# ~jhs/.procmailrc.owner.dump included by ~jhs/.procmailrc. SPAM_USER_FULL=spam/user_full/. # http://berklix.com/~jhs/dots/.procmailrc.owner.dump # This file holds stuff for lists owner & # majordomo owner & postmaster # It does Not deal with normal end user type list subscriptions, # For that see ~/.procmailrc.lists # Clueless gea@ & other subscribers running Micro$oft get their # machines raped by viruses, which harvest address inc @berklix list, # these get sent back to spam list vendors, that sell to spammers, # Spammers lie & masquerade as my domain excretia arrives # at innocent list owners. # Grey List Messages: # 451 4.7.1 Greylisting in action, please come back in # Deferred: 450 4.7.1 \<*@*\>: Recipient address rejected: # Greylisted for # Deferred: 451 4.7.1 Greylisting in action, please come back in # Deferred: 451 4.7.1 Greylisting in action, please come back later # Deferred: 451 GL - temporary problem. Please try again later. # Deferred: 451 Please try again later. # Deferred: 451 mail server temporarily rejected message (#4.3.0) # Deferred: 454 4.7.1 \<*@*\>: Recipient address rejected: # Greylisting active, try again in # Recipient address rejected: Greylisted for # Recipient address rejected: Greylisting active, try again in :0 WH # ( # Discard reports to postmaster@*.berklix of failure to reply to an # address masqueraded by a spammer, when that spammer was sending # to an invalid guessed address@berklix # However do Not discard all to/ from re @berklix as occasional genuine. * ^From: Mail Delivery Subsystem \ * ^To:.*(postmaster|mailer-daemon)@((webmail|slim|tower|flat|js)\.|)(berklix|bsdpie|surfacevision|monometro)\.(org|com|net|eu|co\.uk) * ^MIME-Version: 1\.0 * ^Content-Type: multipart/report; report-type=delivery-status * ^Subject:.*Postmaster notify: see transcript for details * ^Auto-Submitted: auto-generated \(postmaster-notification\) { :0 WB # ( # Dump spammers (& normal people) addresing eg realuser@tower. # @user\.berklix has moved from @tower to @flat, * ^\ \ \ \ \(reason: 550 5\.1\.1 \<[a-z0-9\.\-]+@(webmail|slim|tower|flat)\.(berklix|bsdpie|surfacevision|monometro)\.(org|com|net|eu|co\.uk)\>\.\.\. User unknown\) $SPAM_NULL_NO_RCVSTORE # ) :0 WB # ( Someone spamming Graham # Next line comes from a spammer (or inncocent # masqueraded by a spammer), which refuses to accept # the reject reply from yahoo, after someone spams # info@surfacevision\.com # * Mailbox disabled for this recipient # However I then saw another reject from yahoo, without that # line above which is now disabled. * The following addresses had permanent fatal errors * ^grahamcripps42@yahoo\.co\.uk * Please visit http://help\.yahoo\.com # Above comes when someone spams Graham $SPAM_NULL_NO_RCVSTORE # ) :0 WB # ( * ^\ \ \ \-\-\-\-\- The following addresses had permanent fatal errors * ^Content-Type: message/delivery-status * ^Reporting-MTA: dns; ((webmail|slim|tower|flat|js)\.|)(berklix|bsdpie|surfacevision|monometro)\.(org|com|net|eu|co\.uk) { :0 WB # ( * ^To:.*\<[a-z0-9\.\-]+\-(request|subscribe)@((webmail|slim|tower|flat|js)\.|)(berklix|bsdpie|surfacevision|monometro)\.(org|com|net|eu|co\.uk) # A bounced spammer masquerading as eg cdrom-announce-request@ $SPAM_NULL_NO_RCVSTORE # ) :0 WB # ( * 550 5\.1\.1 \<[a-z0-9\.\-]+@((webmail|slim|tower|flat|js)\.|)(berklix|bsdpie|surfacevision|monometro)\.(org|com|net|eu|co\.uk)\>\.\.\. User unknown { :0 WB # ( # * \(may be forged\) # JJLATER why does procfile.log report: # procmail: Invalid regexp "(may be forged\)" # ( brackets.c matcher * may be forged\) $SPAM_NULL_NO_RCVSTORE # ) :0 WB # ( * ^\ \ \ \ \(reason: 550 5\.7\.1 \<[a-z0-9\.\-]+@[a-z0-9\.\-]+\>\.\.\. Relaying denied\) $SPAM_NULL_NO_RCVSTORE # ) :0 WB # ( * ^\<\<\< 550 5\.7\.1 \<[a-z0-9\.\-]+@[a-z0-9\.\-]+\>\.\.\. Relaying denied $SPAM_NULL_NO_RCVSTORE # ) :0 WB # ( * charset="iso-2022-jp" $SPAM_NULL_NO_RCVSTORE # ) :0 WB # ( * This is a multi-part message in MIME format. $SPAM_NULL_NO_RCVSTORE # ) :0 WB # ( | $RCVSTORE +error/unknown # ) } # ) :0 WB # ( * ^\ \ \ \ \(reason: 550 5\.2\.1 \<[a-z0-9\.\-]+@[a-z0-9\.\-]+\>\.\.\. Mailbox disabled for this recipient\) | $RCVSTORE +error/unknown # ) } # ) :0 WB # ( * ^\ \ \ \ \(reason: 550 No Such User Here\) | $RCVSTORE +error/unknown # ) } # ) :0 WH # ( # Grab some spam with a faked from address eg * ^To:.*[a-z0-9\.\-]+\-approval@((lists|webmail|slim|tower|flat|js)\.|)(berklix|bsdpie|surfacevision|monometro)\.(org|com|net|eu|co\.uk) { :0 WH # ( * ^From:.*owner\-majordomo@((lists|webmail|slim|tower|flat|js)\.|)berklix\.org # owner-lists do send to *approval, but not owner-maj I think ? # so trap owner-maj before allowing other owner to escape. # | $RCVSTORE +spam/fake/approval-from-domo spam/fake/approval-from-domo/. # JJLATER maybe $SPAM_NULL_NO_RCVSTORE # ) :0 WH # ( # Avoid grabbing genuine taboo traps eg: # From: owner-zz-test@ * !^From:.*owner\-[a-z0-9\.\-]+@((lists|webmail|slim|tower|flat|js)\.|)berklix\.org # Avoid grabbing genuine subs unsubs # (which are grabbed later by .procmailrc.owner_keep) eg: # From: majordomo@berk # Subject: (|UN)SUBSCRIBE [a-z]+ * !^From:.*majordomo@((lists|webmail|slim|tower|flat|js)\.|)berklix\.org # Store ready for auto deletion. # | $RCVSTORE +spam/fake/approval-other spam/fake/approval-other/. # JJLATER maybe $SPAM_NULL_NO_RCVSTORE # ) } # ) # Discard generic to lists owner & majordomo owner, # before later discarding specific just to majordomo. :0 WH # ( # Would like to use [[:print:]] rather than [[:alnum:]], to allow # for first '-' in eg bim-leaflet-approval@ & ski-approval@, # But double bracket macros seem to fail. # I also have names such as zz-test2-approval@, # There are addresses such as owner-bim@ but not bim-owner@ # exception is majordomo, where: # majordomo-owner: Postmaster # owner-majordomo: majordomo-owner # JJLATER FAILS: * ^To:.*([[:alnum:]]|\-)+\-(approval|owner)@ # JJLATER FAILS: $ owner-[a-z0-9\-_]+@ # JJLATER FAILS: * ^Subject:.*BOUNCE [a-z0-9\-_]+@list # JJLATER FAILS: * ^To:.*[[:print:]]+\-(approval|owner)@ # JJLATER FAILS: * ^To:[[:blank:]]*[[:print:]]+\-(approval|owner)@ # JJLATER FAILS: * ^To:[[:blank:]]*[a-z0-9\-]+\-(approval|owner)@ # JJLATER MATCH: $ owner-[a-z0-9\-]+@ # JJLATER MATCH: * ^To:.*([a-z0-9\-\.]+\-(approval|request|subscribe)|owner\-[a-z0-9\-\.]+|Majordomo)@ # JJLATER MATCH: * ^To:.*([a-z0-9\.\-]+\-(approval|request|subscribe)|owner\-[a-z0-9\-\.]+|Majordomo)@ # Add supports for spam to owner-bim-leaflet@berklix * ^To:.*(([a-z0-9\.\-]+\-(approval|request|subscribe))|(owner\-[a-z0-9\.\-]+)|Majordomo|Majordomo-owner|owner-majordomo)@((lists|webmail|slim|tower|flat|js)\.|)(berklix|bsdpie|surfacevision|monometro)\.(org|com|net|eu|co\.uk) # /site/domain/berklix/etc/mail/aliases: Analysis of (approval|owner|request|subscribe) # ([a-z0-9\.\-]+\-(approval|owner|request|subscribe))@ # lots of *-approval exist, # lots of *-request exist, # lots of *-subscribe exist, # no *-owner exist for majordomo lists, just for majordomo & mailman & mailman lists later. # ((approval|owner|request|subscribe)\-[a-z0-9\.\-]+)@ # lots of owner-* exist # no approval-* exist # no request-* exist # no subscribe-* exist { # To a list owner for approval, often spam. :0 WH # ( Non Subscribed Bounces For Approval, Mostly Spam * ^X-Authentication-Warning: ((lists|webmail|slim|tower|flat|js)\.|)(berklix|bsdpie|surfacevision|monometro)\.(org|com|net|eu|co\.uk): majordom set sender to owner-[a-z0-9\.\-]+@((lists|webmail|slim|tower|flat|js)\.|)(berklix|bsdpie|surfacevision|monometro)\.(org|com|net|eu|co\.uk) using -f # JJLATER likely might FAIL owner-[:print:]+@( # brackets.c matcher ) * ^From:.*owner\-.[a-z0-9\.\-]+@((lists|webmail|slim|tower|flat|js)\.|)(berklix|bsdpie|surfacevision|monometro)\.(org|com|net|eu|co\.uk) # JJLATER might FAIL: * ^From:.*owner\-.[[:print:]]+@ * ^Subject:.*BOUNCE [a-z0-9\.\-]+@lists: \ \ \ Non-member submission from # JJLATER might FAIL: * ^Subject:.*BOUNCE [[:print:]]+@list { # If a non susbscribed address bounces for approval, # & contains MIME HTML http gif jpg etc it is probably # a spammer, or possibly a double incompetent, so # dump them. # Tough luck on any bouncing rare non spammer who # has http:// in their header or signature (as I do too). # Intelligent people would strip headers to minimum when debugging. :0 WB # ( Fowarded by domo, so forwarded header in body. * ^MIME-Version: { :0 WB # ( * ^Content-Type: multipart { :0 WB # ( Spam to list in HTML & ASCII * ^Content-Type: multipart/alternative * ^Content-Type: text/plain * ^Content-Type: text/html $SPAM_NULL_NO_RCVSTORE # ) :0 WB # ( * ^Content-Type: multipart/mixed { :0 WB # ( Spam to list in PDF & ASCII * ^Content-Type: text/plain * ^Content-Type: application/pdf $SPAM_NULL_NO_RCVSTORE # ) } # ) :0 WB # ( * ^Content-Transfer-Encoding: base64 { :0 WB # ( * ^Content-Type: text/html * \ #HOLZ# $SPAM_NULL_NO_RCVSTORE #HOLZ# # ) :0 WB # ( # Japanese, majordomo forwards to owner: spam. * From:.*=\?shift-jis\? $SPAM_NULL_NO_RCVSTORE # ) :0 WB # ( # Received: from bodnja (dsl85-107-22108.ttnet.net.tr [85.107.86.92] (may be forged)) * Received: from.*\([a-z0-9\.\-]+ \[[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+\] \(may be forged\)\) $SPAM_NULL_NO_RCVSTORE # ) :0 WB # ( # Likely a spammer, but note, # This body includes the forwarded header of original. # tough luck on innocents with eg X-organization: http://something\.org * http:// * !http://((www|webmail)\.|)(berklix|bsdpie|surfacevision|monometro)\.(org|com|net|eu|co\.uk) $SPAM_NULL_NO_RCVSTORE # ) } # ) :0 WH # ( # Subject: BOUNCE ski@lists: taboo body match "/http:\/\/(www\.|)gea\-muc\.de/i" at line 188 # Let taboos in header or body slide through to be later # caught by .procmailrc.owner_keep * ! taboo { # Spam not via a list bounce, either, direct to my servers, # or bounced from net where spammer masqueraded as my domains. :0 WB # ( * ^\<\!DOCTYPE HTML PUBLIC $SPAM_NULL_NO_RCVSTORE # ) :0 WB # ( * ^Content-Type: text/html $SPAM_NULL_NO_RCVSTORE # ) :0 WB # ( * ^Content-Type: application/pdf $SPAM_NULL_NO_RCVSTORE # ) :0 WB # ( * ^Content-Type: application/octet-stream $SPAM_NULL_NO_RCVSTORE # ) :0 WB # ( # Catch a lot of spam & a few innocents, but will not lose business. * http:// * !http://((www|webmail)\.|)(berklix|bsdpie|surfacevision|monometro)\.(org|com|net|eu|co\.uk) $SPAM_NULL_NO_RCVSTORE # ) :0 WB # ( * because the recipient mailbox is * full $SPAM_NULL_NO_RCVSTORE # ) :0 WB # ( * mailbox is full $SPAM_NULL_NO_RCVSTORE # ) :0 WB # ( * User\'s mailbox is full: * Unable to deliver mail. $SPAM_NULL_NO_RCVSTORE # ) :0 WB # ( * Temporary local problem - please try later $SPAM_NULL_NO_RCVSTORE # ) :0 WB # ( * The following addresses had permanent fatal errors # Do not discard error message: # majorlog # (reason: 550 5.1.1 User unknown) * !^majorlog $SPAM_NULL_NO_RCVSTORE # ) :0 WB # ( * ^Failed to deliver to '\<[a-z0-9\.\-]+@[a-z0-9\.\-]\>' * ^\ unknown user account $SPAM_NULL_NO_RCVSTORE # ) :0 WB # ( * ^User\'s mailbox is full: \<[a-z0-9\.\-]+@[a-z0-9\.\-]+\> * ^Unable to deliver mail\. $SPAM_NULL_NO_RCVSTORE # ) :0 WB # ( # brackets.c matcher ( * 550 5\.1\.1 Mailbox \<[a-z0-9\.\-]+@[a-z0-9\.\-]+\> does not exist\) $SPAM_NULL_NO_RCVSTORE # ) :0 WB # ( * ^5\.1\.0 - Unknown address error 550-\'5\.1\.1 Recipient unknown\' $SPAM_NULL_NO_RCVSTORE # ) :0 WB # ( * ^\ \ \ -\-\-\-\- The following addresses had permanent delivery errors -\-\- $SPAM_NULL_NO_RCVSTORE # ) :0 WB # ( * This message has not been delivered after [0-9]+ hours. * Therefore it is being returned to you $SPAM_NULL_NO_RCVSTORE # ) :0 WB # ( * Please re send to my new email: $SPAM_NULL_NO_RCVSTORE # ) :0 WB # ( * ^Content-Transfer-Encoding: quoted-printable # Probably a spammer, tough if its a real person they will have to use Ascii # before they get me. $SPAM_NULL_NO_RCVSTORE # ) :0 WB # ( Dump any HTML * ^Content-Type: text/html $SPAM_NULL_NO_RCVSTORE # ) } # ) } # ) # JJLATER move some majordomo rules, to become generic for all list+domo owners. :0 WH # ( # Used to be just Majordomo-Owner@ # but some spam bouncers seem to send back to majordomo@ # yet my berklix server aliases don''t # forward it to robot, but seem to give me at least a copy - Why ? * ^To:.*\? { :0 WH # ( * ^From:.*majordomo@((lists|webmail|slim|tower|flat|js)\.|)(berklix|bsdpie|surfacevision|monometro)\.(org|com|net|eu|co\.uk) { :0 WH # ( * ^Subject:.*MAJORDOMO ABORT \(mj_majordomo\) { :0 WB # ( # (_dhcp|_pflogd|abuse|admin|apache|avahi|bin|bind|copyright|cups|cyrus|daemon|dhcpd|dumper|exmh-bug-master|faxmanager|faxmaster|fetchmail|ftp|ftp-admin|ftp-bugs|ftpmaster|games|haldaemon|hostmaster|kmem|listproc|listserv|mailer-daemon|mailman|mailnull|majordom|majordomo|majordomo-h|majordomo-owner|majordomo1|majordomo2|majordomo3|man|messagebus|msgs|nagios|news|newsmaster|nobody|null-notify|operator|owner-majordomo|polkit|pop|postmaster|proxy|release|root|saned|smmsp|squid|sshd|subscribe|system|toor|tty|usenet|uucp|webmaster|www|www-test|xten) * ^majordomo@berklix\.org: not replying to .* to avoid mail loop. $SPAM_NULL_NO_RCVSTORE # ) } # ) :0 WB # ( * is not a valid return address $SPAM_NULL_NO_RCVSTORE # ) } # ) :0 WH # ( * ^Subject:.*Undeliver[a-z]+ Mail { :0 WH # ( * ^Subject:.*Undelivered Mail Returned to Sender $SPAM_NULL_NO_RCVSTORE # ) :0 WH # ( * ^Subject:.*Undeliverable mail: Majordomo results: ## $SPAM_NULL_NO_RCVSTORE $SPAM_USER_FULL # ) } # ) :0 WH # ( * ^Subject:.*Delivery Notification: Delivery has failed $SPAM_NULL_NO_RCVSTORE # ) :0 WH # ( * ^Subject:.*Delivery Notification { :0 WB # ( * ^This is a delivery status notification, automatically generated by MTA * Regarding recipient * Delivery status : Failed. Message could not be delivered to domain $SPAM_NULL_NO_RCVSTORE # ) } # ) :0 WH # ( * ^Subject:.*There was an error sending your mail $SPAM_NULL_NO_RCVSTORE # ) :0 WH # ( * ^Subject:.*Returned mail { :0 WH # ( * ^Subject:.*Returned mail: see transcript for details { :0 WB # ( # " \ \ -\-\-\-\- The following addresses had permanent fatal errors # brackets.c " * The following addresses had permanent fatal errors * ^Subject:.*Majordomo results: * ^This help message is being sent to you from the Majordomo mailing list $SPAM_NULL_NO_RCVSTORE # ) } # ) :0 WH # ( * ^Subject: Returned mail: Service unavailable { :0 WB # ( # From: Mail Delivery Subsystem * ^Your e-mail is being returned to you because there was a problem with its $SPAM_NULL_NO_RCVSTORE # ) } # ) :0 WH # ( * ^Subject: Returned Mail: \"Majordomo results: # \" brackets.c matcher { :0 WB # ( * ^could not be delivered to some or all of the intended recipients # User - (550 a@b.c... No such user) $SPAM_NULL_NO_RCVSTORE # ) } # ) :0 WH # ( * ^Subject: Returned mail: User unknown * !^majorlog $SPAM_NULL_NO_RCVSTORE # ) :0 WB # ( * Mailbox unknown or not accepting mail # 550 a@b.c... No such user $SPAM_NULL_NO_RCVSTORE # ) :0 WB # ( # sent by Kerio MailServer 6.0.6 * Mailbox invalid or does not exist $SPAM_NULL_NO_RCVSTORE # ) } # ) :0 WH # ( * ^Subject:.*failure notice { :0 WB # ( * there are no users here by that name $SPAM_NULL_NO_RCVSTORE # ) :0 WB # ( * ^Hi\. This is the qmail-send program at * ^I\'m afraid I wasn\'t able to deliver your message to the following addresses. * ^This is a permanent error; I\'ve given up. Sorry it didn\'t work out. $SPAM_NULL_NO_RCVSTORE # ) :0 WB # ( * ^We\'re sorry. There\'s a problem with the e-mail address\(es\) you\'re trying # brackets.c \' $SPAM_NULL_NO_RCVSTORE # ) :0 WB # ( * ^This address no longer accepts mail. $SPAM_NULL_NO_RCVSTORE # ) :0 WB # ( * ^Sorry, no mailbox here by that name. vpopmail \(#5.1.1\) $SPAM_NULL_NO_RCVSTORE # ) :0 WB # ( * ^Remote host said: 550 sorry, no mailbox here by that name. \(#5.7.17\) $SPAM_NULL_NO_RCVSTORE # ) :0 WB # ( * ^NO FUE POSIBLE ENTREGAR SU MENSAJE A LAS SIGUIENTES DIRECCIONES. * ^LO SIENTO, EL BUZON NO EXISTE. \(#5.1.1\) $SPAM_NULL_NO_RCVSTORE # ) :0 WB # ( * ^Error en la entrega a los siguientes destinatarios $SPAM_NULL_NO_RCVSTORE # ) :0 WB # ( * Hi. This is the qmail-send program at * Invalid or unknown virtual user $SPAM_NULL_NO_RCVSTORE # ) } # ) :0 WH # ( * ^Subject:.*Delivery Status Notification \(Delay\) { :0 WB # ( * ^This is an automatically generated Delivery Status Notification * THIS IS A WARNING MESSAGE ONLY. * YOU DO NOT NEED TO RESEND YOUR MESSAGE. * Delivery to the following recipient has been delayed: $SPAM_NULL_NO_RCVSTORE # ) } # ) :0 WH # ( * ^Subject:.*Delivery Status Notification \(Failure\) { :0 WB # ( * ^Delivery to the following recipients failed $SPAM_NULL_NO_RCVSTORE # ) :0 WB # ( # The following message to was undeliverable. # JJLATER might FAIL: * ^The following message to \<[[:print:]]+@[[:print:]]+\> was undeliverable\. * ^The following message to \<[a-z0-9\.\-]+@[a-z0-9\.\-]+\> was undeliverable\. $SPAM_NULL_NO_RCVSTORE # ) :0 WB # ( * ^5\.1\.0 - Unknown address error 550- { :0 WB # ( * \'5\.1\.1 unknown or illegal alias: # \' brackets.c matcher $SPAM_NULL_NO_RCVSTORE # ) :0 WB # ( * \'User does not exist\' $SPAM_NULL_NO_RCVSTORE # ) :0 WB # ( * \'5\.1\.1 User unknown\' $SPAM_NULL_NO_RCVSTORE # ) } # ) :0 WB # ( * \>\.\.\. Address invalid $SPAM_NULL_NO_RCVSTORE # ) } # ) :0 WH # ( * ^Subject:.*Automatically rejected mail # Your message was automatically rejected by Dovecot Mail Delivery Agent # The following reason was given: # Quota exceeded $SPAM_NULL_NO_RCVSTORE # ) :0 WH # ( * ^MIME-Version: { :0 WH # ( * ^Content-Type: multipart/report; report-type=delivery-status { :0 WH # ( * ^Subject:.*Warning: could not send message for past { :0 WB # ( * Deferred: Operation timed out with $SPAM_NULL_NO_RCVSTORE # ) :0 WB # ( * THIS IS A WARNING MESSAGE ONLY * YOU DO NOT NEED TO RESEND YOUR MESSAGE $SPAM_NULL_NO_RCVSTORE # ) :0 WB # ( * ^Warning: message still undelivered after . days $SPAM_NULL_NO_RCVSTORE # ) :0 WB # ( * ^Will keep trying until message is . days old $SPAM_NULL_NO_RCVSTORE # ) } # ) } # ) :0 WH # ( * ^Content-Type: multipart/related { :0 WB # ( * ^Content-Type: image/jpg $SPAM_NULL_NO_RCVSTORE # ) } # ) } # ) :0 WH # ( * ^From Mail Delivery Subsystem \: 550 5.1.1 User unknown * : 550 5.1.1 User unknown $SPAM_NULL_NO_RCVSTORE # ) :0 WB # ( # ^550 5.1.1 : Recipient address rejected: User unknown in local recipient table * ^550 5\.1\.1 \<[a-z\-\.\_]+\@[a-z\-\.\_]+\>: Recipient address rejected $SPAM_NULL_NO_RCVSTORE # ) :0 WB # ( * ^The message has not been collected after [0-9]+ days $SPAM_NULL_NO_RCVSTORE # ) } # ) :0 WH # ( * ^Subject:.*Undeliverable: { :0 WB # ( * ^did not reach the following recipient $SPAM_NULL_NO_RCVSTORE # ) } # ) :0 WH # ( Yahoo are so ignorant they reply to majordomo ! # From:.*Yahoo\! Groups \ * ^Subject:.*Unable to process your message { :0 WB # ( * ^We are unable to process the message from \ # Your message was addressed to a group (eusdreams) # that does not exist. # Please check to make sure you spelled the group name # correctly. $SPAM_NULL_NO_RCVSTORE # ) :0 WB # ( # For further assistance, please visit http://help\.yahoo\.com/help/us/groups/ * ^For further assistance, please visit http:// $SPAM_NULL_NO_RCVSTORE # ) } # ) :0 WH # ( * charset="Windows-1252" $SPAM_NULL_NO_RCVSTORE # ) :0 WH # ( * ^From:.*Mail Delivery System \ $SPAM_NULL_NO_RCVSTORE # ) :0 WH # ( # From: mailmarshal@wiley.com * ^From: mailmarshal@ $SPAM_NULL_NO_RCVSTORE # ) :0 WH # ( * ^Subject: failure delivery # Received: from mta832.mail.ukl.yahoo.com # *^Can\'t open mailbox for [a-z0-9\.\-]+@[a-z0-9\.\-]+ Temporary error # ' brackets.c matcher # *^\/\/I\'m not going to try again; this message has been in the queue too long. # ' brackets.c matcher $SPAM_NULL_NO_RCVSTORE # ) # Above here :0 WH, below is :0 WB :0 WB # ( * 5\.1\.0 - Unknown address error 550- { :0 WB # ( * User unknown\. * ^The following message to * was undeliverable\. * ^The reason for the problem: * User unknown\' # brackets.c ' $SPAM_NULL_NO_RCVSTORE # ) :0 WB # ( # 5\.1\.0 - Unknown address error 550-'vdnw@kbcsecurities.fr... No such user' * No such user\' # brackets.c ' $SPAM_NULL_NO_RCVSTORE # ) } # ) :0 WB # ( * Failed to deliver to * User unknown\. $SPAM_NULL_NO_RCVSTORE # ) :0 WH # ( * ^Subject:.*Returned mail: see transcript for details { :0 WB # ( # { # I dont know why this rule # * \(reason: 550 5\.1\.1 # brackets.c ) # causes this error # procmail: Invalid regexp "(reason: 550 5.1.1" # brackets.c ")" # (maybe rules can not begin with a '(' ? # brackets.c ')' # so I drop the leading parenthesis). * reason: 550 5\.1\.1 # } # brackets.c ( * User unknown\) * !^majorlog $SPAM_NULL_NO_RCVSTORE # ) } # ) :0 WH # ( * ^Subject: Delivery status notification { :0 WB # ( * ^Delivery to the following recipients failed permanently: $SPAM_NULL_NO_RCVSTORE # ) } # ) :0 WB # ( * (berklix|bsdpie|surfacevision|monometro)\.(org|com|net|eu|co\.uk): not replying to majordomo to avoid mail loop\. $SPAM_NULL_NO_RCVSTORE # ) :0 WB # ( * ^Hi\. This is the qmail-send program at { :0 WB # ( * ^user is over quota $SPAM_USER_SUSPENDED # ) :0 WB # ( * ^is not a valid return address $SPAM_NULL_NO_ACCESS # ) } # ) :0 WB # ( * ^MAJORDOMO ABORT \(mj_majordomo\)\!\! { :0 WB # ( * ^majordomo\@((lists|webmail|slim|tower|flat|js)\.|)(berklix|bsdpie|surfacevision|monometro)\.(org|com|net|eu|co\.uk) punting to avoid mail loop\. $SPAM_NULL_NO_RCVSTORE # ) :0 WB # ( * ^HOSTILE ADDRESS \(invalid first char or \|\) $SPAM_NULL_NO_RCVSTORE # ) :0 WB # ( * ^HOSTILE ADDRESS \(no x400 c=\) $SPAM_NULL_NO_RCVSTORE # ) :0 WB # ( * ^majordomo@((lists|webmail|slim|tower|flat|js)\.|)(berklix|bsdpie|surfacevision|monometro)\.(org|com|net|eu|co\.uk) * is not a valid return address\. $SPAM_NULL_NO_RCVSTORE # ) } # ) :0 WB # ( * not listed in Domino Directory $SPAM_NULL_NO_RCVSTORE # ) :0 WB # ( HTML In Body * ^\<\!DOCTYPE html PUBLIC * \ $SPAM_NULL_NO_RCVSTORE # ) :0 WB # ( PDF In Body * ^Content-Type: application/pdf $SPAM_NULL_NO_RCVSTORE # ) :0 WB # ( * ^This message is in MIME format. Since your mail reader does not understand * ^this format, some or all of this message may not be legible. $SPAM_NULL_NO_RCVSTORE # ) :0 WB # ( * ^Subject: Majordomo results: # ( brackets.c matcher * 550 5\.1\.1 Mailbox \<[a-z0-9\.\-]+@[a-z0-9\.\-]\> does not exist\) $SPAM_NULL_NO_RCVSTORE # ) :0 WB # ( * ^Sorry. Your message could not be delivered to: $SPAM_NULL_NO_RCVSTORE # ) :0 WB # ( * ^Your message could not be delivered to $SPAM_NULL_NO_RCVSTORE # ) :0 WB # ( * ^Votre message n'a pas pu etre delivre a # brackets.c matcher: ' # ) } # ) :0 WH # ( * ^DEBUGtestingxxx:file=procmailrc.owner_dump:debug=0 | $RCVSTORE +test # ) :0 WH # ( * ^Reply-To:.*majordomo@((lists|webmail|slim|tower|flat|js)\.|)(berklix|bsdpie|surfacevision|monometro)\.(org|com|net|eu|co\.uk) * ^From:.*majordomo@((lists|webmail|slim|tower|flat|js)\.|)(berklix|bsdpie|surfacevision|monometro)\.(org|com|net|eu|co\.uk) { :0 WB # ( HTML spam * ^\*\*\*\* Command \'content-type:\' not recognized\. * ^Command \'content-transfer-encoding:\' not recognized\. $SPAM_NULL_NO_RCVSTORE # ) } # ) :0 WB # ( Dump reports of majordomo failing to reply to spam. * THIS IS A WARNING MESSAGE ONLY * YOU DO NOT NEED TO RESEND YOUR MESSAGE * Transcript of session follows * while talking to * ^From:.*majordomo@((lists|webmail|slim|tower|flat|js)\.|)(berklix|bsdpie|surfacevision|monometro)\.(org|com|net|eu|co\.uk) * ^Subject:.*Majordomo results: * ^Reply-To:.*majordomo@((lists|webmail|slim|tower|flat|js)\.|)(berklix|bsdpie|surfacevision|monometro)\.(org|com|net|eu|co\.uk) * ^\*\*\*\* Command \' * \' not recognized\. # JJLATER change back from OWNER_MAJORDOMO to SPAM_NULL_NO_RCVSTORE once I have # checked header and can merge into another condition eg: # ^To:.*Majordomo-Owner@((lists|webmail|slim|tower|flat|js)\.|)(berklix|bsdpie|surfacevision|monometro)\.(org|com|net|eu|co\.uk) $OWNER_MAJORDOMO # ) :0 WB # ( # Trap spammers who crap at majordomo, faking their address as being domo. * mailbox is full * Help for majordomo@((lists|webmail|slim|tower|flat|js)\.|)(berklix|bsdpie|surfacevision|monometro)\.(org|com|net|eu|co\.uk) # JJLATER change back from OWNER_MAJORDOMO to SPAM_NULL_NO_RCVSTORE once I have # checked header and can add another condition eg: # ^To:.*Majordomo-Owner@((lists|webmail|slim|tower|flat|js)\.|)(berklix|bsdpie|surfacevision|monometro)\.(org|com|net|eu|co\.uk) $OWNER_MAJORDOMO # ) :0 WB # ( * ^\*\*\*\* Command \'\\' not recognized\. # JJLATER change back from OWNER_MAJORDOMO to SPAM_NULL_NO_RCVSTORE once I have # checked header and can add another condition eg: # ^To:.*Majordomo-Owner@((lists|webmail|slim|tower|flat|js)\.|)(berklix|bsdpie|surfacevision|monometro)\.(org|com|net|eu|co\.uk) $OWNER_MAJORDOMO # ) :0 WB # ( # Match both: # * ^\*\*\*\* Command \'content-transfer-encoding:\' not recognized\. # * ^Command \'content-transfer-encoding:\' not recognized\. * Command \'content-transfer-encoding:\' not recognized\. # JJLATER change back from OWNER_MAJORDOMO to SPAM_NULL_NO_RCVSTORE once I have # checked header and can add another condition eg: # ^To:.*Majordomo-Owner@((lists|webmail|slim|tower|flat|js)\.|)(berklix|bsdpie|surfacevision|monometro)\.(org|com|net|eu|co\.uk) $OWNER_MAJORDOMO # ) :0 WB # ( * Command \'content-type:\' not recognized\. # JJLATER change back from OWNER_MAJORDOMO to SPAM_NULL_NO_RCVSTORE once I have # checked header and can add another condition eg: # ^To:.*Majordomo-Owner@((lists|webmail|slim|tower|flat|js)\.|)(berklix|bsdpie|surfacevision|monometro)\.(org|com|net|eu|co\.uk) $OWNER_MAJORDOMO # ) :0 WH # ( * ^To:.*(webmaster|postmaster|hostmaster|root)@([a-z]+\.|)(berklix|bsdpie|surfacevision|monometro)\.(org|com|net|eu|co\.uk) { :0 WH # ( * ^DEBUGtestingxxx:file=procmailrc.owner_dump:debug=1 | $RCVSTORE +test # ) # Serious computer industry competent people should use Ascii only, # which will pass through to later. :0 WH # ( * ^MIME-Version: 1\.0 # I used to have: * ^Content-Type: multipart/alternative # But 2008.03.02 to now also catch: # Content-Type: multipart/related; # type="multipart/alternative"; # boundary="\-\-\-\-=_NextPart_00 # " brackets.c matcher * ^Content-Type: multipart/ * ^(Content-|.+)type(:|=)(.+|)multipart/alternative { :0 WH # ( * ^DEBUGtestingxxx:file=procmailrc.owner_dump:debug=2 | $RCVSTORE +test # ) :0 WB # ( # Incompetents eg Microsoft Outlook (new name Entourage) users # send both Ascii & HTML. * Content-Type: text/plain * Content-Type: text/html $SPAM_NULL_NO_RCVSTORE # ) :0 WB # ( * Content-Type: text/html * Content-Type: image/gif $SPAM_NULL_NO_RCVSTORE # ) :0 WB # ( * Content-Type: text/html * Content-Type: image/(jpeg|jpg) $SPAM_NULL_NO_RCVSTORE # ) :0 WB # ( # Dump those who do not include ascii ie just .gif spammers * !Content-Type: text/plain $SPAM_NULL_NO_RCVSTORE # ) # Remaining computer incompetents who send both HTML & Ascii, # - Friends will be addressing jhs@, so pass through. # - customers have read my page so address eg jhs@ # - Extra spammers addressing webmasters etc, offering # cross linkage get dumped # - @postmaster would be a waste of time as incompetent. :0 WH # ( * ^DEBUGtestingxxx:file=procmailrc.owner_dump:debug=3 | $RCVSTORE +test # ) } # ) :0 WH # ( * ^DEBUGtestingxxx:file=procmailrc.owner_dump:debug=4 | $RCVSTORE +test # ) } # ) :0 WH # ( * ^DEBUGtestingxxx:file=procmailrc.owner_dump:debug=5 | $RCVSTORE +test # ) :0 WH # ( # mailer-daemon is not in aliases or passwd, but spammers got through. * ^To:.*mailer-daemon@([a-z]+\.|)(berklix|bsdpie|surfacevision|monometro)\.(org|com|net|eu|co\.uk) # Spammers & idiots write to mailer-daemon. $SPAM_NULL_NO_RCVSTORE # | $RCVSTORE +spam/mailer-daemon # ) :0 WH # ( * ^DEBUGtestingxxx:file=procmailrc.owner_dump:debug=6 | $RCVSTORE +test # ) :0 WH # ( # * ^From: MAILER-DAEMON@arcor-online.net (Mail Delivery System) * ^From: MAILER-DAEMON@.+ \(Mail Delivery System\) * ^To: owner\-.+@(|(lists|webmail|slim|tower|flat|js)\.)(berklix|bsdpie|surfacevision|monometro)\.(org|com|net|eu|co\.uk) { :0 WH # ( * ^DEBUGtestingxxx:file=procmailrc.owner_dump:debug=7 | $RCVSTORE +test # ) :0 WB # ( * ^This is the Postfix program at host * \<.+@.+\>\): permission denied. Command output: maildrop: maildir * over quota. $SPAM_NULL_NO_RCVSTORE # ) :0 WH # ( * ^DEBUGtestingxxx:file=procmailrc.owner_dump:debug=8 | $RCVSTORE +test # ) } :0 WH # ( * ^DEBUGtestingxxx:file=procmailrc.owner_dump:debug=9 | $RCVSTORE +test # )