jumex's Anti-Spam (UCE) filter setup

This setup should get rid of most of your spam mail. As always, be careful to watch out for false negatives (email that you want but is marked as spam), and false positives (email that you don't want, but is marked as OK).
NOTE: This is designed for UNIX-like systems.

There are five files you need to get this working:

All of these files have to be in your home directory (~/) for this setup to work.

There are also three programs your system must have for this to work, they are:

Usually these files are in the /usr/bin/ directory if they are on the system. Most systems have these programs, so there is little need to worry, but you should check to see where they are on your system. If you don't have them, you can ask your system administrator to add them for you.

For advanced UNIX users:

If you are using either pine, elm, mutt, or any other email client in UNIX that allows you to pipe (|) messages to UNIX commands, then these three Korn Shell scripts might come in handy for taking care of false negatives and false positives without having to edit your .whitelist, .blacklist, and .legitlists files directly.

Make sure to put these files in a directory that is in your PATH, or you won't be able to execute them from within you email program.


.procmailrc file

HOME=/yourhomedir
MYMAIL=$HOME/yourmaildir
SPAM=$MYMAIL/Spam
EGREP=/usr/bin/egrep
DEFAULT=/yoursysteminbox

# For scoring recipes
GO       = 9876543210           # saturated max exceeds 2147483647 (infinity)
STOP     = -$GO                 # saturated min overruns -2147483647

# This dumps any email with any type of fishy attachment 
# directly into the trash. It is extremely rare that you 
# will EVER get a non-virus email that contains an attachment
# with these extensions.
:0 B
* name=.*\.(vbs\"|wsf\"|vbe\"|wsh\"|hta\"|scr\"|pif\"|shs\"|bat\"|bas\"|scr\"|dll\")
{
	:0
	/dev/null
}

:0
* ^From: \/.*
{ FROM="$MATCH" }

# whitelist
:0 H
* ? (echo "$FROM" | $EGREP -i -f $HOME/.whitelist)
${DEFAULT}

:0
* ^To: \/.*
{ TO="$MATCH" }

# let my MLs go through
:0 H
* ? (echo $TO | $EGREP -i -f $HOME/.legitlists)
${DEFAULT}

:0
* ^Cc: \/.*
{ CC="$MATCH" }

# let my MLs go through
:0 H
* ? (echo $CC | $EGREP -i -f $HOME/.legitlists)
${DEFAULT}

# blacklist
:0 H
* ? (echo $FROM | $EGREP -i -f $HOME/.blacklist)
${SPAM}

:0
* ^Reply-To: \/.*
{ REPLYTO="$MATCH" }

# blacklist
:0 H
* ? (echo $REPLYTO | $EGREP -i -f $HOME/.blacklist)
${SPAM}

# Don't trust mail with attachments or only HTML, probably spam
:0 H
* $ $GO^0 ^Content-Type:.*html*
* $ $GO^0 ^Content-Type:.*attachment*
* $ $GO^0 ^Content-Type:.*multipart*
* $ $GO^0 ^X-IMSTrailer:.*__IMail_7__*
* $ $GO^0 ^Subject:.*Delivery Bot*
${SPAM}

# sdf.lonestar.org probable Spam catch-all. Works for most spam.
:0 B
* $ $GO^0 .*<html>*
* $ $GO^0 .*<font>*
* $ $GO^0 .*<body>*
* $ $GO^0 .*<table>*
* $ $GO^0 .*<a href*
* $ $GO^0 .*to unsubscribe*
* $ $GO^0 .*unsolicited*
* $ $GO^0 .*removal link*
* $ $GO^0 .*removal instructions*
* $ $GO^0 .*click here*
* $ $GO^0 .*windows-1251*
* $ $GO^0 .*Bill Gates*
* $ $GO^0 .*spam*
* $ $GO^0 .*penis*
* $ $GO^0 .*Penis*
* $ $GO^0 .*Nigeria*
* $ $GO^0 .*\.zip*
${SPAM}
Let's explain this a little...
HOME is your home directory (~/), you should put the full path of your home directory here.
MAIL is the directory in your home directory that has all your mail folders in it, this is not your system INBOX.
SPAM is where all our spammy-looking email goes, this is the "Spam" mail directory.
ATTACH is where all mail with attachments goes. A lot of spam has attachments in it, but be careful, you should often check the "Attachments" folder for false negatives, since you might be wanting an attachment from someone not yet in your .whitelist file.
EGREP is where the egrep program is located.
FROM and TO are the "From: " and "To: " fields from each email, aka. who it is being sent from, and who it is going to.
DEFAULT is your system INBOX. On sdf.lonestar.org this directory is /mail/username, but it is different on every system.

And now for the meat of the script...
  1. The first procmail recipe is your "whitelist." The whitelist is email addresses you always want email from, like your friends, or people in your company, etc.
  2. The second one is for mailing lists. This is so all mail sent to any mailing lists you are on will always go to you.
  3. The third is your "blacklist." This is your list of known spammers. You never want to see email from these people.
  4. The forth one checks for attachments and puts all email with attachments in your attachments folder to review. More often than not, mail with attachments are spam.
  5. The fifth is a catch-all for spam. This is a list of words we check against in the body of the message. Most spam mail contain one of more of these terms. I have had very good luck using this catch-all, and I get upwards to 50 spam mail a day.

.forward file


This is the magical .forward file. What this does is forward your email to the procmail program for processing instead of putting it directly into your inbox.
NOTE: make sure to put in your own username, and check the path to the procmail program before you use this.

.blacklist file

.info
.ac
.ad
.ae
.af
.ag
.ai
.al
.am
.an
.ao
.aq
.ar
.as
.at
.au
.aw
.az
.ba
.bb
.bd
.be
.bf
.bg
.bh
.bi
.bj
.bm
.bn
.bo
.br
.bs
.bt
.bv
.bw
.by
.bz
.ca
.cc
.cd
.cf
.cg
.ch
.ci
.ck
.cl
.cm
.cn
.co
.cr
.cu
.cv
.cx
.cy
.de
.dj
.dk
.dm
.do
.dz
.ec
.ee
.eg
.eh
.er
.es
.et
.eu
.fi
.fj
.fk
.fm
.fo
.fr
.ga
.gb
.gd
.ge
.gf
.gg
.gh
.gi
.gl
.gm
.gn
.gp
.gq
.gr
.gs
.gt
.gu
.gw
.gy
.hk
.hm
.hn
.hr
.ht
.hu
.id
.ie
.il
.im
.in
.io
.iq
.ir
.is
.it
.je
.jm
.jo
.jp
.ke
.kg
.kh
.ki
.km
.kn
.kp
.kr
.kw
.ky
.kz
.la
.lb
.lc
.li
.lk
.lr
.ls
.lt
.lu
.lv
.ly
.ma
.mc
.md
.mg
.mh
.mk
.ml
.mm
.mn
.mo
.mp
.mq
.mr
.ms
.mt
.mu
.mv
.mw
.mx
.my
.mz
.na
.nc
.ne
.nf
.ng
.ni
.nl
.no
.np
.nr
.nu
.nz
.om
.pa
.pe
.pf
.pg
.ph
.pk
.pl
.pm
.pn
.pr
.ps
.pt
.pw
.py
.qa
.re
.ro
.ru
.rw
.sa
.sb
.sc
.sd
.se
.sg
.sh
.si
.sj
.sk
.sl
.sm
.sn
.so
.sr
.st
.su
.sv
.sy
.sz
.tc
.td
.tf
.tg
.th
.tj
.tk
.tl
.tm
.tn
.to
.tp
.tr
.tt
.tv
.tw
.tz
.ua
.ug
.uk
.um
.us
.uy
.uz
.va
.vc
.ve
.vg
.vi
.vn
.vu
.wf
.ws
.ye
.yt
.yu
.za
.zm
.zr
.zw
address.com
cjo@
store-news
justtechjobs.com
123india
shagaya
ntes
aol.com
trevor
koss.com
malabs.com
yahoo.com
msn.com
osource.com
jobscareers
zwallet
juno.com
koi
rsvlonline.net
usa.com
consult.com
goodairport
handbag
braindead-help
wanaboo
hotmail.com
ipswitch
rudedog
india
21cn
guitarsrule
netvigator
directmailcity
africansisters
interlync
charlies
rediffmail
crawfishnet
discount
gholly
walla
ukr
mikes@eastside.com
luisa_mrsestrada@yahoo.com
thomasmbuso@omnilect.com
bdshaw@tamu.edu
zmusic
marinecorps
netscape
tom.com
ratez
jefft@fadmail.com
fadmail
dora
cattrell@mailAccount.com
pars
loter
mail
netscape
yahoo
koss
.ua
doarmail.com
elainehan@uymail.com
doneasy
aol.com
kumikazi.com
pacbell.net
ehealthinitiative.org
barco.com
aol.co.uk
.com.au
.ch
This is the blacklist file. Feel free to use mine as a base for your own blacklist. The blacklist is important to stop spammers that are smart enough to not use standard spam mail terms.
Using it is simple. If you get a false positive, just cut and paste the email address of the spammer into the blacklist file.
For the advanced users, you can put partial email addresses, like "aol.com" to catch all addresses matching this pattern. Since we are using egrep, you can use regular expressions as well.
Only put one email address per line.
IMPORTANT: Do NOT put any blank lines in this file. A blank line means ALL, so all your email will be blacklisted.

.whitelist file

The whitelist is a lot like the blacklist, except this is for addresses you ALWAYS want mail from, like your friends, or your company, etc.
Using it is simple. Just put the email addresses you want mail from on each line, or if you get a false negative, just cut and paste the email address into the whitelist file.
For the advanced users, you can put partial email addresses, like "sdf.lonestar.org" to catch all addresses matching this pattern. Since we are using egrep, you can use regular expressions as well.
Only put one email address per line.
IMPORTANT: Do NOT put any blank lines in this file. A blank line means ALL, so all your email will go straight to you.

.legitlists file

This is where you list the mailing lists you are on. All email sent to the mailing list address will be sent to you, instead of being marked as spam.
Using it is simple. Just put the email addresses you want mail from on each line, or if you get a false negative, just cut and paste the email address into the legitlists file.
For the advanced users, you can put partial email addresses, like "logh@" to catch all addresses matching this pattern. Since we are using egrep, you can use regular expressions as well.
Only put one mailing list address per line.
IMPORTANT: Do NOT put any blank lines in this file. A blank line means ALL, so all email to any address sent to you will go straight to you.
Made by Trevor Menagh
Main site
SDF1 site
Hosted by sdf.lonestar.org
Written in Korn Shell (ksh)!

Valid XHTML 1.0!