\*\*\* Command \' * \' not recognized\. # JJLATER change back from OWNER_MAJORDOMO to SPAM_NULL_NO_RCVSTORE once I have # checked header and can merge into another condition eg: # ^To:.*Majordomo-Owner@((lists|flat|tower|slim|js)\.|)(berklix|bsdpie|surfacevision|monometro)\.(org|com|net|eu|co\.uk) $OWNER_MAJORDOMO :0 WB # ----------------------------------------------------------------------- # Trap spammers who crap at majordomo, faking their address as being domo. * mailbox is full * Help for majordomo@((lists|flat|tower|slim|js)\.|)(berklix|bsdpie|surfacevision|monometro)\.(org|com|net|eu|co\.uk) # JJLATER change back from OWNER_MAJORDOMO to SPAM_NULL_NO_RCVSTORE once I have # checked header and can add another condition eg: # ^To:.*Majordomo-Owner@((lists|flat|tower|slim|js)\.|)(berklix|bsdpie|surfacevision|monometro)\.(org|com|net|eu|co\.uk) $OWNER_MAJORDOMO :0 WB # ----------------------------------------------------------------------- * ^\*\*\*\* Command \'\\' not recognized\. # JJLATER change back from OWNER_MAJORDOMO to SPAM_NULL_NO_RCVSTORE once I have # checked header and can add another condition eg: # ^To:.*Majordomo-Owner@((lists|flat|tower|slim|js)\.|)(berklix|bsdpie|surfacevision|monometro)\.(org|com|net|eu|co\.uk) $OWNER_MAJORDOMO :0 WB # ----------------------------------------------------------------------- # Match both: # * ^\*\*\*\* Command \'content-transfer-encoding:\' not recognized\. # * ^Command \'content-transfer-encoding:\' not recognized\. * Command \'content-transfer-encoding:\' not recognized\. # JJLATER change back from OWNER_MAJORDOMO to SPAM_NULL_NO_RCVSTORE once I have # checked header and can add another condition eg: # ^To:.*Majordomo-Owner@((lists|flat|tower|slim|js)\.|)(berklix|bsdpie|surfacevision|monometro)\.(org|com|net|eu|co\.uk) $OWNER_MAJORDOMO :0 WB # ----------------------------------------------------------------------- * Command \'content-type:\' not recognized\. # JJLATER change back from OWNER_MAJORDOMO to SPAM_NULL_NO_RCVSTORE once I have # checked header and can add another condition eg: # ^To:.*Majordomo-Owner@((lists|flat|tower|slim|js)\.|)(berklix|bsdpie|surfacevision|monometro)\.(org|com|net|eu|co\.uk) $OWNER_MAJORDOMO :0 WB # ----------------------------------------------------------------------- * Command \'content-type:\' not recognized\. # JJLATER change back from OWNER_MAJORDOMO to SPAM_NULL_NO_RCVSTORE once I have # checked header and can add another condition eg: # ^To:.*Majordomo-Owner@((lists|flat|tower|slim|js)\.|)(berklix|bsdpie|surfacevision|monometro)\.(org|com|net|eu|co\.uk) $OWNER_MAJORDOMO :0 WH # ----------------------------------------------------------------------- * ^To:.*(webmaster|postmaster|hostmaster|root)@([a-z]+\.|)(berklix|bsdpie|surfacevision|monometro)\.(org|com|net|eu|co\.uk) { # Serious computer industry competent people should use Ascii only, # which will pass through to later. :0 WH # --------------------------------------------------------------- * ^MIME-Version: 1\.0 # I used to have: * ^Content-Type: multipart/alternative # But 2008.03.02 to now also catch: # Content-Type: multipart/related; # type="multipart/alternative"; # boundary="----=_NextPart_00 # " brackets.c matcher * ^Content-Type: multipart/ * ^(Content-|.+)type(:|=)(.+|)multipart/alternative { :0 WB #-------------------------------------------------------- # Incompetents eg Microsoft Outlook (new name Entourage) users send both Ascii & HTML. * Content-Type: text/plain * Content-Type: text/html $SPAM_NULL_NO_RCVSTORE :0 WB #-------------------------------------------------------- * Content-Type: text/html * Content-Type: image/gif $SPAM_NULL_NO_RCVSTORE :0 WB #-------------------------------------------------------- * Content-Type: text/html * Content-Type: image/(jpeg|jpg) $SPAM_NULL_NO_RCVSTORE :0 WB #-------------------------------------------------------- # Dump those who do not include ascii ie just .gif spammers * !Content-Type: text/plain $SPAM_NULL_NO_RCVSTORE # ------------------------------------------------------------- # Remaining computer incompetents who send both HTML & Ascii, # - Friends will be addressing jhs@, so pass through. # - customers have read my page so address eg jhs@ # - Extra spammers addressing webmasters etc, offering # cross linkage get dumped # - @postmaster would be a waste of time as incompetent. } } :0 WH # ----------------------------------------------------------------------- # mailer-daemon is not in aliases or passwd, but spammers got through. * ^To:.*mailer-daemon@([a-z]+\.|)(berklix|bsdpie|surfacevision|monometro)\.(org|com|net|eu|co\.uk) # I can not imagine anyone except spammers or idiots writing to mailer-daemon. $SPAM_NULL_NO_RCVSTORE # | $RCVSTORE +spam/mailer-daemon