From owner-freebsd-stable@FreeBSD.ORG Fri Sep 19 14:48:31 2003 Return-Path: Delivered-To: freebsd-stable@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 3E24E16A4E0 for ; Fri, 19 Sep 2003 14:48:31 -0700 (PDT) Received: from phoenix.gargantuan.com (rrcs-se-24-73-171-238.biz.rr.com [24.73.171.238]) by mx1.FreeBSD.org (Postfix) with ESMTP id 256B743FE5 for ; Fri, 19 Sep 2003 14:48:28 -0700 (PDT) (envelope-from michael@gargantuan.com) Received: from localhost (localhost.gargantuan.com [127.0.0.1]) by spamassassin-injector (Postfix) with SMTP id 42CBD1A3; Fri, 19 Sep 2003 17:48:27 -0400 (EDT) Received: from cyclops.gargantuan.com (cyclops.gargantuan.com [IPv6:3ffe:c00:8034:a00::18]) by phoenix.gargantuan.com (Postfix) with ESMTP id 88176124; Fri, 19 Sep 2003 17:48:15 -0400 (EDT) From: "Michael W. Oliver" To: Kirk Strauser , freebsd-stable@freebsd.org Date: Fri, 19 Sep 2003 17:48:09 -0400 User-Agent: KMail/1.5.3 References: <87fzitqwop.fsf@strauser.com> In-Reply-To: <87fzitqwop.fsf@strauser.com> X-Personal-Email: michael@gargantuan.com X-WWW-Site: http://michael.gargantuan.com X-GPG-Public-Key: $WWW-Site/gnupg/pubkey.asc X-Home-Phone: +1-863-816-8091 X-Mobile-Phone: +1-863-738-2334 X-Home-Address: 8008 Apache Lane, Lakeland, FL, US 33810-2172 MIME-Version: 1.0 Content-Type: Text/Plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Content-Description: clearsigned data Content-Disposition: inline Message-Id: <200309191748.14394.michael@gargantuan.com> X-Spam-Status: No, hits=-102.0 required=5.0 tests=AWL,IN_REP_TO,PGP_SIGNATURE,REFERENCES,USER_AGENT_KMAIL, USER_IN_WHITELIST autolearn=ham version=2.55 X-Spam-Level: X-Spam-Checker-Version: SpamAssassin 2.55 (1.174.2.19-2003-05-19-exp) Subject: Re: Sieve script to filter today's MS annoyances X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: michael@gargantuan.com List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 19 Sep 2003 21:48:31 -0000 =2D----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 +--- On Thursday, September 18, 2003 23:33 --- | Kirk Strauser proclaimed: | | I don't know what's going on, but I've been getting literally hundreds of | virus/worm-looking emails per hour all day today. I grew tired of it and | wrote the following Sieve script to filter my mail on the server. | | The pseudo-bounce messages were particularly annoying; they're close | enough to the real bounce messages that I *want* to keep that they | justified a little closer examination. I'll probably tighten the other | message type to also examine the sender, but I doubt I'll be getting any | legitimate mails that look like: | | Subject: latest security patch | | in the near future. Anyway, enjoy as you see fit. | I have found the following line in my Postfix body_checks.regexp to be very= =20 satisfying: /^TVqQAAMA/ REJECT Sorry, no executables allowed... zip it up. Googling for that eight character string revealed it as the common=20 denominator for win32 execs. =2D --=20 Mike perl -e 'print unpack("u","88V]N=3D&%C=3D\"!I;F9O(&EN(&AE861E