Filtered

by | Jan 21, 2007 | 6 comments

This is pretty geeky, but I’m proud, dammit. So who cares.

I learned how to write spam filters for Spamassassin in Perl regular expressions. The problem was that I was getting tons of spam bounced to me by mail servers. Seems that someone has put my domain on a list of domains that spammers can use to send mail from. I was getting all kinds of “undeliverable” error messages addressed to things like jdfksajf @ mydomain.com and popoijh @ mydomain.com. The original messages were sent by spambots that were using random addresses from my domain, and naturally the bounces would come back to me. I’d wake up with about 30 of these damn things in my inbox. Since the addresses were random, it was pretty difficult to filter them. I could filter all mail with the words “undeliverable” or “failure” in the subject, but then I might miss out on actual bounce messages for mail that I really did send.

What I needed was a filter that would detect if a message did not come from my real email address, and then automatically delete it if it appeared to be a bounce message:

header __MY_ADDRESS To !~ /my@address.com/
header __UNDELIV01 Subject =~ /undeliverable/i
header __UNDELIV02 From =~ /postmaster/i
header __UNDELIV03 From =~ /daemon/i
meta META_MY_UNDELIV (__MY_ADDRESS && (__UNDELIV01 || __UNDELIV02 || __UNDELIV03))
score META_MY_UNDELIV 8

That was the result of a couple of hours of wrapping my puny brain around a few pages about writing Spamassassin filters and regular expressions. Maybe someone will Google it and find it useful. If you did find this in Google, just edit the filter to put your real email address in there instead of the fake one I used (duh). You can also add more numbered __UNDELIV filters as you find necessary. The double underscores at the beginning are important for these, so don’t omit them. 🙂

6 Comments

  1. james
    james on January 22, 2007 at 12:18 am

    i wish there was a way to crash/infect computers/isp of those sending those nigerian email scam emails, try sending a reply to the sender results in the email being sent back to you as undelivered etc.Be nice to screw up those bots sending spam and infect the computers they operate from!! IE: some type of worm program. OOOH I wish I was a hacker sometimes…the stuff I could devise!!

  2. Diny
    Diny on January 22, 2007 at 9:57 am

    GEEKNESS OV3RL04D!!!!!

  3. superkev
    superkev on January 22, 2007 at 8:21 pm

    yeah… never reply to spam. there are only 2 options when you do that. 1 – the address is fake so your message will not get to the spammer, or worse yet, get to someone unrelated (like me)… 2 – the address belongs to the spammer and they now know you have a working email address so you’ll get even more spam. just delete it and move on with life.

  4. olya
    olya on January 23, 2007 at 1:05 am

    how come i keep failing math?

    i keep trying to say to post it to some large info-blog

  5. superkev
    superkev on January 23, 2007 at 1:07 am

    yeah i thought you’d be good at math for some reason 😛 i might try to make it available on the spamassassin wiki. who knows 🙂

  6. d
    d on January 30, 2007 at 7:12 pm

    Geeks rule!