procmail recipe

mosten at positive.topekafoundry.com mosten at positive.topekafoundry.com
Mon May 8 12:03:15 PDT 2000


We were hit pretty hard by this last virus. I've decided that I need to do
something to stop people from making dumb mistakes, and making my life hell....

I need to come up with a procmail recipe that filters out certain email
extensions, and certain headers, emails the sender, recipient, and root
explaining that we do not accept windows executable attachments.

What I plan to do eventully is create a cgi that can be used to create
additional rules to block spam and extensions on the fly. I thought that this
would be a good forum for a group procmail recipe creation, and when it is done,
I will submit it to freshmeat with each contributor in the credits.

What I have so far (and I am certainly no procmail expert) is the following.
(this is a processor intensive hack at best, I am not in love with it, feel free
to go in a diffrent direction).




:0 D

* ^Subject:[ ]+ILOVEYOU
/dev/null


:0 D

* ^Subject:[ ]+iloveyou
/dev/null

0 D
* ^Subject:[ ]+Mother's Day Order Confirmation
/dev/null


:0 BH

* ^Content\-Disposition:.*attachment.*filename.*\.exe
attachments


:0 BH

* ^Content\-Disposition:.*attachment.*filename.*\.vbj
attachments


:0 BH

* ^Content\-Disposition:.*attachment.*filename.*\.com
attachments


:0 BH

* ^Content\-Disposition:.*attachment.*filename.*\.bat
attachments


:0 BH

* ^Content\-Disposition:.*attachment.*filename.*\.xls
attachments


:0 BH

* ^Content\-Disposition:.*attachment.*filename.*\.vbj
attachments


:0 BH

* ^Content\-Disposition:.*attachment.*filename.*\.vbs
attachments


:0 BH

* ^Content\-Disposition:.*attachment.*filename.*\.cmd
attachments

:0
* B ?? regedit
/dev/null



What it does now is dump anything in the above rules into the void, that's not
very elegant, but it worked in the pinch.

-----------------------------------
Michael Osten |
http://positive.topekafoundry.com |
-----------------------------------

Flanders: Homer, affordable tract housing made us neighbors, but you made
us friends.

Homer: To Ned Flanders, the richest left-handed man in town.

-- Homer Simpson
When Flanders Failed



More information about the Linux mailing list