# http://www.berklix.com/~jhs/dots/.procmailrc_owner_dump # ~jhs/.procmailrc_owner.dump included by ~jhs/.procmailrc # On 07/17/2018 00:16, Julian H. Stacey wrote to an @freeBSD.org list # > Subject: Re: CoC does not help in benchmarks # > Trolls swearing etc can alert that a writer may be less likely # > linguisticaly articulate, more like a tired, emotional drunk in a # > bar. Mail lists behove self control. Some cultures on global lists # > particularly dis-respect Anglo American mouthing off. Moderate # > text has more chance to persuade opinions. # This file holds stuff for lists owner & # majordomo owner & postmaster # It does Not deal with normal end user type list subscriptions, # For that see ~/.procmailrc_lists # Clueless gea@ & other subscribers running Micro$oft get their # machines raped by viruses, which harvest address inc @berklix list, # these get sent back to spam list vendors, that sell to spammers, # Spammers lie & masquerade as my domain excretia arrives # at innocent list owners. SPAM_USER_FULL=spam/user_full/. # Grey List Messages: # 451 4.7.1 Greylisting in action, please come back in # Deferred: 450 4.7.1 \<*@*\>: Recipient address rejected: # Greylisted for # Deferred: 451 4.7.1 Greylisting in action, please come back in # Deferred: 451 4.7.1 Greylisting in action, please come back later # Deferred: 451 GL - temporary problem. Please try again later. # Deferred: 451 Please try again later. # Deferred: 451 mail server temporarily rejected message (#4.3.0) # Deferred: 454 4.7.1 \<*@*\>: Recipient address rejected: # Greylisting active, try again in # Recipient address rejected: Greylisted for # Recipient address rejected: Greylisting active, try again in :0 H # Discard reports to postmaster@*.berklix of failure to reply to an # address masqueraded by a spammer, when that spammer was sending # to an invalid guessed address@berklix # However do Not discard all to/ from re @berklix as occasional genuine. * ^From: Mail Delivery Subsystem \ * ^(To|Cc):.*(postmaster|mailer-daemon)@((webmail|land|slim|js)\.|)(berklix|bsdpie|exitbrexit|geoffharries|reinheitsgebot|surfacevision|the-phoney-photon)\.(com|de|eu|net|org|uk) # JJLATER is the * in line above valid syntax ? * ^MIME-Version: 1\.0 * ^Content-Type: multipart/report; report-type=delivery-status * ^Subject:.*Postmaster notify: see transcript for details * ^Auto-Submitted: auto-generated \(postmaster-notification\) { :0 B # Dump spammers (& normal people) addresing eg realuser@land. * ^\ \ \ \ \(reason: 550 5\.1\.1 \<[a-z0-9\-\._]+@(webmail|land|slim)\.(berklix|bsdpie|exitbrexit|geoffharries|reinheitsgebot|surfacevision|the-phoney-photon)\.(com|de|eu|net|org|uk)\>\.\.\. User unknown\) $SPAM_NULL_NO_RCVSTORE :0 B # Someone spamming Graham # Next line comes from a spammer (or inncocent # masqueraded by a spammer), which refuses to accept # the reject reply from yahoo, after someone spams # info@surfacevision\.com # * Mailbox disabled for this recipient # However I then saw another reject from yahoo, without that # line above which is now disabled. * The following addresses had permanent fatal errors * ^grahamcripps42@yahoo\.co\.uk * Please visit http://help\.yahoo\.com # Above comes when someone spams Graham $SPAM_NULL_NO_RCVSTORE :0 B * ^\ \ \ \-\-\-\-\- The following addresses had permanent fatal errors * ^Content-Type: message/delivery-status * ^Reporting-MTA: dns; ((webmail|land|slim|js)\.|)(berklix|bsdpie|exitbrexit|geoffharries|reinheitsgebot|surfacevision|the-phoney-photon)\.(com|de|eu|net|org|uk) { :0 B * ^(To|Cc):.*\<[a-z0-9\-\._]+\-(request|subscribe)@((webmail|land|slim|js)\.|)(berklix|bsdpie|exitbrexit|geoffharries|reinheitsgebot|surfacevision|the-phoney-photon)\.(com|de|eu|net|org|uk) # A bounced spammer masquerading as eg cdrom-announce-request@ $SPAM_NULL_NO_RCVSTORE :0 B * 550 5\.1\.1 \<[a-z0-9\-\._]+@((webmail|land|slim|js)\.|)(berklix|bsdpie|exitbrexit|geoffharries|reinheitsgebot|surfacevision|the-phoney-photon)\.(com|de|eu|net|org|uk)\>\.\.\. User unknown { :0 B # * \(may be forged\) # JJLATER why does ~/.mail.procmail.log report: # procmail: Invalid regexp "(may be forged\)" # ( brackets.c matcher * may be forged\) $SPAM_NULL_NO_RCVSTORE :0 B * ^\ \ \ \ \(reason: 550 5\.7\.1 \<[a-z0-9\-\._]+@[a-z0-9\.\-]+\>\.\.\. Relaying denied\) $SPAM_NULL_NO_RCVSTORE :0 B * ^\<\<\< 550 5\.7\.1 \<[a-z0-9\-\._]+@[a-z0-9\.\-]+\>\.\.\. Relaying denied $SPAM_NULL_NO_RCVSTORE :0 B * charset="iso-2022-jp" $SPAM_NULL_NO_RCVSTORE :0 B * This is a multi-part message in MIME format. $SPAM_NULL_NO_RCVSTORE :0 B | $RCVSTORE +error/unknown } :0 B * ^\ \ \ \ \(reason: 550 5\.2\.1 \<[a-z0-9\-\._]+@[a-z0-9\.\-]+\>\.\.\. Mailbox disabled for this recipient\) | $RCVSTORE +error/unknown } :0 B * ^\ \ \ \ \(reason: 550 No Such User Here\) | $RCVSTORE +error/unknown } :0 H # Grab some spam with a faked from address eg * ^(To|Cc):.*[a-z0-9\-\._]+\-approval@((lists|webmail|land|slim|js)\.|)(berklix|bsdpie|exitbrexit|geoffharries|reinheitsgebot|surfacevision|the-phoney-photon)\.(com|de|eu|net|org|uk) { # :0 H # * ^From:.*owner\-majordomo@((lists|webmail|land|slim|js)\.|)berklix.org # # owner-lists do send to *approval, but not owner-maj I think ? # # so trap owner-maj before allowing other owner to escape. # # | $RCVSTORE +spam/fake/approval-from-domo # spam/fake/approval-from-domo/. # # JJLATER maybe $SPAM_NULL_NO_RCVSTORE :0 H # Avoid grabbing genuine taboo traps eg: # From: owner-test@ * !^From:.*owner\-[a-z0-9\-\._]+@((lists|webmail|land|slim|js)\.|)berklix.org # Avoid grabbing genuine subs unsubs # (which are grabbed later by .procmailrc_owner_keep) eg: # From: majordomo@berk # Subject: (|UN)SUBSCRIBE [a-z]+ * !^From:.*majordomo@((lists|webmail|land|slim|js)\.|)berklix.org # Store ready for auto deletion. # | $RCVSTORE +spam/fake/approval-other spam/fake/approval-other/. # JJLATER maybe $SPAM_NULL_NO_RCVSTORE } # Discard generic to lists owner & majordomo owner, # before later discarding specific just to majordomo. :0 H # Would like to use [[:print:]] rather than [[:alnum:]], to allow # for first '-' in eg bim-leaflet-approval@ & ski-approval@, # But double bracket macros seem to fail. # I also have names such as test2-approval@, # There are addresses such as owner-bim@ but not bim-owner@ # exception is majordomo, where: # majordomo-owner: Postmaster # owner-majordomo: majordomo-owner # JJLATER FAILS: * ^To:.*([[:alnum:]]|\-)+\-(approval|owner)@ # JJLATER FAILS: $ owner-[a-z0-9\-_]+@ # JJLATER FAILS: * ^Subject:.*BOUNCE [a-z0-9\-_]+@list # JJLATER FAILS: * ^To:.*[[:print:]]+\-(approval|owner)@ # JJLATER FAILS: * ^To:[[:blank:]]*[[:print:]]+\-(approval|owner)@ # JJLATER FAILS: * ^To:[[:blank:]]*[a-z0-9\-_]+\-(approval|owner)@ # JJLATER MATCH: $ owner-[a-z0-9\-_]+@ # JJLATER MATCH: * ^To:.*([a-z0-9\-\._]+\-(approval|request|subscribe)|owner\-[a-z0-9\-\._]+|Majordomo)@ # JJLATER MATCH: * ^To:.*([a-z0-9\-\._]+\-(approval|request|subscribe)|owner\-[a-z0-9\-\._]+|Majordomo)@ # Add supports for spam to owner-bim-leaflet @berklix * ^(To|Cc):.*(([a-z0-9\-\._]+\-(approval|request|subscribe))|(owner\-[a-z0-9\-\._]+)|Majordomo|Majordomo-owner|owner-majordomo)@((lists|webmail|land|slim|js)\.|)(berklix|bsdpie|exitbrexit|geoffharries|reinheitsgebot|surfacevision|the-phoney-photon)\.(com|de|eu|net|org|uk) # /site/domain/berklix/etc/mail/aliases: Analysis of (approval|owner|request|subscribe) # ([a-z0-9\-\._]+\-(approval|owner|request|subscribe))@ # lots of *-approval exist, # lots of *-request exist, # lots of *-subscribe exist, # no *-owner exist for majordomo lists, just for majordomo & mailman & mailman lists later. # ((approval|owner|request|subscribe)\-[a-z0-9\-\._]+)@ # lots of owner-* exist # no approval-* exist # no request-* exist # no subscribe-* exist { # To a list owner for approval, often spam. :0 H # Non Subscribed Bounces For Approval, Mostly Spam. * ^X-Authentication-Warning: ((lists|webmail|land|slim|js)\.|)(berklix|bsdpie|exitbrexit|geoffharries|reinheitsgebot|surfacevision|the-phoney-photon)\.(com|de|eu|net|org|uk): majordom set sender to owner-[a-z0-9\-\._]+@((lists|webmail|land|slim|js)\.|)(berklix|bsdpie|exitbrexit|geoffharries|reinheitsgebot|surfacevision|the-phoney-photon)\.(com|de|eu|net|org|uk) using -f # JJLATER likely might FAIL owner-[:print:]+@( # brackets.c matcher ) * ^From:.*owner\-.[a-z0-9\-\._]+@((lists|webmail|land|slim|js)\.|)(berklix|bsdpie|exitbrexit|geoffharries|reinheitsgebot|surfacevision|the-phoney-photon)\.(com|de|eu|net|org|uk) # JJLATER might FAIL: * ^From:.*owner\-.[[:print:]]+@ * ^Subject:.*BOUNCE [a-z0-9\-\._]+@lists: \ \ \ Non-member submission from # JJLATER might FAIL: * ^Subject:.*BOUNCE [[:print:]]+@list { # If a non susbscribed address bounces for approval, # & contains MIME HTML http gif jpg etc it is probably # a spammer, or possibly a double incompetent, so # dump them. # Tough luck on any bouncing rare non spammer who # has http:// in their header or signature (as I do too). # Intelligent people would strip headers to minimum when debugging. :0 B # Fowarded by domo, so forwarded header in body. * ^MIME-Version: { :0 B * ^Content-Type: multipart { :0 B # Spam to list in HTML & ASCII * ^Content-Type: multipart/alternative * ^Content-Type: text/plain * ^Content-Type: text/html $SPAM_NULL_NO_RCVSTORE :0 B * ^Content-Type: multipart/mixed { :0 B # Spam to list in PDF & ASCII * ^Content-Type: text/plain * ^Content-Type: application/pdf $SPAM_NULL_NO_RCVSTORE } :0 B * ^Content-Transfer-Encoding: base64 { :0 B * ^Content-Type: text/html * \) # ---------- # host=slim: # ----- The following addresses had permanent fatal errors ----- # "|/usr/local/bin/demime -8 -|/usr/local/majordomo/wrapper majordomo" # (reason: 2) # (expanded from: majordomo-0@list0) # ---------- * !expanded from: \' * ^\ unknown user account $SPAM_NULL_NO_RCVSTORE :0 B * ^User\'s mailbox is full: \<[a-z0-9\-\._]+@[a-z0-9\.\-]+\> * ^Unable to deliver mail\. $SPAM_NULL_NO_RCVSTORE :0 B # brackets.c matcher ( * 550 5\.1\.1 Mailbox \<[a-z0-9\-\._]+@[a-z0-9\.\-]+\> does not exist\) $SPAM_NULL_NO_RCVSTORE :0 B * ^5\.1\.0 - Unknown address error 550-\'5\.1\.1 Recipient unknown\' $SPAM_NULL_NO_RCVSTORE :0 B * ^\ \ \ -\-\-\-\- The following addresses had permanent delivery errors -\-\- $SPAM_NULL_NO_RCVSTORE :0 B * This message has not been delivered after [0-9]+ hours. * Therefore it is being returned to you $SPAM_NULL_NO_RCVSTORE :0 B * Please re send to my new email: $SPAM_NULL_NO_RCVSTORE :0 B * ^Content-Transfer-Encoding: quoted-printable # Probably a spammer, tough if its a real person they will have to use Ascii # before they get me. $SPAM_NULL_NO_RCVSTORE :0 B # Dump any HTML * ^Content-Type: text/html $SPAM_NULL_NO_RCVSTORE } } # JJLATER move some majordomo rules, to become generic for all list+domo owners. :0 H # Used to be just Majordomo-Owner@ # but some spam bouncers seem to send back to majordomo@ # yet my berklix server aliases don''t # forward it to robot, but seem to give me at least a copy - Why ? * ^(To|Cc):.*\? { # :0 H # * ^From:.*majordomo@((lists|webmail|land|slim|js)\.|)(berklix|bsdpie|exitbrexit|geoffharries|reinheitsgebot|surfacevision|the-phoney-photon)\.(com|de|eu|net|org|uk) # { # :0 H # * ^Subject:.*MAJORDOMO ABORT \(mj_majordomo\) # { # :0 B # # (_dhcp|_pflogd|abuse|admin|apache|avahi|bin|bind|copyright|cups|cyrus|daemon|dhcpd|dumper|exmh-bug-master|faxmanager|faxmaster|fetchmail|ftp|ftp-admin|ftp-bugs|ftpmaster|games|haldaemon|hostmaster|kmem|listproc|listserv|mailer-daemon|mailman|mailnull|majordom|majordomo|majordomo-h|majordomo-owner|majordomo1|majordomo2|majordomo3|man|messagebus|msgs|nagios|news|newsmaster|nobody|null-notify|operator|owner-majordomo|polkit|pop|postmaster|proxy|release|root|saned|smmsp|squid|sshd|subscribe|system|toor|tty|usenet|uucp|webmaster|www|www-test|xten) # * ^majordomo@berklix.org: not replying to .* to avoid mail loop. # $SPAM_NULL_NO_RCVSTORE # } # :0 B # * is not a valid return address # $SPAM_NULL_NO_RCVSTORE # } :0 H * ^Subject:.*Undeliver[a-z]+ Mail { :0 H * ^Subject:.*Undelivered Mail Returned to Sender $SPAM_NULL_NO_RCVSTORE # :0 H # * ^Subject:.*Undeliverable mail: Majordomo results: # ## $SPAM_NULL_NO_RCVSTORE # ${SPAM_USER_FULL} } :0 H * ^Subject:.*Delivery Notification: Delivery has failed $SPAM_NULL_NO_RCVSTORE :0 H * ^Subject:.*Delivery Notification { :0 B * ^This is a delivery status notification, automatically generated by MTA * Regarding recipient * Delivery status : Failed. Message could not be delivered to domain $SPAM_NULL_NO_RCVSTORE } :0 H * ^Subject:.*There was an error sending your mail $SPAM_NULL_NO_RCVSTORE :0 H * ^Subject:.*Returned mail { # :0 H # * ^Subject:.*Returned mail: see transcript for details # { # :0 B # # " \ \ -\-\-\-\- The following addresses had permanent fatal errors # # brackets.c " # * The following addresses had permanent fatal errors # * ^Subject:.*Majordomo results: # * ^This help message is being sent to you from the Majordomo mailing list # $SPAM_NULL_NO_RCVSTORE # } :0 H * ^Subject: Returned mail: Service unavailable { :0 B # From: Mail Delivery Subsystem * ^Your e-mail is being returned to you because there was a problem with its $SPAM_NULL_NO_RCVSTORE } # :0 H # * ^Subject: Returned Mail: \"Majordomo results: # # \" brackets.c matcher # { # :0 B # * ^could not be delivered to some or all of the intended recipients # # User - (550 a@b.c... No such user) # $SPAM_NULL_NO_RCVSTORE # } :0 H * ^Subject: Returned mail: User unknown * !^majorlog $SPAM_NULL_NO_RCVSTORE :0 B * Mailbox unknown or not accepting mail # 550 a@b.c... No such user $SPAM_NULL_NO_RCVSTORE :0 B # sent by Kerio MailServer 6.0.6 * Mailbox invalid or does not exist $SPAM_NULL_NO_RCVSTORE } :0 H * ^Subject:.*failure notice { :0 B * there are no users here by that name $SPAM_NULL_NO_RCVSTORE :0 B * ^Hi\. This is the qmail-send program at * ^I\'m afraid I wasn\'t able to deliver your message to the following addresses. * ^This is a permanent error; I\'ve given up. Sorry it didn\'t work out. $SPAM_NULL_NO_RCVSTORE :0 B * ^We\'re sorry. There\'s a problem with the e-mail address\(es\) you\'re trying # brackets.c \' $SPAM_NULL_NO_RCVSTORE :0 B * ^This address no longer accepts mail. $SPAM_NULL_NO_RCVSTORE :0 B * ^Sorry, no mailbox here by that name. vpopmail \(#5.1.1\) $SPAM_NULL_NO_RCVSTORE :0 B * ^Remote host said: 550 sorry, no mailbox here by that name. \(#5.7.17\) $SPAM_NULL_NO_RCVSTORE :0 B * ^NO FUE POSIBLE ENTREGAR SU MENSAJE A LAS SIGUIENTES DIRECCIONES. * ^LO SIENTO, EL BUZON NO EXISTE. \(#5.1.1\) $SPAM_NULL_NO_RCVSTORE :0 B * ^Error en la entrega a los siguientes destinatarios $SPAM_NULL_NO_RCVSTORE :0 B * Hi. This is the qmail-send program at * Invalid or unknown virtual user $SPAM_NULL_NO_RCVSTORE } :0 H * ^Subject:.*Delivery Status Notification \(Delay\) { :0 B * ^This is an automatically generated Delivery Status Notification * THIS IS A WARNING MESSAGE ONLY. * YOU DO NOT NEED TO RESEND YOUR MESSAGE. * Delivery to the following recipient has been delayed: $SPAM_NULL_NO_RCVSTORE } :0 H * ^Subject:.*Delivery Status Notification \(Failure\) { :0 B * ^Delivery to the following recipients failed $SPAM_NULL_NO_RCVSTORE :0 B # The following message to was undeliverable. # JJLATER might FAIL: * ^The following message to \<[[:print:]]+@[[:print:]]+\> was undeliverable\. * ^The following message to \<[a-z0-9\-\._]+@[a-z0-9\.\-]+\> was undeliverable\. $SPAM_NULL_NO_RCVSTORE :0 B * ^5\.1\.0 - Unknown address error 550- { :0 B * \'5\.1\.1 unknown or illegal alias: # \' brackets.c matcher $SPAM_NULL_NO_RCVSTORE :0 B * \'User does not exist\' $SPAM_NULL_NO_RCVSTORE :0 B * \'5\.1\.1 User unknown\' $SPAM_NULL_NO_RCVSTORE } :0 B * \>\.\.\. Address invalid $SPAM_NULL_NO_RCVSTORE } :0 H * ^Subject:.*Automatically rejected mail # Your message was automatically rejected by Dovecot Mail Delivery Agent # The following reason was given: # Quota exceeded $SPAM_NULL_NO_RCVSTORE :0 H * ^MIME-Version: { :0 H * ^Content-Type: multipart/report; report-type=delivery-status { :0 H * ^Subject:.*Warning: could not send message for past { :0 B * Deferred: Operation timed out with $SPAM_NULL_NO_RCVSTORE :0 B * THIS IS A WARNING MESSAGE ONLY * YOU DO NOT NEED TO RESEND YOUR MESSAGE $SPAM_NULL_NO_RCVSTORE :0 B * ^Warning: message still undelivered after . days $SPAM_NULL_NO_RCVSTORE :0 B * ^Will keep trying until message is . days old $SPAM_NULL_NO_RCVSTORE } } :0 H * ^Content-Type: multipart/related { :0 B * ^Content-Type: image/jpg $SPAM_NULL_NO_RCVSTORE } } :0 H # 2014-03-19 I appended a colon after "from" in lext line. * ^From: Mail Delivery Subsystem \: 550 5.1.1 User unknown * : 550 5.1.1 User unknown $SPAM_NULL_NO_RCVSTORE :0 B # ^550 5.1.1 : Recipient address rejected: User unknown in local recipient table * ^550 5\.1\.1 \<[a-z\-\._]+\@[a-z\-\._]+\>: Recipient address rejected $SPAM_NULL_NO_RCVSTORE :0 B * ^The message has not been collected after [0-9]+ days $SPAM_NULL_NO_RCVSTORE # :0 B # # host mail.hmrc.gov.uk [51.63.8.16]: 550 Mailbox not available # * 550 \<[a-z0-9\-\._]+@[a-z0-9\-\.]+\> Mailbox not available # $SPAM_NULL_NO_RCVSTORE } :0 H * ^Subject:.*Undeliverable: { :0 B * ^did not reach the following recipient $SPAM_NULL_NO_RCVSTORE } :0 H # Yahoo are so ignorant they reply to majordomo ! # From:.*Yahoo\! Groups \ * ^Subject:.*Unable to process your message { # :0 B # * ^We are unable to process the message from \ # # Your message was addressed to a group (eusdreams) # # that does not exist. # # Please check to make sure you spelled the group name # # correctly. # # $SPAM_NULL_NO_RCVSTORE :0 B # For further assistance, please visit http://help\.yahoo\.com/help/us/groups/ * ^For further assistance, please visit http:// $SPAM_NULL_NO_RCVSTORE } :0 H * charset="Windows-1252" $SPAM_NULL_NO_RCVSTORE :0 H * ^From:.*Mail Delivery System \ $SPAM_NULL_NO_RCVSTORE :0 H # From: mailmarshal@wiley.com * ^From: mailmarshal@ $SPAM_NULL_NO_RCVSTORE :0 H * ^Subject: failure delivery # Received: from mta832.mail.ukl.yahoo.com # *^Can\'t open mailbox for [a-z0-9\-\._]+@[a-z0-9\.\-]+ Temporary error # ' brackets.c matcher # *^\/\/I\'m not going to try again; this message has been in the queue too long. # ' brackets.c matcher $SPAM_NULL_NO_RCVSTORE # Above here :0 H, below is :0 B :0 B * 5\.1\.0 - Unknown address error 550- { :0 B * User unknown\. * ^The following message to * was undeliverable\. * ^The reason for the problem: * User unknown\' # brackets.c ' $SPAM_NULL_NO_RCVSTORE :0 B # 5\.1\.0 - Unknown address error 550-'vdnw@kbcsecurities.fr... No such user' * No such user\' # brackets.c ' $SPAM_NULL_NO_RCVSTORE } :0 B * Failed to deliver to * User unknown\. $SPAM_NULL_NO_RCVSTORE :0 H * ^Subject:.*Returned mail: see transcript for details { :0 B # { # I dont know why this rule # * \(reason: 550 5\.1\.1 # brackets.c ) # causes this error # procmail: Invalid regexp "(reason: 550 5.1.1" # brackets.c ")" # (maybe rules can not begin with a '(' ? # brackets.c ')' # so I drop the leading parenthesis). * reason: 550 5\.1\.1 # } # brackets.c ( * User unknown\) * !^majorlog $SPAM_NULL_NO_RCVSTORE } :0 H * ^Subject: Delivery status notification { :0 B * ^Delivery to the following recipients failed permanently: $SPAM_NULL_NO_RCVSTORE } :0 B * (berklix|bsdpie|exitbrexit|geoffharries|reinheitsgebot|surfacevision|the-phoney-photon)\.(com|de|eu|net|org|uk): not replying to majordomo to avoid mail loop\. $SPAM_NULL_NO_RCVSTORE :0 B * ^Hi\. This is the qmail-send program at { :0 B * ^user is over quota $SPAM_USER_SUSPENDED :0 B * ^is not a valid return address $SPAM_NULL_NO_ACCESS } # :0 B # * ^MAJORDOMO ABORT \(mj_majordomo\)\!\! # { # :0 B # * ^majordomo\@((lists|webmail|land|slim|js)\.|)(berklix|bsdpie|exitbrexit|geoffharries|reinheitsgebot|surfacevision|the-phoney-photon)\.(com|de|eu|net|org|uk) punting to avoid mail loop\. # $SPAM_NULL_NO_RCVSTORE # :0 B # * ^HOSTILE ADDRESS \(invalid first char or \|\) # $SPAM_NULL_NO_RCVSTORE # :0 B # * ^HOSTILE ADDRESS \(no x400 c=\) # $SPAM_NULL_NO_RCVSTORE # :0 B # * ^majordomo@((lists|webmail|land|slim|js)\.|)(berklix|bsdpie|exitbrexit|geoffharries|reinheitsgebot|surfacevision|the-phoney-photon)\.(com|de|eu|net|org|uk) # * is not a valid return address\. # $SPAM_NULL_NO_RCVSTORE # } :0 B * not listed in Domino Directory $SPAM_NULL_NO_RCVSTORE :0 B # HTML In Body * ^\<\!DOCTYPE html PUBLIC * \ does not exist\) # $SPAM_NULL_NO_RCVSTORE :0 B * ^Sorry. Your message could not be delivered to: $SPAM_NULL_NO_RCVSTORE :0 B * ^Your message could not be delivered to $SPAM_NULL_NO_RCVSTORE :0 B * ^Votre message n'a pas pu etre delivre a # brackets.c matcher: ' $SPAM_NULL_NO_RCVSTORE } # :0 H # * ^Reply-To:.*majordomo@((lists|webmail|land|slim|js)\.|)(berklix|bsdpie|exitbrexit|geoffharries|reinheitsgebot|surfacevision|the-phoney-photon)\.(com|de|eu|net|org|uk) # * ^From:.*majordomo@((lists|webmail|land|slim|js)\.|)(berklix|bsdpie|exitbrexit|geoffharries|reinheitsgebot|surfacevision|the-phoney-photon)\.(com|de|eu|net|org|uk) # { # :0 B # HTML spam # * ^\*\*\*\* Command \'content-type:\' not recognized\. # * ^Command \'content-transfer-encoding:\' not recognized\. # $SPAM_NULL_NO_RCVSTORE # } # :0 B # Dump reports of majordomo failing to reply to spam. # * THIS IS A WARNING MESSAGE ONLY # * YOU DO NOT NEED TO RESEND YOUR MESSAGE # * Transcript of session follows # * while talking to # * ^From:.*majordomo@((lists|webmail|land|slim|js)\.|)(berklix|bsdpie|exitbrexit|geoffharries|reinheitsgebot|surfacevision|the-phoney-photon)\.(com|de|eu|net|org|uk) # * ^Subject:.*Majordomo results: # * ^Reply-To:.*majordomo@((lists|webmail|land|slim|js)\.|)(berklix|bsdpie|exitbrexit|geoffharries|reinheitsgebot|surfacevision|the-phoney-photon)\.(com|de|eu|net|org|uk) # * ^\*\*\*\* Command \' # * \' not recognized\. # # JJLATER change back from OWNER_MAILMAN_NORMAL to SPAM_NULL_NO_RCVSTORE once I have # # checked header and can merge into another condition eg: # # ^To:.*Majordomo-Owner@((lists|webmail|land|slim|js)\.|)(berklix|bsdpie|exitbrexit|geoffharries|reinheitsgebot|surfacevision|the-phoney-photon)\.(com|de|eu|net|org|uk) # $OWNER_MAJORDOMO # :0 B # Trap spammers who crap at majordomo, faking their address as being domo. # * mailbox is full # * Help for majordomo@((lists|webmail|land|slim|js)\.|)(berklix|bsdpie|exitbrexit|geoffharries|reinheitsgebot|surfacevision|the-phoney-photon)\.(com|de|eu|net|org|uk) # # JJLATER change back from OWNER_MAJORDOMO to SPAM_NULL_NO_RCVSTORE once I have # # checked header and can add another condition eg: # # ^To:.*Majordomo-Owner@((lists|webmail|land|slim|js)\.|)(berklix|bsdpie|exitbrexit|geoffharries|reinheitsgebot|surfacevision|the-phoney-photon)\.(com|de|eu|net|org|uk) # $OWNER_MAJORDOMO # :0 B # * ^\*\*\*\* Command \'\\' not recognized\. # # JJLATER change back from OWNER_MAJORDOMO to SPAM_NULL_NO_RCVSTORE once I have # # checked header and can add another condition eg: # # ^To:.*Majordomo-Owner@((lists|webmail|land|slim|js)\.|)(berklix|bsdpie|exitbrexit|geoffharries|reinheitsgebot|surfacevision|the-phoney-photon)\.(com|de|eu|net|org|uk) # $OWNER_MAJORDOMO # :0 B # Match both: # # * ^\*\*\*\* Command \'content-transfer-encoding:\' not recognized\. # # * ^Command \'content-transfer-encoding:\' not recognized\. # * Command \'content-transfer-encoding:\' not recognized\. # # JJLATER change back from OWNER_MAJORDOMO to SPAM_NULL_NO_RCVSTORE once I have # # checked header and can add another condition eg: # # ^To:.*Majordomo-Owner@((lists|webmail|land|slim|js)\.|)(berklix|bsdpie|exitbrexit|geoffharries|reinheitsgebot|surfacevision|the-phoney-photon)\.(com|de|eu|net|org|uk) # $OWNER_MAJORDOMO # :0 B # * Command \'content-type:\' not recognized\. # # JJLATER change back from OWNER_MAJORDOMO to SPAM_NULL_NO_RCVSTORE once I have # # checked header and can add another condition eg: # # ^To:.*Majordomo-Owner@((lists|webmail|land|slim|js)\.|)(berklix|bsdpie|exitbrexit|geoffharries|reinheitsgebot|surfacevision|the-phoney-photon)\.(com|de|eu|net|org|uk) # $OWNER_MAJORDOMO :0 H * ^(To|Cc):.*(webmaster|postmaster|hostmaster|root)@([a-z]+\.|)(berklix|bsdpie|exitbrexit|geoffharries|reinheitsgebot|surfacevision|the-phoney-photon)\.(com|de|eu|net|org|uk) { # Serious computer industry competent people should use Ascii only, # which will pass through to later. :0 H * ^MIME-Version: 1\.0 # I used to have: * ^Content-Type: multipart/alternative # But 2008.03.02 to now also catch: # Content-Type: multipart/related; # type="multipart/alternative"; # boundary="\-\-\-\-=_NextPart_00 # " brackets.c matcher * ^Content-Type: multipart/ * ^(Content-|.+)type(:|=)(.+|)multipart/alternative { :0 B # Incompetents eg Microsoft Outlook (new name Entourage) users # send both Ascii & HTML. * Content-Type: text/plain * Content-Type: text/html $SPAM_NULL_NO_RCVSTORE :0 B * Content-Type: text/html * Content-Type: image/gif $SPAM_NULL_NO_RCVSTORE :0 B * Content-Type: text/html * Content-Type: image/(jpeg|jpg) $SPAM_NULL_NO_RCVSTORE :0 B # Dump those who do not include ascii ie just .gif spammers * !Content-Type: text/plain $SPAM_NULL_NO_RCVSTORE # Remaining computer incompetents who send both HTML & Ascii, # - Friends will be addressing jhs@, so pass through. # - customers have read my page so address eg jhs@ # - Extra spammers addressing webmasters etc, offering # cross linkage get dumped # - @postmaster would be a waste of time as incompetent. } } :0 H # mailer-daemon is not in aliases or passwd, but spammers got through. * ^(To|Cc):.*mailer-daemon@([a-z]+\.|)(berklix|bsdpie|exitbrexit|geoffharries|reinheitsgebot|surfacevision|the-phoney-photon)\.(com|de|eu|net|org|uk) # Spammers & idiots write to mailer-daemon. $SPAM_NULL_NO_RCVSTORE # | $RCVSTORE +spam/mailer-daemon :0 H * ^(To|Cc): owner\-.+@(|(lists|webmail|land|slim|js)\.)(berklix|bsdpie|exitbrexit|geoffharries|reinheitsgebot|surfacevision|the-phoney-photon)\.(com|de|eu|net|org|uk) { :0 H # * ^From: MAILER-DAEMON@arcor-online.net (Mail Delivery System) * ^From: MAILER-DAEMON@.+ \(Mail Delivery System\) { :0 B * ^This is the Postfix program at host # pre compensator for brackets.c \( * \<.+@.+\>\): permission denied. Command output: maildrop: maildir * over quota. $SPAM_NULL_NO_RCVSTORE :0 H * ^Subject: NOTICE: mail delivery status. { :0 B * ^This is a delivery status notification from * ^running the Courier mail server, version * maildrop: maildir over quota $SPAM_NULL_NO_RCVSTORE } } :0 H # 2014-10-26 # From: "Courier mail server at loc.vr-web.de" <"Courier mail server at loc.vr-web.de"@land.berklix.org> # They fiddled with the From: header. * ^From: .Courier mail server at { :0 B * maildrop: maildir over quota $SPAM_NULL_NO_RCVSTORE } } :0 H # These strings are probably too tight yet, based on 1 sample: # From: Rene Frotscher Sat, 17 May 2014 # JJLATER extend rules for wider match later as more samples come in. # ---- # To: owner-walk@@@slim.berklix.org * ^(To|Cc): owner-[a-z\-_\.]+@(|(mailman(|[1-2])|land|slim)\.)berklix.org # ---- # Subject: Abwesenheit- Out of office * ^Subject: (Abwesenheit|Out of office) # ---- # Auto-Submitted: auto-replied (vacation) * ^Auto-Submitted: auto-replied \(vacation\) # ---- $SPAM_NULL_NO_RCVSTORE