SPAM for meds and dating (mainly russian) are currently the most prolific that I am getting and here is a few examples of my header_checks filtering for some of these.
A lot of the mail has a message ID injected into the subject line. I needed a way to test for these but, allow legitimate mail through. This is where our friend the 'if' conditional statement comes in. It allows you to test the first part of a subject line for a message ID. If exists, the rest of the subject line is tested further. The conditional testing finishes when a 'endif' is found.
Quote:
#
# Check messages with a numeric message ID in subject line.
if /^Subject:.*(ID|MSG|ID MSG|MSG ID).*:[ ]?([0-9]{5}) /
#
# Dating
/[a-zA-Z]* is online now/ REJECT Message header rejected [200x]
/[a-zA-Z]* sent new (message[s]?|mail) from/ REJECT Message header rejected [201x]
/[yY]ou have ([0-9]{1,4})?[ ]?(unread|new) (message[s]?|mail)[ ]?(from)?[ ]?([a-zA-Z]*)?[ ]?(for you)?[ ]?(from)?/ REJECT Message header rejected [202]
/([0-9]{1,4}) (single|new|lonely)?[ ]?ladies/ REJECT Message header rejected [203]
/[iI] am [a-zA-Z]*?[ ,\.]?[ ]?([0-9]{1,4}) (y\.o\.|year[s]?)/ REJECT Message header rejected [204]
/[sS]till (lonely|single)\?/ REJECT Message header rejected [205x]
/[rR]emember [mM]e[ ?\.]/ REJECT Message header rejected [206x]
#
# Meds
/[gG]et all your [mM][eE3][dD][sz]?([iI\|1][cC][aA4@][tT][iI\|1][oO0][nN])?/ REJECT Message header rejected [301xx]
/[pP]harma(cy|ceutical)/ REJECT Message header rejected [302x]
/[oO]nline ([mM][eE3][dD][sz]?([iI\|1][cC][aA4@][tT][iI\|1][oO0][nN])?|prescription-free)/ REJECT Message header rejected [303]
/[nN]ever have to (see|visit) (a|the) [dD]octor[s ]?/ REJECT Message header rejected [304]
/[Rr]ange [a-zA-Z]* [mM][eE3][dD][sz]?([iI\|1][cC][aA4@][tT][iI\|1][oO0][nN])?/ REJECT Message header rejected [305]
/([tT]he )?[wW]orld[.]?s.*[oO]nline [mM][eE3][dD][sz]?([iI\|1][cC][aA4@][tT][iI\|1][oO0][nN])?/ REJECT Message header rejected [306x]
endif
# Check messages with a numeric message ID in subject line.
if /^Subject:.*(ID|MSG|ID MSG|MSG ID).*:[ ]?([0-9]{5}) /
#
# Dating
/[a-zA-Z]* is online now/ REJECT Message header rejected [200x]
/[a-zA-Z]* sent new (message[s]?|mail) from/ REJECT Message header rejected [201x]
/[yY]ou have ([0-9]{1,4})?[ ]?(unread|new) (message[s]?|mail)[ ]?(from)?[ ]?([a-zA-Z]*)?[ ]?(for you)?[ ]?(from)?/ REJECT Message header rejected [202]
/([0-9]{1,4}) (single|new|lonely)?[ ]?ladies/ REJECT Message header rejected [203]
/[iI] am [a-zA-Z]*?[ ,\.]?[ ]?([0-9]{1,4}) (y\.o\.|year[s]?)/ REJECT Message header rejected [204]
/[sS]till (lonely|single)\?/ REJECT Message header rejected [205x]
/[rR]emember [mM]e[ ?\.]/ REJECT Message header rejected [206x]
#
# Meds
/[gG]et all your [mM][eE3][dD][sz]?([iI\|1][cC][aA4@][tT][iI\|1][oO0][nN])?/ REJECT Message header rejected [301xx]
/[pP]harma(cy|ceutical)/ REJECT Message header rejected [302x]
/[oO]nline ([mM][eE3][dD][sz]?([iI\|1][cC][aA4@][tT][iI\|1][oO0][nN])?|prescription-free)/ REJECT Message header rejected [303]
/[nN]ever have to (see|visit) (a|the) [dD]octor[s ]?/ REJECT Message header rejected [304]
/[Rr]ange [a-zA-Z]* [mM][eE3][dD][sz]?([iI\|1][cC][aA4@][tT][iI\|1][oO0][nN])?/ REJECT Message header rejected [305]
/([tT]he )?[wW]orld[.]?s.*[oO]nline [mM][eE3][dD][sz]?([iI\|1][cC][aA4@][tT][iI\|1][oO0][nN])?/ REJECT Message header rejected [306x]
endif
No comments:
Post a Comment