headers
Curtis Maurand | 1 Aug 2007 04:02

Re: PDF spam


I found a script somewhere that goes out and gets a database file for
clamav and uses clamav's facilities for pulling apart the pdf's and
scanning them.  you should be able to find it via google.  Its called
scam.sh

Curtis

LuKreme wrote:
> On 31-Jul-2007, at 16:03, Mar Matthias Darin wrote:
>> Scott Moseman writes:
>>> Are there any good recipes for dealing with the latest PDF spams?
>>
>> After spending some time studying the IP addresses, most (in my
>> case 98%,
>> YMMV though) originate from dynamic IP addresses.  I've had a hard
>> time
>> getting a good sample, DynaStop has elimited a good majority of
>> them.  I
>> might see 1 or 2 every few days make it through DynaStop.
>
> That might explain why I was nonplussed about this issue when it was
> first raised.  Anything that looks like it might possibly be from a
> dynamic ip range is greylsited by postfix before the DATA portion of
> the SMTP transaction.  I haven't seen any of the pdf spams (yet).
>
> I'm getting quite a lot of the "i'm a lonely girl looking for
> friends" spam, and the 'add me as a myspace friend because I had to
> move my nudie pics off myspace" spam, but that's on my one account
> that has almost no spam protection after the RBLs/Greylisting.
(Continue reading)

Permalink | Reply | 1 comment |
headers
Mar Matthias Darin | 1 Aug 2007 08:04

Re: PDF spam

Hello, 

LuKreme writes: 

> I'm getting quite a lot of the "i'm a lonely girl looking for  
> friends" spam, and the 'add me as a myspace friend because I had to  
> move my nudie pics off myspace" spam, but that's on my one account  
> that has almost no spam protection after the RBLs/Greylisting.

I haven't had any of either of those.  Do you have a few IP addresses of 
them? 

 --- 

DynaStop: Stopping spam one dynamic IP address at a time.
http://tanaya.net/DynaStop/
Permalink | Reply | 0 comments |
headers
Scott Moseman | 2 Aug 2007 04:31
Picon

Script for Testing?

Instead of matching regular expressions against the email, can I send
either specific headers or the entire email to a script and have the
output of the script provide the match or no match results?  Where I'm
going with this is that I'm interested in trying to compare headers to
data contained in a database instead of a grep using a text file.

Thanks,
Scott
Permalink | Reply | 1 comment |
headers
Poohba | 2 Aug 2007 13:29
Picon

Help with redundancy

Please tell me if any of this is redundant and/or if I can combine some
of these.

I have emails in the trash folder that don't correspond to any emails or
host in my files

# Next may be needed if programs are invoked from your procmailrc, but
# it should not be needed for the simple sorting recipes on this page.
# Details in Check Your $SHELL and $PATH in Troubleshooting below.
## SHELL=/bin/sh

# Directory for storing procmail configuration and log files
# You can name this environment variable anything you like
# (for example PROCMAILDIR) or, if you prefer, don't set it
# (but then don't refer to it!)
PMDIR=$HOME/.procmail

# LOGFILE should be specified ASAP so everything below it is logged
# Put ## before LOGFILE if you want no logging (not recommended)
LOGFILE=$PMDIR/killfile

# To insert a blank line between each message's log entry,
# uncomment next two lines (this is helpful for debugging)
## LOG="
## "

# Set to yes when debugging; default is no
VERBOSE=yes

# Replace $HOME/Msgs with your mailbox directory
(Continue reading)

Permalink | Reply | 0 comments |
headers
Klaus Johannes Rusch | 2 Aug 2007 09:29
X-Face

Re: Script for Testing?

Scott Moseman wrote:

>Instead of matching regular expressions against the email, can I send
>either specific headers or the entire email to a script and have the
>output of the script provide the match or no match results?
>
OUTPUT=`(formail -x"Header" | yourscript)`
will send the "Header" header to your script and store the output in the 
variable OUTPUT for further processing.

--

-- 
Klaus Johannes Rusch
KlausRusch <at> atmedia.net
http://www.atmedia.net/KlausRusch/
Permalink | Reply | 0 comments |
headers
Larry Vaden | 2 Aug 2007 17:33

howto for running procmail on a postfix relay?

A good friend at the University of Oregon has suggested we run John
Hardin's Email Sanitizer.

Does anyone have any clues on running procmail on a postfix relay?

kind regards/ldv

Larry Vaden
Internet Texoma, Inc.
Permalink | Reply | 1 comment |
headers
Patrick Shanahan | 2 Aug 2007 17:45
Picon

Re: howto for running procmail on a postfix relay?

* Larry Vaden <vaden <at> texoma.net> [08-02-07 11:39]:
> A good friend at the University of Oregon has suggested we run John
> Hardin's Email Sanitizer.
> 
> Does anyone have any clues on running procmail on a postfix relay?

11:43 wahoo:~ > egrep procmail /etc/postfix/master.cf /etc/postfix/main.cf
/etc/postfix/master.cf:  procmail  unix  -       n       n       -      -       pipe
/etc/postfix/master.cf:  flags=R user=nobody argv=/usr/bin/procmail -t -m /etc/procmailrc
${sender} ${recipient}
/etc/postfix/main.cf:    mailbox_command = /usr/bin/procmail

--

-- 
Patrick Shanahan         Plainfield, Indiana, USA        HOG # US1244711
http://wahoo.no-ip.org     Photo Album:  http://wahoo.no-ip.org/gallery2
Registered Linux User #207535                     <at>  http://counter.li.org
Permalink | Reply | 0 comments |
headers
Dallman Ross | 2 Aug 2007 17:57

RE: set status of mails in maildirs?

LuKreme ("Kreemy") wrote on 1 August 2007:

> >> On 30-Jul-2007, at 11:55, N.J. Mann wrote:
> >>>   { TRAP='mv $LASTFOLDER ${LASTFOLDER}:2,F' }

> Sorry, I just have no idea what that is supposed to do.  I 
> don't even know where to begin.

Well, gee, Kreemy.  We discussed it a couple or three years
ago when you were on the list.

LASTFOLDER knows where in the maildir hierarchy the file was
saved and what its name is.  Maildir uses that :2,F thing
on the end to mark messages read.  Voila.

> OK, first off, wouldn't this TRAP need to be enclosed in backticks  
> instead of single quotes? Second off, what's it do?

No.  See "man procmailex" for at least three examples of TRAP.
Here's one of them:

       If you are using temporary files in a procmailrc file,
       and want to make sure that they are removed just before
       procmail exits, you could use something along the lines
       of:

              TEMPORARY=$HOME/tmp/pmail.$$
              TRAP="/bin/rm -f $TEMPORARY"

See "man procmailrc" for how TRAP works.
(Continue reading)

Permalink | Reply | 8 comments |
headers
Dallman Ross | 2 Aug 2007 19:00

RE: set status of mails in maildirs?

N.J. Mann wrote Thursday, August 02, 2007 6:52 PM:

> To mark a message as seen you need to add ":2,S" - as Michelle
> Konzack correctly pointed out.  (Next time I will not rush when
> posting a reply to the list.  I _will_ double and triple check my
> facts!)

Okay.  precision is good, but I wasn't sweating the details
in my general explanation.  But yeah, thanks.

> http://cr.yp.to/proto/maildir.html  has an explanation of maildir
> mailbox format.

Good to keep handy.

> Dallman Ross wrote:

> > Oh, and ignore that mess that Michelle posted with all sorts of

> Actually, I think Michelle may be correct, but I haven't tested the
> recipes posted by Michelle.  

I wasn't objecting to the underlying concept, just to the
Rube-Golbergesque set of unnecessary pipes and shell calls
to perform that concept.  Most of it can be done in procmail
without much trouble, I think.

Dallman
Permalink | Reply | 2 comments |
headers
N.J. Mann | 2 Aug 2007 18:51

Re: set status of mails in maildirs?

In message <!~!UENERkVCMDkAAQACAAAAAAAAAAAAAAAAABgAAAAAAAAAfIuZ1uAZ0BGnLERFU1QAAMKAAAAQAAAAJZKjBXtRWk+4rgaomyaVxwEAAAAA <at> nomotek.com>,
Dallman Ross wrote:
> LuKreme ("Kreemy") wrote on 1 August 2007:
> > >> On 30-Jul-2007, at 11:55, N.J. Mann wrote:
> > >>>   { TRAP='mv $LASTFOLDER ${LASTFOLDER}:2,F' }
> 
> 
> > Sorry, I just have no idea what that is supposed to do.  I 
> > don't even know where to begin.
> 
> Well, gee, Kreemy.  We discussed it a couple or three years
> ago when you were on the list.

It was in November 2006. :-)  See:
http://mailman.rwth-aachen.de/pipermail/procmail/2006-November/025064.html
I knew what I wanted to do, but wasn't sure of the best way to do it.
David W. Tamkin was kind enough to suggest the TRAP method.

Thanks for answering "Kreemy".  I was just about to until I saw your
reply.  You explained TRAP far better than I could have done!

> LASTFOLDER knows where in the maildir hierarchy the file was
> saved and what its name is.  Maildir uses that :2,F thing
> on the end to mark messages read.  Voila.

Actually, the :2,F "flags" the mail, it doesn't mark it as read or
"seen" which is the maildir mailbox format term.  To mark a message as
seen you need to add ":2,S" - as Michelle Konzack correctly pointed out.
(Next time I will not rush when posting a reply to the list.  I _will_
double and triple check my facts!)
(Continue reading)

Permalink | Reply | 3 comments |

Gmane