# .procmailrc for USERID@wks.uts.ohio-state.edu # # Editor's note -- the specific user id has been globally # changed to USERID # # The other personal user id's have been changed along the lines: # ABLE, BAKER, CHARLIE, DELTA, etc. # SHELL=/bin/sh MAILDIR=$HOME/Mail PATH=/usr/local/bin:/bin:/usr/bin:/usr/ucb:/usr/lib:$HOME/bin LOGFILE=.log`date +.%Y` # make sure everything has a Subject line :0fw * ! ^Subject: | formail -z -a "Subject: (no subject)" # fix some bad Date headers (his devel machine tends to have the wrong time) # Get some others that are often bad while we're at it.... :0fw * 1^1 ^Received: from mail\.owlriver\.com.*; \/[A-Z][a-z][a-z], [0-9 ][0-9] [A-Z][a-z][a-z] [0-9][0-9][0-9][0-9] [0-9 ][0-9]:[0-9][0-9]:[0-9][0-9] [0-9A-Z ()-]+$ #* 1^1 ^Received: .*\mail[0-9]\.uts\.ohio-state\.edu\>.*\; \/[A-Z][a-z][a-z], [0-9 ][0-9] [A-Z][a-z][a-z] [0-9][0-9][0-9][0-9] [0-9 ][0-9]:[0-9][0-9]:[0-9][0-9] [0-9A-Z ()-]+$ * 1^1 ^Received: .*\.resnet\.ohio-state.edu.*\mail[0-9]\.uts\.ohio-state\.edu\>.*; \/[A-Z][a-z][a-z], [0-9 ][0-9] [A-Z][a-z][a-z] [0-9][0-9][0-9][0-9] [0-9 ][0-9]:[0-9][0-9]:[0-9][0-9] [0-9A-Z ()-]+$ | formail -i "Date: $MATCH" # fix nonstandard attachments (look in header AND body for clues) # "emil" converts them to standard MIME, and is at: # ftp://ftp.uu.se/pub/unix/networking/mail/emil/ :0HB * 1^1 ^Content-Type: \/X-sun[^;]* * 1^1 ^Content-Type: \/application/mac-binhex[^;]* * 1^1 ^Content-Transfer-Encoding: \/x-uuencode[^;]* * 1^1 ^Content-Transfer-Encoding: \/x-binhex[^;]* { LOG="Converting $MATCH " :0fw | emil -A D -T Q -B BA -C iso-8859-1 -H Q -F MIME | gawk '{gsub(/\r\n?/,"\n");print $0}' #| emil -r mime | perl -pe 's/\r\n?/\n/g;' } # Some lists with quoted-printable encoding aren't marked as MIME :0 * ^TO.*explosive-cargo * !^MIME-Version: { :0 Bfw * -1^0 * 1^1 =[0-9a-zA-Z][0-9a-zA-Z] * 1^1 =$ | formail -a "MIME-Version: 1.0" \ -a "Content-type: text/plain" \ -a "Content-transfer-encoding: quoted-printable" } # give everything a Lines: header for fast MUA (mutt) processing # (broken somehow, so it's disabled) #:0 #* ! ^Lines: #{ # :0B # * 1^1 ^ # { } # LINES = $= # # :0fhw # | formail -a "Lines: $LINES" #} # Get rid of duplicates # (actually put them in dupes folder just in case) :0Whc: msgid.lock | formail -D 65536 .mailcache :0a: dupes # stop looping :0: * ^X-Loop: USERID@(tardis|peri|wks)\.(acs|uts)\.ohio-state\.edu $DEFAULT ########## # If we have $1, we were told what to do # (probably with username+argument) ########## ARG=$1 :0: * ARG ?? ^^samba^^ samba :0: * ARG ?? ^^netatalk^^ netatalk :0: * 1^1 ARG ?? ^^parport^^ * 1^1 ^Subject:.*\[PARPORT\] parport :0: * ARG ?? ^^(sysadm|backup|root)^^ $DEFAULT :0 * ARG ?? ^^freenet^^ { :0: * 1^1 ^TO_volhelpr@ * 1^1 ^Sender:.*volhelpr@ lists :0 * ^From: GCFN Help Desk * ^Subject: Managing e-mail folders { HOST } } # handle general case of username+argument: # save it in a folder named for the argument :0c * ARG ?? ^^[a-z0-9._-]+^^ * ! ARG ?? ^^freenet^^ { LOG="$LOGNAME+$ARG " :0: $ARG } ########## # save a copy of work schedules and related info :0 c: * ^From:.*\<(ABLE|BAKER|CHARLIE|DELTA|ECHO)\> * ^Subject:.*(schedule|hours) schedule # stick stuff I forward to myself in with lists (which gets downloaded # to home), but keep a copy here too :0 * ^From:.*\ * ^Subject: (FNEWS|Fwd:) { :0c: news :0: lists } # ignore "unsubscribe" messages :0 * ^Subject: (Uncl: )?(un)?(subscribe|remove)\> * ! ^Subject:.*$LOGNAME@ * ! ^From.*$LOGNAME@ * ! ^TO_.*$LOGNAME@ * ! FROM_DAEMON * ! FROM_MAILER { HOST } # Sun mailing list gone awry :0D * ^TO_external-recipients@[a-z-]+.Corp.Sun.COM * 1^1 ^Subject:.*Returned mail: User unknown { HOST } # fetchmail list results in some odd bounces... :0D * 1^1 ^Subject:.*TFS Delivery Failure: { HOST } ################################ # Evil Unsolicited Junk Mailers ################################ # Setting EXITCODE=67 before exiting makes procmail exit with a 67 status, # which sendmail interprets as a "no such user" error. The idea is # that just maybe the spammers will get the "no such user" bounce and # take me off their list. I know it's a longshot, but one can hope... # # Don't send the bounces if the message came from a mailing list, # since the list will probably unsubscribe us. # # "HOST" alone unsets the HOST variable, and procmail exits # immediately at that point. This is the fastest and most efficient # way to ignore a message. # # "LOG=" adds the specified text to the log file, of course. # common subjects we know indicate junk :0 * 1^1 ^\/X-Advert.* * 1^1 ^\/Subject: ADV?(ertisement)?: * 1^1 ^\/Subject: View Amazing World Record Guppies! * 1^1 ^\/Subject: Are you being investigated * 1^1 ^\/Subject: re your web site * 1^1 ^\/Subject: Toner Supplies { LOG="Reject! $MATCH " :0 * ! ^Precedence: (list|bulk) * ! ^X-Mailing-List: * ! ^X-Listprocessor-Version: { LOG="BOUNCED " EXITCODE=67 } HOST } # spamming programs that identify themselves :0 * ^X-Mailer:.*\/(Extractor|Floodgate|WorldMerge|Aristotle|NetMailer|Robot Mailer|Mailloop|WebCollector|BulkMail|WM - Enter your domain|XSendit EMail Minion) { LOG="Reject! $MATCH " :0 * ! ^Precedence: (list|bulk) * ! ^X-Mailing-List: * ! ^X-Listprocessor-Version: { LOG="BOUNCED " EXITCODE=67 } HOST } # some legitimate lists use bulk_mailer :0 * ^\/Received:.*bulk_mailer.* * ! ^TO_netatalk { LOG="Reject! $MATCH " :0 * ! ^Precedence: (list|bulk) * ! ^X-Mailing-List: * ! ^X-Listprocessor-Version: * ! ^From.*netatalk { LOG="BOUNCED " EXITCODE=67 } HOST } # even microsoft is spamming now? :0 * ^Received:.*\<\/bulk-.*\.microsoft\.com\> { LOG="Reject! $MATCH " :0 * ! ^Precedence: (list|bulk) * ! ^X-Mailing-List: * ! ^X-Listprocessor-Version: { LOG="BOUNCED " EXITCODE=67 } HOST } # Stealth mailer (note it claims EST is -0600 instead of 0500) :0 * ^Received:.*SMTP id G[A-Z]A.*for.*-0600 \(EST\) { LOG="Reject! Stealth Mailer " :0 * ! ^Precedence: (list|bulk) * ! ^X-Mailing-List: * ! ^X-Listprocessor-Version: { LOG="BOUNCED " EXITCODE=67 } HOST } # Another invalid timezone :0 * ^\/Received:.* (-0700 \(EDT\)|+0001 \(EST5EDT\)) { LOG="Reject! Bad timezone: $MATCH " :0 * ! ^Precedence: (list|bulk) * ! ^X-Mailing-List: * ! ^X-Listprocessor-Version: { LOG="BOUNCED " EXITCODE=67 } HOST } # Impossible IP addresses # (regexp mostly taken from cyberpromo FAQ on news.admin.net-abuse.email) :0 * ^Received:.*\/\[[0-9\.]*([03-9][0-9][0-9]|2[6-9][0-9]|25[6-9])[0-9.]*.* { LOG="Reject! Impossible IP address $MATCH " :0 * ! ^Precedence: (list|bulk) * ! ^X-Mailing-List: * ! ^X-Listprocessor-Version: { LOG="BOUNCED " EXITCODE=67 } HOST } # recent versions of Pegasus mail are nice... # they indicate roughly how many addresses the message was sent to :0 * ^X-Distribution: \/(Bulk|Mass|Moderate) { LOG="Reject! Pegasus $MATCH Mail " :0 * ! ^Precedence: (list|bulk) * ! ^X-Mailing-List: * ! ^X-Listprocessor-Version: { LOG="BOUNCED " EXITCODE=67 } HOST } # Misc evil addresses # (the "\/" saves the part that identifies that it's evil into $MATCH) :0 * ^(From|Reply-To|To):.*\<\/(1stconnect|bulk-e-mail|local|localhost|public|nowhere|owl@owlsnest|sendad|marketingforyou|crushnet|myworldmail)\.com * !^Subject:.*\.* * ! ^From:.*postmaster@ * ! ^Subject:.*\ * ! \ * ! \ * ! \ * ! \ * ! \ * ! \ * ! \ * ! \ * ! \ { LOG="Reject! $MATCH " :0c: junkmail :0 * ! ^Precedence: (list|bulk) * ! ^X-Mailing-List: * ! ^X-Listprocessor-Version: { LOG="BOUNCED " EXITCODE=67 } HOST } # more than 3 non-ascii chars in a row is a bad sign -- # probably junk mail from Taiwan. Big5 charset is in the same class. # But don't reject OSU addresses. :0 * 1^1 ^\/Content-Type:.*charset=big5 * 1^1 ^\/[A-Z]+:.*[^ -~][^ -~][^ -~][^ -~] * 1^1 ^\/Received:.*\.(hk|tw) .*$ * !^(From|Reply-To):.*\<(osu|ohio-state)\.edu\> { LOG="Reject! $MATCH " :0c: junkmail :0 * ! ^Precedence: (list|bulk) * ! ^X-Mailing-List: * ! ^X-Listprocessor-Version: { LOG="BOUNCED " EXITCODE=67 } HOST } ## Cyberpromo is dead now, ## and the lists at cybernothing have been replaced by the RBL ## # Lists of evil domains # ftp://ftp.cybernothing.org/pub/abuse/ # Note that AFAIK only GNU grep does the -iqFwf options correctly #REJECTS=*.domains #:0 #* ? formail -x"From " -xReceived: -xFrom: -xMessage-Id: \ # -xReturn-Path -xX-Sender: | grep -iqFwf $REJECTS #{ # LOG="Reject! Evil domain #" # :0 # * ! ^Precedence: (list|bulk) # * ! ^X-Mailing-List: # * ! ^X-Listprocessor-Version: # { # LOG="BOUNCED #" # EXITCODE=67 # } # HOST #} ############# # List stuff ############# ### # computers (mostly work-related) ### # security stuff #:0 c: #* ^(X-Mailing-List|To|From):.*(netwog-security-announce|linux-alert|redhat-announce-list) #security # lists for work :0: * (^TO_|^From.*\<|^Reply-To:.*\<|^X-Mailing-List:.*\<)(stumgrs|usenet-cabal|distcons|listowners|utsrprts|atgrprts|security-(public|private)|osu-sun|osu-sgi(vp)?|agent99|sunsolve|wwwpt|cert-advisory|tpinfo|sunergy|wu-ftpd-bugs|sunsolve-earlynotifier|slug)@ wks-lists :0: * ^From:.*@flashback\.com\> wks-lists :0: * 1^1 ^From:.*\ sun3linux # NetBSD lists :0: * ^TO_[a-z0-9._-]*@netbsd\.org\> netbsd # AMANDA backup system :0: * (^TO_|^Resent-To:.*\<|^Return-Path:.*\<|^X-Mailing-List:.*\<)amanda[-a-z]+@(cs\.umd\.edu|amanda\.org)\> amanda # procmail list :0: * (^TO_|^X-Mailing-List:.*\<)procmail@ procmail # MUTT :0: * 1^1 (^TO_|^X-Mailing-List:.*\<)mutt[a-z-]*@(cs\.hmc\.edu|mutt\.org|gbnet\.net) * 1^1 ^Sender:.*\ | midwest-filter # BAKER CHARLIE's live shows list :0 * ^TO_(CHARLIE\+shws@|shws:) * ^From:.*CHAS { # save a copy :0c: CHARLIE+live :0: lists } # Pat Dull / Break-Up! Records # "and His Media Whores" # use list of addresses in To header :0: * ^TO_.*,.*, * ^(From|Reply-To):.*\<(DELTA@ag\.ohio\.gov|ECHO@sprintmail\.com)\> lists # Ack! cross-listed between TMJ and something else! :0 * ^X-Mailinglist: Mental Hurricane * 1^1 ^TO_\/FOXTROT@mrrogers\.RECORDINGS\.com\> * 1^1 ^From:.*\<\/contributers4-request@lists\.ubl\.com\> { LOG="Reject! $MATCH " HOST } # TMJ mailing list (GULF@cybercom.net) :0 * 1^1 ^X-Mailinglist: Mental Hurricane * 1^1 ^TO_tmj(-flash)?@ * 1^1 ^Subject:.*\[TMJ\] lists # Watershed :0: * ^From:.*\ * ! ^TO_USERID lists # Sierra Club :0: * ^From:.*@sierraclub\.org lists # Empeg Car mp3 player # http://www.empeg.com/ :0: * ^From:.*@empeg.com\> lists # CDnow (from www.cdnow.com) :0: * ^From:.*@cdnow\.com\> lists # fetchmail :0: * 1^1 ^TO_fetchmail-(friends|announce)@ * 1^1 ^X-Mailing-List:.*fetchmail-(friends|announce)@ lists # COLUG list does weird things... :0: * 1^1 ^TO_colug(-[a-z]+)?@ * 1^1 ^Subject:.*\[COLUG\] lists # Dr science isn't very consistent :0: * 1^1 ^(From|Sender):.*@drscience\.com * 1^1 ^(From|Sender|Reply-to): drscience(-[a-z]+)?@ * 1^1 ^TO_dr-?science@ lists # other lists :0: * 1^1 ^TO_(psa|explosive-cargo|gaming|mylist-events|linux-kernel-announce|mailinfo|bug-oleo|mgetty|DILBERT_NEWS)@ * 1^1 ^Sender:.*\ lists # personals - definitely not work-related :0: * ^From:.*\<(INDIA|JUNEAU|KILO\.8|LIMA\.12|MIKE?NOVEMBER|OSCAR__POPPA|QUEEN|ROMEO|SIERRA|TANGO|UNIFORM|VICTOR|WHISKEY?XRAY?|YANKEE.12|r\.ZULU|APPLE|BANANNA|CARROT|DOLE|EGGPLANT\.816|FRUIT|GRAPE\.2|HYACYNTH|ICE\.4)@ * ! ^(Resent-)?To:.*\