Date: Wed, 14 Jan 1998 07:40:08 -0800 (PST) From: "Eric J. Schwertfeger" <ejs@bfd.com> To: Norman C Rice <nrice@emu.sourcee.com> Cc: "Paul T. Root" <proot@horton.iaces.com>, questions@FreeBSD.ORG Subject: Re: procmail problems. Message-ID: <Pine.BSF.3.96.980114072816.12113A-100000@harlie.bfd.com> In-Reply-To: <19980113204001.34528@emu.sourcee.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, 13 Jan 1998, Norman C Rice wrote: > > * ^From:.*hotmail.com > > . > > . > > . > > /dev/null > > > > But hotmail stuff still comes through. What do I need to do? Is it > > * ^From.*@hotmail.com? Is the email showing up in your procmail log? (ie, are you sure that procmail is getting its chance to filter?). It works fine for me. You can either configure procmail as the local delivery agent in sendmail, or use a .forward file to stuff it into > :0: > * ^From.*hotmail > /dev/null Actually, until the spammers learn better, you can block forged hotmail without blocking the real hotmail with this rule: # Forged mail from hotmail, wrong Received header :0 * ^From:.*@hotmail.com * !^Received:.*(from|by) [^ ]*hotmail.com /dev/null The [^ ] is a space and a tab, ie, no whitespace allowed. Of all the spam I've received, only one forged hotmail spam has also forged a received header to bypass this rule, and one of my other rules caught it. A similar rule works for yahoomail, usanet, rocketmail, juno, etc. My spam filter (a much-tuned version of junk.filter) catches better than 95% of the spam, and the only stuff that gets incorrectly classified is people that set up their home machines to send email with a hotmail/juno/rocketmail/yahoomail/etc email address.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.3.96.980114072816.12113A-100000>