Sieve script to filter today's MS annoyances
Oliver Fromme
olli at lurza.secnetix.de
Fri Sep 19 10:29:16 PDT 2003
Kirk Strauser <kirk at strauser.com> wrote:
> I don't know what's going on, but I've been getting literally hundreds of
> virus/worm-looking emails per hour all day today. I grew tired of it and
> wrote the following Sieve script to filter my mail on the server.
>
> The pseudo-bounce messages were particularly annoying; they're close enough
> to the real bounce messages that I *want* to keep that they justified a
> little closer examination. I'll probably tighten the other message type to
> also examine the sender, but I doubt I'll be getting any legitimate mails
> that look like:
>
> Subject: latest security patch
>
> in the near future. Anyway, enjoy as you see fit.
I got lots of those, too. From looking at the headers,
there didn't seem to be very reliable things to identify
that crap, so i decided to filter by body.
The following is an excerpt from my ~/.mailfilter (I'm
using /usr/ports/mail/maildrop):
if (/^"September 2003, Cumulative Patch" update which /:b || \
/^Content-Type: audio\/x-(wav|midi); name="[a-z]*\.(exe|com|bat|scr)")/:b)
{
to "$HOME/Mail/fake-ms-crap"
}
Regards
Oliver
--
Oliver Fromme, secnetix GmbH & Co KG, Oettingenstr. 2, 80538 München
Any opinions expressed in this message may be personal to the author
and may not necessarily reflect the opinions of secnetix in any way.
C++: "an octopus made by nailing extra legs onto a dog"
-- Steve Taylor, 1998
More information about the freebsd-stable
mailing list