From owner-freebsd-stable@FreeBSD.ORG Thu Sep 18 20:33:30 2003 Return-Path: Delivered-To: freebsd-stable@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 01D7D16A4B3 for ; Thu, 18 Sep 2003 20:33:30 -0700 (PDT) Received: from kanga.honeypot.net (kanga.honeypot.net [208.162.254.122]) by mx1.FreeBSD.org (Postfix) with ESMTP id 9DFC343F3F for ; Thu, 18 Sep 2003 20:33:28 -0700 (PDT) (envelope-from kirk@strauser.com) Received: from pooh.strauser.com (pooh.honeypot.net [10.0.5.128]) by kanga.honeypot.net (8.12.9/8.12.9) with ESMTP id h8J3XQ1G067374 for ; Thu, 18 Sep 2003 22:33:27 -0500 (CDT) (envelope-from kirk@strauser.com) To: freebsd-stable@freebsd.org From: Kirk Strauser Date: Thu, 18 Sep 2003 22:33:26 -0500 Message-ID: <87fzitqwop.fsf@strauser.com> Lines: 69 X-Mailer: Gnus/5.1003 (Gnus v5.10.3) Emacs/21.3 (gnu/linux) MIME-Version: 1.0 Content-Type: multipart/signed; boundary="=-=-="; micalg=pgp-sha1; protocol="application/pgp-signature" Subject: Sieve script to filter today's MS annoyances X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 19 Sep 2003 03:33:30 -0000 --=-=-= Content-Transfer-Encoding: quoted-printable I don't know what's going on, but I've been getting literally hundreds of virus/worm-looking emails per hour all day today. I grew tired of it and wrote the following Sieve script to filter my mail on the server. The pseudo-bounce messages were particularly annoying; they're close enough to the real bounce messages that I *want* to keep that they justified a little closer examination. I'll probably tighten the other message type to also examine the sender, but I doubt I'll be getting any legitimate mails that look like: Subject: latest security patch in the near future. Anyway, enjoy as you see fit. ############################################################ #### Virus detection # 2003-09-18: Something stupid and Microsofty if anyof( # This one is super-annoying; it mimics real bounce messages allof( header :matches "From" [ "email*", "internet*", "microsoft*", "ms*" ], header :matches "From" [ "*service", "*system" ], header :is "Subject" [ "abort advice", "abort letter", "Error Notice", "mail: user unknown", "Returned Mail", "returned message" ] ), # "Current Security Pack", "New Security Update", etc. allof( header :matches "Subject" [ "current*", "last*", "latest*", "microsoft*", "new*", "newest*" ], header :matches "Subject" [ "*upgrade", "*update", "*pack", "*patch" ] ) ) { fileinto "INBOX.virus.2003-09-18"; } ############################################################ =2D-=20 Kirk Strauser The Strauser Group Open. Solutions. Simple. http://www.strausergroup.com/ --=-=-= Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.3 (GNU/Linux) iD8DBQA/ankG5sRg+Y0CpvERAp8IAJ41w0Ah71lej00i5pjK9tUIOgxrsACdEoPX rrCyH5pc+LhRNOsA9zspDtQ= =goTF -----END PGP SIGNATURE----- --=-=-=--