Code:
# http://www.benzedrine.cx/milter-regex.html
# let this be first or it will be gone
accept
envrcpt /xen@xxx.de/
accept
envrcpt /xxx@sun.com/
# for local bcc
accept
envrcpt /root@vs160xxx.vserver.de/
discard
envrcpt /restart@foobar.de/
discard
envrcpt /cvsweb@foobar.de/
discard
envrcpt /someone@foobar.de/
HAS_UNKNOWN_RECEIVED = header /^Received/ /from unknown /ei
reject "Frogged Intention(1)"
$HAS_UNKNOWN_RECEIVED
accept
connect /bar.net/ //
#accept
#connect /mail.openbc.com //
discard
connect /ipa167.74.91.tellas.gr/ //
discard
connect /83.19.247.34/ //
discard
connect /81.35.92.33/ //
discard
connect /60.48.104.17/ //
discard
envfrom /tiddhmk@braim.com.ar/
discard
connect /89.139.173.8/ //
reject "Goto Hell!!1elf"
envfrom /<>/
#reject "Goto Hell!!1elf"
#envfrom / <> /
accept
connect /hormel.redhat.com/ //
accept
connect /lists.cluenet.de/ //
# FIXME
# sage at guug
accept
connect /82.165.34.161/ //
#reject "hicks"
#envfrom /\dw.*@.*\>/
accept
envfrom /foobar@gmx.net/
discard
envfrom /Nadim.Martins@aroundthehounds.com/
accept
connect /plasma.jpberlin.de/ //
discard
connect /88.251.232.137/ //
discard
connect /88.235.113.42/ //
reject "Sorry no dynamic"
connect /.dyn.user.ono.com/ //
reject "Sorry no dynamic"
connect /*.dyn.user.ono.com/ //
reject "Sorry no dynamic"
connect /[0-9].dyn.user.ono.com/ //
reject "Sorry no dynamic (net.tr)"
connect /*.ttnet.net.tr/ //
reject "Goto Hell!!1elf"
connect /apay.com.tw/ //
reject "Goto Hell!!1elf"
connect /korea.com/ //
reject "Goto Hell!!1elf"
connect /210.107.47.18/ //
reject "Goto Hell!1elf"
connect /.*retail.telecomitalia.it/ //
reject "Goto Hell!1elf"
connect /[0-9].retail.telecomitalia.it/ //
reject "Goto Hell!!1elf"
connect /daum.net/ //
reject "Goto Hell!!1elf"
connect /ns.motorsports-online.net/ //
reject "Goto Hell!!1elf"
connect /yahoo.com/ //
#works
#reject "test"
#helo /\[77\.132\.149\.66.$\]/n
#reject "test schlumpf"
#helo /\[[0-9][0-9][0-9]\.[0-9][0-9][0-9][0-9]\.[0-9][0-9][0-9]\.[0-9][0-9][0-9]\]/n
# DNS/Helo Namen enthalten kein [ oder ]
reject "Schlumpf!!11elf"
helo /\[/
reject "Schlumpf!!11elf"
helo /\]/
reject "What?"
helo /dsldevice.lan*$/
#helo /^127\.0\.0\.[0-9]*$/
reject "What?"
helo /speedtouch.lan*$/
reject "What?"
helo /*.lan*$/
reject "What?"
helo /elephas.theplanet.host*$/
reject "What?"
helo /uaswfb.css.od.ua*$/
reject "What?"
helo /.kornet*$/
reject "What?"
helo /n1*$/
reject "What?"
helo / dsl*$/
reject "What?"
helo / *foobar*$/
reject "What?"
helo /*[A-Z]*$/
reject "What?"
helo /.*.retail.telecomitalia.it*$/
reject "What?"
helo /.*dynamic.*$/
#reject "What?"
#helo /ppp.*$/
#Schlumpf
#reject "Spammers goto hell today!!!, kill THEM!!"
#reject "Schlumpf!"
#connect /0.0.0.0/ //
#reject "Spammers goto hell today!, kill THEM!!"
#reject "Schlumpf!"
#connect /.*/ //
reject "No, thanks"
#header /^(TO|FROM|SUBJECT)$/ei
body /"heisse Singles"/ei
#tempfail "Sender IP address not resolving"
#tempfail "Sender IP in another dimension"
#tempfail "want some viagra? :p"
tempfail "Botnet attempts will be persecuted by Law!"
connect /\[.*\]/ //
#Schlumpf
#reject "Spammers goto hell today!!!, kill THEM!!"
#reject "Schlumpf!"
#connect /0.0.0.0/ //
#reject "Spammers goto hell today!, kill THEM!!"
#reject "Schlumpf!"
#connect /.*/ //
reject "No, thanks"
#header /^(TO|FROM|SUBJECT)$/ei
body /"heisse Singles"/ei
#tempfail "Sender IP address not resolving"
#tempfail "Sender IP in another dimension"
#tempfail "want some viagra? :p"
tempfail "Botnet attempts will be persecuted by Law!"
connect /\[.*\]/ //
# reject "Malformed HELO (not a domain, no dot)"
reject "Malformed"
helo /\./n
# reject "Malformed RCPT TO (not an email address, not <.*@.*>)"
reject "Malformed"
envrcpt /<(.*@.*|Postmaster)>/ein
reject "HTML mail not accepted"
# use comma as delimiter here, as / occurs within RE
header /^Content-type$/i ,^text/html,i and (envrcpt /<m@/ein)
body ,^Content-type: text/html,i and (envrcpt /<m@/ein)
# Swen worm
discard
header /^(TO|FROM|SUBJECT)$/e //
header /^Content-type$/i /boundary="Boundary_(ID_/i
header /^Content-type$/i /boundary="[a-z]*"/
body ,^Content-type: audio/x-wav; name="[a-z]*\.[a-z]*",i
# Some nasty spammer
reject "Business Corp spam, get lost"
body /^Business Corp. for W.& L. AG/i and \
( body /043.*317.*0285/ or body /0041.43.317.02.85/ )
#tempfail "All Queues full, please try again later"
discard
helo /^www.MyMainServer.com*$/
discard
helo /^indiamedia.com*$/
# From Christopher Kruslicky:
tempfail "Malformed HELO"
helo /^62\.75\.160\.xxx$/
tempfail "Malformed HELO"
helo /^127\.0\.0\.1$/
# "(can't be me)"
tempfail "Malformed HELO"
helo /^127\.0\.0\.[0-9]*$/
#Dynamic host addresses
#
# From Darren Henderson:
## from your examples, tempfailing non-resolving rDNS connections
#
# tempfail "Sender IP address not resolving"
tempfail "Sender IP address is on holiday"
connect /\[.*\]/ //
#reject "Sorry, are you from the past?"
#header /^Date: [A-Z][a-z][a-z], [0-9[0-9] [A-Z][a-z][a-z] [1-2][0-9]0[0-6]/ //
#body /^Date: [A-Z][a-z][a-z], [0-9[0-9] [A-Z][a-z][a-z] [1-2][0-9]0[0-6]/ //
#Date: Thu, 30 Jun 2005 15:10:02 GMT
# postmaster spam
NULL_SENDER = envfrom /^<>/
FRIENDLY_HOST = connect // /ucarp\.de/
discard
$NULL_SENDER and not $FRIENDLY_HOST
# reject things that look like they might come from a dynamic address
# reject "Looks like a dynamic address"
reject "Looks like a bad day"
connect /[0-9][0-9]*\-[0-9][0-9]*\-[0-9][0-9]*/ //
connect /[0-9][0-9]*\.[0-9][0-9]*\.[0-9][0-9]*/ //
connect /[0-9]{12}/e //
# RTFM!
# So, we reject anything that has three digit sets deperated by a
# dash, (ie
# adsl-134-11-333-11.someisp.net). We reject anything that has 3 or more
# numeric subdomains, (ie dialup.123.45.67.8.someisp.net). And finally reject
# any address that has a group of 12 digits, (ie
# pool123045067003.someisp.net).
#
#Forged Outlook headers
#
# Analyzing the spam that still gets delivered (and then promptly detected by
# SpamAssassin), I found that most of it uses fake Outlook headers. So let's
# add a rule to detect that inline (blatantly stealing [33]rules from
# SpamAssassin ;).
#
HAS_MIMEOLE = header /^X-MimeOLE$/ //
HAS_MSMAIL_PRI = header /^X-MSMail-Priority$/ //
HAS_X_MAILER = header /^X-Mailer$/ //
HAS_OUTLOOK_IN_MAILER = header /^X-Mailer$/ /Microsoft (CDO|Outlook) /e
MISSING_OUTLOOK_NAME = ( $HAS_MIMEOLE or $HAS_MSMAIL_PRI ) and \
$HAS_X_MAILER and not $HAS_OUTLOOK_IN_MAILER
OUTLOOK_MUA = header /^X-Mailer$/ / Outlook /
OUTLOOK_MSGID_1 = header /^Message-ID$/ \
/^<[0-9a-f]{12}\$[0-9a-f]{8}\$[0-9a-f]{8}@>$/
OUTLOOK_MSGID_2 = header /^Message-ID$/ \
/^<[A-Za-z0-9-]{7}[A-Za-z0-9]{20}@hotmail\.com>$/
IMS_MSGID = header /^Message-ID$/ \
/^<[A-F]{36,40}@>$/
UNUSABLE_MSGID = header /^List-Unsubscribe$/ //
FORGED_MUA_OUTLOOK = $OUTLOOK_MUA and not ( $UNUSABLE_MSGID or \
$OUTLOOK_MSGID_1 or $OUTLOOK_MSGID_2 )
MSGID_OE_SPAM_4ZERO = header /^Message-ID$/ \
/<[a-f0-9]{12}\$[a-f0-9]{8}\$0000[a-f0-9]{4}@/
#reject "Forged Outlook headers"
reject "Frogged Intention"
$MISSING_OUTLOOK_NAME or $FORGED_MUA_OUTLOOK or $MSGID_OE_SPAM_4ZERO
HAS_X_ORGIP_LOCALHOST = header /^X-Originate-IP: 127.0.0.1$/ //
HAS_X_ORGIP_LOCALHOST2 = header /^X-Originating-IP: 127.0.0.1$/ //
HAS_X_ORGIP_ME = header /^X-Originate-IP: 62.75.160.xxx$/ //
HAS_X_ORGIP_ME2 = header /^X-Originating-IP: 62.75.160.xxx$/ //
reject "Frogged Intention"
$HAS_X_ORGIP_LOCALHOST or $HAS_X_ORGIP_ME or $HAS_X_ORGIP_LOCALHOST2 or $HAS_X_ORGIP_ME2
Nicht besonders sauber, aber ein paar gute Filter.
Gruss
403
Lesezeichen