So you want to filter spam and not have a long list of senders and hosts? Try to understand spam. This is what my .procmailrc does … and some things more. Enjoy! Use at your own risk.
Lines starting with | are part of the file, anything else is an explanation.lynx -dump -width=500 http://piology.org/.procmailrc.html|grep '^|'|cut -c3-
will produce the original version for you.
If you return to this page, note the changes.
| PATH=/bin:/usr/bin:/usr/local/bin:/usr/sbin:$HOME/bin | SENDMAIL="sendmail" | SHELL=/bin/sh | MAILDIR=$HOME/.procmail | LOGFILE=$HOME/.procmail/procmail.log
Make sure the previous lines work for your system.
| VERBOSE=OFF
| LOGABSTRACT=NO
|
| # Viren
| :0
| * ^X-Zid-Univie-Virus-Alert:[ ]*\/.*
| {
| LOG="Virus: $MATCH
| "
| LOGABSTRACT=ALL
| :0:
| virus
| }
If you mail server adds some header for detected viruses, this is the place to catch it. If it doesn't, delete the recipe.
| :0: | * ^Content-Type:.*multipart/ | * 1^1 B ?? ^Content-Type:.*application/x-msdownload | * 1^1 B ?? ^Content-Type:.*name=.*\.(exe|scr|pif|com|bat) | * 1^1 B ?? ^[ ]+(file)?name=.*\.(exe|scr|pif|com|bat) | * -1^1 B ?? ^[ ]+(file)?name=3D.*\.(exe|scr|pif|com|bat) | virus-suspects
In that recipe we try to catch mails which passed the virus check, but have attachments of virus file types.
| # Out of office replies NetLaw
| :0
| * ^Subject:[^:]*\/(Out.of.Office.*Reply|Abwesenheitsnotiz).*NETLAW-L
| {
| LOCKFILE=tmp/y
| LOG="Muell: $MATCH
| "
| Foo=`rm -f tmp/body`
| :0c
| tmp/body
| :0cW
| | (formail -zrt -X 'To:';cat msg/autoreply.txt tmp/body) | $SENDMAIL -oi -t
| LOGABSTRACT=ALL
| :0
| /dev/null
| LOCKFILE=
| }
This is an example how to complain for auto-replies to mailing-lists. autoreply.txt must contain the needed header fields. Adjust or delete.
| # Header aufraeumen fuer NetLaw-Schrottware
| :0
| * ^From owner-netlaw-l@LISTSERV.GMD.DE
| {
| SUBPERL=`formail -zxSubject: | perl -0777p -mMIME::Words=:all -e'$char=(/=\?([^?]+)\?[bBqQ]\?/);$_=decode_mimewords($_);s/\[(?:NETLAW-L|BDSM-Austria)\]\s*//g;s/^(?:(?:R[eE]|AW|Antw(?:ort)?):\s+)+/Re: /s;$_=encode_mimewords($_,"Q",$char)'`
| :0fw
| | formail -i"Subject: $SUBPERL" -I"Reply-To:"
| }
This is an example how to fix subjects for mailing-lists which add their name in square brackets. Also bogus Reply-To is removed. Adjust or delete.
| ## Clean CNN Breaking News | :0fw | * ^Sender:.*BreakingNews@MAIL.CNN.COM | | sed -e '/^Watch CNN or log on to/,$ d'
This is an example how to delete unwanted mail parts at the end.
| ## Save From, Envelope-to | :0fw | * ^From \/.* | | formail -i"X-pi-From: $MATCH" | :0fw | * ^Envelope-to:[ ]+\/.* | * ! ^Envelope-to:.*3.14@logic.univie.ac.at | | formail -i"X-pi-Envelope-to: $MATCH"
Try to save some information which might get lost otherwise. Does not work with all mail transfer agents (MTAs).
| ## Bounces to answering system | :0 | * ! ^Subject:.*somestringhere | * ^From[ ]+\/.* | * -1^0 | * 1^0 ^FROM_MAILER | * 1^0 ^TO3\.14\+as | * 1^0 ^X-pi-Envelope-to:.*3\.14\+as | * 1^0 B ?? ^From: .*pi's answering system | * 1^0 ^Subject: Your recent message sent via abuse.net | /dev/null
Here we catch replies or bounces to bounces. Replace somestringhere by some "safeword" which you name in your bounces (see below).
| ## Blacklist 1 | #:0fw | #* ! ^(From|Sender:).*(owner|request)
Rules for people you don't want to see (will bounce) go here. The previous line avoids mails from mailing-list, which you might have to improve depending on the lists you have. To activate remove the comment symbols and add something you want to catch.
| #| formail -i"X-pi-Spam-rated: Blacklisted by $MATCH" | # | # | ## Blacklist 2 | #:0fw
As before, now we even bounce mailing-lists like those spammers create.
| #| formail -i"X-pi-Spam-rated: Blacklisted by $MATCH"
|
| :0HB
| * ? bogofilter
| {
| FROM=`formail -zxX-pi-From:`
| SUBJECT=`formail -zxSubject: | perl -0777p -mMIME::Words=:all -e'$_=decode_mimewords($_);s/\s+/ /sg;$_=substr($_,0,69);'`
| LOGFILE=bogofilter.log
| LOG="From $FROM
| Subject: $SUBJECT
| "
| :0:
| bad
| }
In the previous recipe we let bogofilter determine if something is spam. If so it is written to the file bad which is logged in a special file bogofilter.log. Whatever is not recoginzed will be treated as being not spam. You will later have to manually correct that.
| # Check PGP-Signatures
| :0
| * ^Content-Type:.*multipart/signed
| {
| FOO=`pgp6 -f 2>&1 >/dev/null|sed -n '/signature/{;s/File is signed\. //;N;s/\n/ /;p;}'`
| :0fw
| | formail -i"X-pi-PGP-checked: $FOO"
| }
Your pgp might have a different name, for gpg you will have to fix more.
| # Clean MIME mails
| :0
| * ! ^FROM_MAILER
| * ^Content-Type:.*multipart/
| {
| :0c:
| tmp/fixmail
| :0fw
| | fixmail.pl
| }
If you want to get rid of useless MIME parts.
This here is the place where you want to drop (or save to a junkfile) postings from lusers on various mailing-lists.
| ### Good ... | #:0fw | #* ! ^X-pi-Spam-rated: | ## myself | #* 1^0 ^\/From:.*\/3\.14@ | #* 1^0 ^Subject: +\/Cron | ## MTAs etc. | #* 1^0 ^Subject:.*\/Returned mail | #* 1^0 \/^FROM_MAILER | #* 1^0 ^Subject:.*\/somestringhere | ## mailing lists | #* 1^0 ^(From|Sender:)[^:]*\/(owner|request)[a-zA-Z0-9.+_\-]*@ | #* 1^0 ^\/List- | #* 1^0 ^\/(X-)?Mailing-List: | #* 1^0 ^\/X-listar-version: | ## lusers | #* 1^0 ^From:.*\/icann\.org | #* 1^0 ^From.*\/nobody@mothra\.mozilla\.org | #| formail -i"X-pi-Spam-rated: Save by $MATCH" | # | ##:0A: | ##$DEFAULT
There are some things you want to see even if they look like spam. Also make sure you don't bounce things you should not. Above some example, adjust to your own needs. The "lusers" section might get long, depending on your friends;-). Recall that somestringhere has to consistently be replaced everywhere.
| ### Silently drop all completely unreadable spam | #:0 | #* 1^0 ^\/Subject:.*=\?(.*big5|iso-2022-jp|ISO-2022-KR|euc-kr|gb2312|ks_c_5601-1987|windows-1251|windows-1256)\? | #* 1^0 ^Content-Type:.*charset="?(.*big5|iso-2022-jp|ISO-2022-KR|euc-kr|gb2312|ks_c_5601-1987|windows-1251|windows-1256) | #/dev/null
| ### Unqualified addresses are only used by spammers | #:0c | #* ! ^X-pi-Spam-rated: | #* ^(From|To|Sender|Reply-To):[ ]*.*@YOURPROVIDER
For YOURPROVIDER insert whatever your mail server adds to unqualified addresses. If that does not happen, simply delete this rule. Be careful, that you do not have correct host names here.
| #| bogofilter -Ns
| #:0a
| #{
| # LOG="Spam: Unqualified address used
| # "
| # LOGABSTRACT=ALL
| # :0:
| # bad
| #}
|
| LOGFILE=procmail.log
Unqualified addresses are a clear sign of spam. We tell bogofilter right away to corret this and file the spam accordingly.
| ## Test | :0:
If you have new ideas how to detect spam, test them here. Don't leave empty, delete otherwise.
| test | | | ### ... Evil ... | #MATCH= | #:0fw | #* ! ^X-pi-Spam-rated: | #* ! ^FROM_MAILER | #* 1^0 B ?? ^[^>].*message is being brought to you by \/EMAIL BLASTER | #* 1^0 B ?? ^[^>].*message provided by \/BULK E-MAIL | #* 1^0 B ?? ^[^>].*\/Click Below To Be Removed | #* 1^0 B ?? ^[^>].*\/don't w(ish|ant) to receive | #* 1^0 B ?? ^[^>].*\/exclusively to our subscribers | #* 1^0 B ?? ^[^>].*\/Global Remove List | #* 1^0 B ?? ^[^>].*\/prefer not to recieve future E-mails | #* 1^0 B ?? ^[^>].*\/received this e.?mail in error | #* 1^0 B ?? ^[^>].*\/wish(ed)? to be removed | #* 1^0 B ?? ^[^>].*\/want to be REMOVED | #* 1^0 B ?? ^[^>].*\/to the removal lists | #* 1^0 B ?? ^[^>].*you.*\/opt.in.*list | #* 1^0 B ?? ^[^>].*\/opt-in e-mail | #* 1^0 B ?? ^[^>].*orry \/for the inconvenience | #* 1^0 B ?? ^[^>].*\/Remove.*in (the )?(subject|header) | #* 1^0 B ?? ^[^>].*\/remove yourself from future | #* 1^0 B ?? ^[^>].*\/REMOVE YOUR E-?MAIL | #* 1^0 B ?? ^[^>].*\/remove your name from our mailing list | #* 1^0 B ?? ^[^>].*\/removed from .*(future|list|base) | #* 1^0 B ?? ^[^>].*\/(one|1).time (mailing|message|e-mail) | #* 1^0 B ?? ^[^>].*\/subject=remove | #* 1^0 B ?? ^[^>].*\/This is no spam | #* 1^0 B ?? ^[^>].*\/TYPE 'DELETE' IN THE SUBJECT | #* 1^0 B ?? ^[^>].*\/TYPE REMOVE | #* 1^0 B ?? ^[^>].*\/unsubscribe"? in the subject | #* 1^0 B ?? ^\/[^>].*visit our website | #* 1^0 B ?? ^[^>].*\/is \/not (a )?SPAM | #* 1^0 B ?? ^[^>].*message is \/sent in compliance | #* 1^0 B ?? ^E-mail sent using \/WorldMerge | #* 1^0 B ?? ^from.*\/future.*mailings | #* 1^0 B ?? ^\/If you (do not|no longer) wish to receive.* | #* 1^0 B ?? ^\/Powered by List Builder | #* 1^0 B ?? ^\/This message complies | #* 1^0 B ?? ^\/To be removed | #* 1^0 B ?? ^\/To remove yourself | #* 1^0 B ?? ^\/To unsubscribe (follow the link|go to|please click here|from future offers) | #* 1^0 B ?? ^\/subject:? "Remove" | #* 1^0 B ?? ^\*.*\/Super eMailer | #* 1^0 ^\/Subject:[ ]\/.*[^ -~][^ -~].*[^ -~][^ -~].*[^ -~][^ -~] | #* 1^0 ! ^(Resent-)?From: | #* 1^0 ^Date:.*\/ (200[01]|[01][0-9][0-9][0-9]) | #* 1^0 ^\/From:[ ]*$ | #* 1^0 ^\/(From|Sender:).*\/<> | #* 1^0 ^From.*\/[a-z0-9][a-z0-9][a-z0-9][a-z0-9][a-z0-9][a-z0-9][a-z0-9][a-z0-9][a-z0-9][a-z0-9][a-z0-9][a-z0-9][a-z0-9][a-z0-9][a-z0-9][a-z0-9][a-z0-9]@aol\.com | #* 1^0 ^From.*[ <]\/[0-9][a-z0-9]*@aol\.com | #* 1^0 ^From.*\/[-._$][a-z0-9]*@aol\.com | #* 1^0 ^From.*\/nousershere | #* 1^0 ^From:.*\/mlm | #* 1^0 ^From:.*\/[^ -~][a-z0-9.+_-]*@ | #* 1^0 ^(From|Reply-To:).*\/remove | #* 1^0 ^(From|Sender):.*\/@[^"<>()]*@ | #* 1^0 ^Illegal-Object: \/.* | #* 1^0 ^Message-\/ID:[ ]*<< | #* 1^0 ^(Message-ID:|From ).*\/seed\.net\.tw | #* 1^0 ^Received.*\/\[([0-9]+\.)?([0-9]+\.)?([0-9]+\.)?([03-9][0-9][0-9]|2[6-9][0-9]|25[6-9]) | #* 1^0 ^Received:.* \/-0600 \(EST\) | #* 1^0 ^Received:.*\/bulk_mailer | #* 1^0 ^Received:.*\/CLOAKED! | #* 1^0 ^Received:.*\/IPNG-ADV-ANTISPAM | #* 1^0 ^Received:.*\/mci\.net | #* 1^0 ^Received:.*\/unknown host | #* 1^0 ^Received:.*\/vucqpqlj | #* 1^0 ^([^S]|Se).*\/ybecker\.net | #* 1^0 ^\/Status: O | #* 1^0 ^Subject:[ []*\/ADV[]: ] | #* 1^0 ^Subject:[ ]+\/Betreff | #* 1^0 ^Subject:.*\/BUSINESS PROPOSAL | #* 1^0 ^Subject:.*\/edsubject | #* 1^0 ^To:[ ]*\/\.@.* | #* 1^0 ^TO\/bulkmailer | #* 1^0 ^TO\/friend@public\.com | #* 1^0 ^TO\/@nowhere\.com | #* 1^0 ^TO\/nobody.* | #* 1^0 ^TO\/spam.* | #* 1^0 ^To:.*\/customer | #* 1^0 ^To:.*\/you@ | #* 1^0 ^X-\/Advertise?ment: | #* 1^0 ^X-\/X-Bulkmail: | #* 1^0 ^X-\/Distribution: (Bulk|Mass) | #* 1^0 ^X-\/Mailer:.*(Allaire Cold ?Fusion|Aristotle Mail|Crescent Internet ToolPak ActiveX Mail Control|DiffondiCool|E-Mail Connection|Ellipse Bulk Emailer|Emailer Platinum|Extractor|FastMail|Floodgate|Hammer|Jamail|JMail|Mail Bomber|MailWorkZ|Marketing|MassE-Mail|massmail\.pl|My Own Email|NetMailer|newslettermaker|PG-MAILINGLIST|RIME|Serien-eMail|sndb 32|supermailer|WorldMerge) | #* 1^0 ^X-Sender:.*\/News Breaker Pro | #* 1^0 ^X-.*\/http://.*name removal | #| formail -i"X-pi-Spam-rated: Evil by $MATCH with score $="
OK, here we go, this is spam with a probability very close to one.
| ### Only Pegasus creates this header | #:0fw | #* ! ^X-pi-Spam-rated: | #* ^Comments:.*\/Authenticated sender.* | #* !^X-Mailer:.*Pegasus Mail | #* !^Resent- | #| formail -i"X-pi-Spam-rated: Liar by $MATCH"
This is a 100%er.
| ### Drop spam | #:0 | ##* ! ^X-pi-Spam-rated: Save by
Add some rule here for things which are (almost certainly) spam, but for some reason you do not want to bounce.
| #* ^X-pi-Spam-rated: \/.*
| #{
| # LOG=$MATCH"
| # "
| # LOGABSTRACT=ALL
| # :0
| # /dev/null
| #}
|
|
| ## License to kill
| :0
| #* ! ^X-pi-Spam-rated: Save by
Add some rule here for things which are (almost certainly) spam, but for some reason you do not want to bounce.
| * ^X-pi-Spam-rated: \/.*
| {
| LOCKFILE=tmp/y
| LOG=$MATCH"
| "
| Foo=`rm -f tmp/body`
| :0c
| tmp/body
| :0cW
| | (formail -zr -X 'To:';cat msg/bounce.txt tmp/body) | $SENDMAIL -oi -t
| LOGABSTRACT=ALL
| :0
| * ^From .*<>
| /dev/null
| EXITCODE=77
| :0
| /dev/null
| LOCKFILE=
| }
Here we strike back. This is a controversial issue. You should know what you do. Make sure to tell people the safeword here, also add headers as needed and explanation to bounce.txt.
| ################################################################################################ | | ### ... and Ugly | #MATCH= | #:0fw | #* ! ^X-pi-Spam-rated: | #* -50^0 ^TO3\.14@ | #* -50^0 ^Subject:.*fwd | #* -50^0 ^Subject:.*Re: | #* -50^0 ^Sender:.*owner | #* -10^0 ^To:.*:.*; | #* 51^0 ! ^Message-Id:[ ]+<[^ <>@]+@[^ <>@]+>[ ]*$ | #* 10^0 ! ^To: | #* 5^1 B ?? ^[^>].*\/_______________________ | #* 10^0 ^\/To:\/[^@]*$ | #* 15^1 B ?? (^N|^[^>].*\/N)AME.*_______________________________ | #* 15^1 B ?? (^A|^[^>].*\/A)DDRESS.*_______________________________ | #* 20^1 B ?? ^[^>].*\/CARD.*_______________________________ | #* 25^1 B ?? \/Click Here | #* 25^1 B ?? (^T|^[^>].*T)hank \/you for your time | #* 30^0 ^Subject:.*\/\$[0-9][0-9][0-9] | #* 30^0 ^Subject:.*\/XXX | #* 30^0 ^Subject:.*\/ware[sz] | #* 30^0 ^Subject:.*\/video | #* 30^0 ^Subject:.*\/\<trial | #* 30^0 ^Subject:.*\/\<rich\> | #* 30^0 ^Subject:.*\/\<real | #* 30^0 ^Subject:.*\/read this | #* 30^0 ^Subject:.*\/\<quick | #* 30^0 ^Subject:.*\/opportunity | #* 30^0 ^Subject:.*\/\<offer\> | #* 30^0 ^Subject:.*\/mortgage | #* 30^0 ^Subject:.*\/money | #* 30^0 ^Subject:.*\/market\> | #* 30^0 ^Subject:.*\/make\> | #* 30^0 ^Subject:.*\/http:// | #* 30^0 ^Subject:.*\/\<free\> | #* 30^0 ^Subject:.*\/\<fast\> | #* 30^0 ^Subject:.*\/dollar | #* 30^0 ^Subject:.*\/credit | #* 30^0 ^Subject:.*\/cheap | #* 30^0 ^Subject:.*\/business | #* 30^0 ^Subject:.*\/advertising | #* 30^0 ^Subject:.*\/\<bulk\> | #* 40^0 ^([^S]|Se).*\/ibm\.net | #* 40^0 ^From.*\/usa\.net | #* 40^0 ^From.*\/sales | #* 40^0 ^From.*\/hotmail\.com | #* 40^0 ^Received:.*\/da\.uu\.net | #* 40^0 ^Subject:.* [0-9][0-9][0-9][0-9]+$ | #* 55^0 B ?? ^\/[^>].*(Eur(o )?min(.?b|kv|re)|[0-9]minb) | #* 60^0 ^Content-type:.*\/charset=unknown-8bit | #* 60^0 ^From.*\/money | #* 60^0 ^From.*\/sex | #* 60^0 ^Subject:.*\/\$\$\$ | #* 90^0 ^(From|Reply-To:).*\/\<(no@reply|noreply|Reply@By\.Mail|do@not|response) | #* 90^0 B ?? ^[^>].*\/advertise your product | #* 90^0 B ?? ^[^>].*\/cannot be considered Spam | #* 90^0 B ?? ^[^>].*\/multi.level marketing | #* 90^0 B ?? ^[^>].*\/weight loss | #* 90^0 ^Content-Type:.*\/text/html | #* 100^0 ^\/Date:.*[^a-z0-9,:()+ -] | #* 100^0 B ?? ^\/Below is the result of your feedback form\. | #* 100^0 B ?? ^\/To be unsubscribed from.*mailing list | #| formail -i"X-pi-Spam-rated: Spam by $MATCH with score $="
Really looks like spam. Add your own addresses at the top like in the example.
| ### To = From | #Eone=`formail -zxTo: | md5sum | sed s/..$//` | #Etwo=`formail -zxFrom: | md5sum | sed s/..$//` | #Ethree=`formail -zxReply-To: | md5sum | sed s/..$//` | #:0fw | #* ! ^X-pi-Spam-rated: | #* ^To: | #* 1^0 ? test $Eone = $Etwo | #* 1^0 ? test $Eone = $Ethree | #| formail -i"X-pi-Spam-rated: To = From/Reply-To"
Some lusers do this, spammers do it all the time. This rule has the highest risk of false positives.
| ### License to trash
| #:0
| #* ! ^X-pi-Spam-rated: Save by
| #* ^X-pi-Spam-rated: \/.*
| #{
| # LOG=$MATCH"
| # "
| # LOGABSTRACT=ALL
| # :0:
| # trash
| #}
Here we write things which look like spam (and have not been bounced before) to a trash file.
| ## Save huge mail (>3000 lines) | :0B: | * -3000^0 | * 1^1 ^.*$ | huge
If you want to save huge mails (to protect your modem), this happens here. Pretty arbitrary limit.
SUBPERL and SUBJECT simplified. This is possible due to a fix in Perl's MIME::Tools module (5.417 and later will work).SUBPERL repaired (it would fail if there is only one MIME word for some charsets. Better logging for spam.LOGABSTRACT=NO removed.Silently drop all completely unreadable spam and Unqualified addresses are only used by spammers are not needed, bogofilter doesn't need. it.Silently drop all completely unreadable spam section the :0E should not have the E when the preceeding Good ... list is deactivated.... Evil ... section. So we can also get rid of the Good ... list and all places which make use of it. Now also Drop spam goes; instead I make sure it is not bounced belowed and deliver, your choice. Enough for today:-))bogofilter -S to bogofilter -Ns in version 0.11. So do I.YOURPROVIDER thing way up, now also the License to trash can go. Also the bogofilter code is simplified (use a new version, there was a bug in older version which prevents this).Drop spam section I moved the LOGABSTRACT inside.... and Ugly section, leaving only YOURPROVIDER active (it is here, because it never makes sense to bounce it).Only Pegasus creates this header (haven't seen it for long) and To = From (too many false positives).tmp/body corrected to avoid early removal of the file.* 1^0 B ?? ^\/[^>].*(Eur(o )?min(.?b|kv|re)|[0-9]minb) (to many false positives).* 1^0 ^Subject:.*\/BUSINESS PROPOSAL added.* 1^0 ^Subject:.*\/edsubject, * 1^0 ^From:.*\/mlm, * 90^0 B ?? ^[^>].*\/cannot be considered Spam, and * 90^0 B ?? ^[^>].*\/weight loss added.virus and huge were not locked which is now corrected. * 1^0 ^(Message-ID:|From ).*\/seed\.net\.tw and * 60^0 ^From.*\/money added. The blacklists are disabled by default now. You have to add something to make sense out of them.* 1^0 ^From:.*\/[^ -~][a-z0-9.+_-]@ changed to * 1^0 ^From:.*\/[^ -~][a-z0-9.+_-]*@.* 1^0 B ?? ^\/[^>].*(Eur(o )?min(.?b|kv)|[0-9]minb) changed to * 1^0 B ?? ^\/[^>].*(Eur(o )?min(.?b|kv|re)|[0-9]minb).* 1^0 B ?? ^\/To unsubscribe (follow the link|go to|please click here) changed to * 1^0 B ?? ^\/To unsubscribe (follow the link|go to|please click here|from future offers).* 1^0 ^Date:.*\/200[01] changed to * 1^0 ^Date:.*\/ (200[01]|[01][0-9][0-9][0-9]).* 1^0 B ?? ^\/To remove yourself , * 1^0 ^Subject:[ ]+\/Betreff, * 1^0 B ?? ^\/[^>].*visit our website, * 1^0 B ?? ^\/[^>].*(Eur(o )?min(.?b|kv)|[0-9]minb) added.* 1^0 ^X-\/X-Bulkmail:, * 60^0 ^From.*\/sex, and * 1^0 ^Date:.*\/200[01] added. Introduced new section "Silently drop ...", moved two entries there. * 1^0 B ?? ^[^>].*\/unsubscribe in the subject changed to * 1^0 B ?? ^[^>].*\/unsubscribe"? in the subject.* 100^0 ^From:[ ]*\/.*@.*\.(com|net|org)\.YOURPROVIDER (minor change). In the Ugly section changed several values from 20 to 30 and order changed to reflect that.* 100^0 B ?? ^\/[^>].*special offer added. Test section cleaned.* 1^0 B ?? ^\/To be removed and various \/ in the neighborhood added.|windows-1251 added to the charset lists and * 1^0 ^To:.*\/you@ added.MailWorkZ added to the bad mailer list. * 1^0 ^\/Status: O added.* 1^0 B ?? ^To unsubscribe (follow the link|go to) changed to * 1^0 B ?? ^To unsubscribe (follow the link|go to|please click here)* 1^0 ^From:.*\/[^ -~][a-z0-9.+_-]@ added. In "License to kill"we call formail -zr (no -t).* 1^0 ^Received.*\/\[([0-9]+\.)*([03-9][0-9][0-9]|2[6-9][0-9]|25[6-9]) changed to * 1^0 ^Received.*\/\[([0-9]+\.)?([0-9]+\.)?([0-9]+\.)?([03-9][0-9][0-9]|2[6-9][0-9]|25[6-9])* 100^0 ^From:.*\/@.*\.(com|net|org)\.YOURPROVIDER added.(big5|iso-2022-jp|gb2312|euc-kr) changed to (big5|iso-2022-jp|gb2312|euc-kr|ks_c_5601-1987) (two occurrences)* 1^0 B ?? ^To unsubscribe follow the link changed to * 1^0 B ?? ^To unsubscribe (follow the link|go to)* 1^0 B ?? ^[^>].*\/Click Below To Be Removed added.* 100^0 B ?? ^\/To be unsubscribed from.*mailing list added.* 40^0 ^From.*\/sales changed to * 40^0 ^(From|Reply-To:).*\/sales* 1^0 ^X-Mailer:.*DiffondiCool removed from the test section, it was already in the X-Mailer-list.* 100^0 B ?? ^\/Below is the result of your feedback form\. added.* 1^0 B ?? ^If you do \/not wish to receive.* changed to * 1^0 B ?? ^\/If you (do not|no longer) wish to receive.** 40^0 ^Subject:.* [0-9][0-9][0-9][0-9]+$ inserted.* 1^0 B ?? ^[^>].*\/REMOVE YOUR E-MAIL changed to * 1^0 B ?? ^[^>].*\/REMOVE YOUR E-?MAIL
© Boris 'pi' Piwinger,
February 20, 2005