jumex's Anti-Spam (UCE) filter setup

This setup should get rid of most of your spam mail. As always, be careful to watch out for false negatives (email that you want but is marked as spam), and false positives (email that you don't want, but is marked as OK).
NOTE: This is designed for UNIX-like systems.

There are five files you need to get this working:

All of these files have to be in your home directory (~/) for this setup to work.

There are also three programs your system must have for this to work, they are:

Usually these files are in the /usr/bin/ directory if they are on the system. Most systems have these programs, so there is little need to worry, but you should check to see where they are on your system. If you don't have them, you can ask your system administrator to add them for you.

For advanced UNIX users:

If you are using either pine, elm, mutt, or any other email client in UNIX that allows you to pipe (|) messages to UNIX commands, then these three Korn Shell scripts might come in handy for taking care of false negatives and false positives without having to edit your .whitelist, .blacklist, and .legitlists files directly.

Make sure to put these files in a directory that is in your PATH, or you won't be able to execute them from within you email program.

.procmailrc file

HOME=/yourhomedir
MYMAIL=$HOME/yourmaildir
SPAM=$MYMAIL/Spam
EGREP=/usr/bin/egrep
DEFAULT=/yoursysteminbox

# For scoring recipes
GO       = 9876543210           # saturated max exceeds 2147483647 (infinity)
STOP     = -$GO                 # saturated min overruns -2147483647

# This dumps any email with any type of fishy attachment 
# directly into the trash. It is extremely rare that you 
# will EVER get a non-virus email that contains an attachment
# with these extensions.
:0 B
* name=.*\.(vbs\"|wsf\"|vbe\"|wsh\"|hta\"|scr\"|pif\"|shs\"|bat\"|bas\"|scr\"|dll\")
{
	:0
	/dev/null
}

:0
* ^From: \/.*
{ FROM="$MATCH" }

# whitelist
:0 H
* ? (echo "$FROM" | $EGREP -i -f $HOME/.whitelist)
${DEFAULT}

:0
* ^To: \/.*
{ TO="$MATCH" }

# let my MLs go through
:0 H
* ? (echo $TO | $EGREP -i -f $HOME/.legitlists)
${DEFAULT}

:0
* ^Cc: \/.*
{ CC="$MATCH" }

# let my MLs go through
:0 H
* ? (echo $CC | $EGREP -i -f $HOME/.legitlists)
${DEFAULT}

# blacklist
:0 H
* ? (echo $FROM | $EGREP -i -f $HOME/.blacklist)
${SPAM}

:0
* ^Reply-To: \/.*
{ REPLYTO="$MATCH" }

# blacklist
:0 H
* ? (echo $REPLYTO | $EGREP -i -f $HOME/.blacklist)
${SPAM}

# Don't trust mail with attachments or only HTML, probably spam
:0 H
* $ $GO^0 ^Content-Type:.*html*
* $ $GO^0 ^Content-Type:.*attachment*
* $ $GO^0 ^Content-Type:.*multipart*
* $ $GO^0 ^X-IMSTrailer:.*__IMail_7__*
* $ $GO^0 ^Subject:.*Delivery Bot*
${SPAM}

# sdf.lonestar.org probable Spam catch-all. Works for most spam.
:0 B
* $ $GO^0 .*<html>*
* $ $GO^0 .*<font>*
* $ $GO^0 .*<body>*
* $ $GO^0 .*<table>*
* $ $GO^0 .*<a href*
* $ $GO^0 .*to unsubscribe*
* $ $GO^0 .*unsolicited*
* $ $GO^0 .*removal link*
* $ $GO^0 .*removal instructions*
* $ $GO^0 .*click here*
* $ $GO^0 .*windows-1251*
* $ $GO^0 .*Bill Gates*
* $ $GO^0 .*spam*
* $ $GO^0 .*penis*
* $ $GO^0 .*Penis*
* $ $GO^0 .*Nigeria*
* $ $GO^0 .*\.zip*
${SPAM}
Let's explain this a little...
HOME is your home directory (~/), you should put the full path of your home directory here.
MAIL is the directory in your home directory that has all your mail folders in it, this is not your system INBOX.
SPAM is where all our spammy-looking email goes, this is the "Spam" mail directory.
ATTACH is where all mail with attachments goes. A lot of spam has attachments in it, but be careful, you should often check the "Attachments" folder for false negatives, since you might be wanting an attachment from someone not yet in your .whitelist file.
EGREP is where the egrep program is located.
FROM and TO are the "From: " and "To: " fields from each email, aka. who it is being sent from, and who it is going to.
DEFAULT is your system INBOX. On sdf.lonestar.org this directory is /mail/username, but it is different on every system.

And now for the meat of the script...
  1. The first procmail recipe is your "whitelist." The whitelist is email addresses you always want email from, like your friends, or people in your company, etc.
  2. The second one is for mailing lists. This is so all mail sent to any mailing lists you are on will always go to you.
  3. The third is your "blacklist." This is your list of known spammers. You never want to see email from these people.
  4. The forth one checks for attachments and puts all email with attachments in your attachments folder to review. More often than not, mail with attachments are spam.
  5. The fifth is a catch-all for spam. This is a list of words we check against in the body of the message. Most spam mail contain one of more of these terms. I have had very good luck using this catch-all, and I get upwards to 50 spam mail a day.

.forward file