WARNING: The information presented in this article is provided without warranty. Use at your own risk! Do not implement any features without full understanding of the implications. Using these measures incorrectly MAY prevent e-mail from reaching your server.
SPAM for meds and dating (mainly russian) are currently the most prolific that I am getting and here is a few examples of my header_checks filtering for some of these.
A lot of the mail has a message ID injected into the subject line. I needed a way to test for these but, allow legitimate mail through. This is where our friend the '
if' conditional statement comes in. It allows you to test the first part of a subject line for a message ID. If exists, the rest of the subject line is tested further. The conditional testing finishes when a '
endif' is found.
Quote:
#
# Check messages with a numeric message ID in subject line.
if /^Subject:.*(ID|MSG|ID MSG|MSG ID).*:[ ]?([0-9]{5}) /
#
# Dating
/[a-zA-Z]* is online now/ REJECT Message header rejected [200x]
/[a-zA-Z]* sent new (message[s]?|mail) from/ REJECT Message header rejected [201x]
/[yY]ou have ([0-9]{1,4})?[ ]?(unread|new) (message[s]?|mail)[ ]?(from)?[ ]?([a-zA-Z]*)?[ ]?(for you)?[ ]?(from)?/ REJECT Message header rejected [202]
/([0-9]{1,4}) (single|new|lonely)?[ ]?ladies/ REJECT Message header rejected [203]
/[iI] am [a-zA-Z]*?[ ,\.]?[ ]?([0-9]{1,4}) (y\.o\.|year[s]?)/ REJECT Message header rejected [204]
/[sS]till (lonely|single)\?/ REJECT Message header rejected [205x]
/[rR]emember [mM]e[ ?\.]/ REJECT Message header rejected [206x]
#
# Meds
/[gG]et all your [mM][eE3][dD][sz]?([iI\|1][cC][aA4@][tT][iI\|1][oO0][nN])?/ REJECT Message header rejected [301xx]
/[pP]harma(cy|ceutical)/ REJECT Message header rejected [302x]
/[oO]nline ([mM][eE3][dD][sz]?([iI\|1][cC][aA4@][tT][iI\|1][oO0][nN])?|prescription-free)/ REJECT Message header rejected [303]
/[nN]ever have to (see|visit) (a|the) [dD]octor[s ]?/ REJECT Message header rejected [304]
/[Rr]ange [a-zA-Z]* [mM][eE3][dD][sz]?([iI\|1][cC][aA4@][tT][iI\|1][oO0][nN])?/ REJECT Message header rejected [305]
/([tT]he )?[wW]orld[.]?s.*[oO]nline [mM][eE3][dD][sz]?([iI\|1][cC][aA4@][tT][iI\|1][oO0][nN])?/ REJECT Message header rejected [306x]
endif