divert(0) dnl dnl Original Version dnl ================= dnl http://quanta.kyunghee.ac.kr/~dacapo/sendmail/rulesets/quanta_spam-killer_REGEX.m4 dnl dnl Modified/Current Version dnl ------------------------ dnl http://www.Linux-Sec.net/Mail/etc.mail/linux-sec.m4 ( copy to endmail-x.y/cf/hack ) dnl dnl 23-May-02 amo Modified for my sanity - renamed to linux-sec.m4 ( aka header_chk.m4 ) dnl 25-May-02 amo Cleanup of dnl vs # for comments -- adding more error messages dnl 03-Jun-02 amo Fixed missing _foo message definitions dnl 15-Jul-02 amo Using check_local-5.1 dnl 20-Jul-02 amo Using check_local-5.3 http://www.digitalanswers.org/check_local dnl 02-Nov-02 amo using check_local-5.5 and enabled check_sircam, check_xlib, check_xuser dnl 15-Nov-02 amo Use $ in Msg_master problem dnl 21-Mar-03 amo Removed individual rules .. deny *.html based emails dnl dnl dnl VERSIONID(`@(#)quanta_spam-killer_REGEX.m4 v.1 (dacapo) 11/15/2001') dnl VERSIONID(`http://www.Linux-Sec.net/Mail/etc.mail/linux-sec.html.m4') dnl # dnl # CAUTION dnl # ------- dnl # dnl # If you use this m4 macro, and wish to receive html-based emails from friends, dnl # you will have to add your "friends" to your /etc/mail/access list dnl # dnl # divert(2) LOCAL_CONFIG KAD2000check regex -f -aAD2000 ....._NextPart_000_0..._01C0F..A\.93A..... KGammaDcheck regex -f -aGammaD \-\-\-\-\=_........_........_MA KKlezCheck regex -f -q -aKlez boundary=[A-Z][a-zA-Z0-9]+$ dnl dnl dnl Check these headers dnl HSubject: $>check_subject HContent-Type: $>check_ct HDate: $>check_date dnl dnl -- HMessage-Id: $>check_msgid HMessage-ID: $>check_msgid dnl dnl HX-MimeOLE: $>check_ole HX-Reply-To: $>check_all HX-PMFLAGS: $>check_all HX-EM-Registration: $>check_all HTo: $>check_to dnl dnl HX-Mailer: $>check_mailer HX-Spanska: $>check_happy99 dnl dnl HX-User: $>check_xuser HContent-Disposition: $>check_sircam HX-Library: $>check_xlib HErrors-To: $>check_errto dnl dnl dnl -- dnl -- AntiSpam Warning/Error Messages dnl -- dnl D{Msg_master}" Spammer $&{client_addr} $&f rejected by PostMaster@$j" dnl dnl dnl D{Bad1}"501 ${Msg_master} - Bad AD2000 check" dnl dnl D{Msg_adv}"501 ${Msg_master} - ADV mail not accepted " D{Msg_adv}"501 ${Msg_master} - ADV == Spam email rejected == " dnl D{Msg_mailer}"553 ${Msg_master} - SPAMWARE detected " dnl dnl dnl D{Msg_date}"553 ${Msg_master} - Bogus date xformat " dnl D{Msg_badto}"553 ${Msg_master} - Bad To recepients" dnl D{Msg_toomany}"553 ${Msg_master} - Too many recepients" dnl dnl D{Msg_header}"553 ${Msg_master} - Bogus header" dnl dnl D{Msg_mime}"553 ${Msg_master} - we dont read MIME " dnl dnl dnl ----------------------------------------------------------------------------------------------- dnl Example Errors Messages .. tailor them to suit your preferences and laws of your jurisdiction dnl ----------------------------------------------------------------------------------------------- dnl dnl D{Msg_korean}"553 ${Msg_master} - korean jibberish " D{Msg_big5}"553 ${Msg_master} - chinese jibberish " dnl D{Msg_french}"553 ${Msg_master} - french jibberish " dnl D{Msg_spanish}"553 ${Msg_master} - spanish jibberish " dnl dnl D{Msg_html}"553 ${Msg_master} - we dont accept html jibberish " dnl dnl D{Msg_yourmail}"553 ${Msg_master} - lairs and pretenders with fake replies" dnl dnl D{Msg_virus}"553 ${Msg_master} - Your message has " dnl dnl D{Msg_porn}"553 ${Msg_master} - No such thing " dnl dnl D{Msg_cell}"553 ${Msg_master} - We do NOT buy from spammers" dnl dnl D{Msg_Biz}"553 ${Msg_master} - We do NOT want your spam business" dnl dnl D{Msg_sales}"553 ${Msg_master} - We do NOT buy from spammers" dnl dnl D{Msg_market}"553 ${Msg_master} - We do NOT want your spam marketing" dnl dnl D{Msg_colo}"553 ${Msg_master} - We do NOT want colo" dnl dnl D{Msg_register}"553 ${Msg_master} - We do NOT want your dumb/crappy registration" dnl dnl D{Msg_newsletter}"553 ${Msg_master} - We do NOT want your dumb newsletter" dnl dnl dnl D{Msg_church}"553 ${Msg_master} - God hates spammers" dnl dnl D{Msg_psychic}"553 ${Msg_master} - We do NOT want your physic non-sense" dnl dnl dnl D{Msg_join}"553 ${Msg_master} - join spam junk" dnl dnl dnl D{Msg_junk}"553 ${Msg_master} - spam junk" dnl dnl dnl dnl dnl ============================== dnl Licensed/Regulated Activities dnl ============================== dnl D{Msg_nigscam}"553 ${Msg_master} - You have been reported to the FTC - Nigerian scam" dnl D{Msg_debt}"553 ${Msg_master} - You have been reported to the FTC/government agencies" dnl D{Msg_prizes}"553 ${Msg_master} - You have been reported to the FTC/government agencies" dnl D{Msg_casino}"553 ${Msg_master} - You're REQUIRED to have a casino license" dnl dnl dnl D{Msg_credit}"553 ${Msg_master} - You're REQUIRED to have a license" dnl D{Msg_mortgage}"553 ${Msg_master} - You're REQUIRED to have a real estate license" dnl D{Msg_insurance}"553 ${Msg_master} - You're REQUIRED to have an insurance license" dnl D{Msg_investigate}"553 ${Msg_master} - You're REQUIRED to have an investigators license" dnl D{Msg_meds}"553 ${Msg_master} - You're REQUIRED to have a medical license" dnl D{Msg_opto}"553 ${Msg_master} - You're REQUIRED to have a optomologist license" dnl D{Msg_cosmetics}"553 ${Msg_master} - You're REQUIRED to have a beautician license" dnl D{Msg_dentist}"553 ${Msg_master} - You're REQUIRED to have a DDS license" dnl D{Msg_sec}"553 ${Msg_master} - You're REQUIRED to have a securities license" dnl D{Msg_travel}"553 ${Msg_master} - You're REQUIRED to have a travel agents license" dnl D{Msg_auction}"553 ${Msg_master} - You're REQUIRED to have an auctioneer license" dnl D{Msg_copy}"553 ${Msg_master} - You're reported to the FTC with copying copyrighted material" dnl dnl LOCAL_RULESETS ################################################################## # quanta local rulesets v.1 (MAP_REGEX VERSION) since 1999 # # written by dacapo@quanta.kyunghee.ac.kr # # report your received spam to abuse@quanta.kyunghee.ac.kr # # for future updates of these rulesets :-) # ################################################################## # # http://www.sendmail.org/~ca/email/doc8.11/op-sh-5.html # # $* Match zero or more tokens # $+ Match one or more tokens # $- Match exactly one token # $=x Match any phrase in class x # $~x Match any word not in class x # ################################################### #### Local Rulesets (dacapo, 2002/02/12) ##### ################################################### # # Reject incoming spam based on "Subject" # ----------------------------------------------- # Scheck_subject R $#error $: ${Msg_adv} RADV:$* $#error $: ${Msg_adv} RADV$* $#error $: ${Msg_adv} R[ADV]$* $#error $: ${Msg_adv} R$* $#error $: ${Msg_adv} RADV-ADULT$* $#error $: ${Msg_adv} # # # # --------------------- # Licensed Activities # --------------------- # R$* casino $* $#error $: ${Msg_casino} # R$* credit $* $#error $: ${Msg_credit} # R$* debt$* $#error $: ${Msg_debt} # R$* mortgate $* $#error $: ${Msg_mortgage} R$* interest rates $* $#error $: ${Msg_mortgage} # R$* insurance $* $#error $: ${Msg_insurance} # R$* investigate $* $#error $: ${Msg_investigate} # R$* optomology $* $#error $: ${Msg_opto} R$* prescription glasses $* $#error $: ${Msg_opto} # R$* cosmetics $* $#error $: ${Msg_cosmetics} # R$* dental $* $#error $: ${Msg_dentist} # R$* prizes $* $#error $: ${Msg_prizes} # R$* stocks $* $#error $: ${Msg_sec} # R$* airline tickets $* $#error $: ${Msg_travel} # R$* auction $* $#error $: ${Msg_auction} # R$* copy $* $#error $: ${Msg_copy} # # # # ##xx R$* debt$* $#error $: ${Msg_debt} ##xx R$* let us help$* $#error $: ${Msg_debt} ##xx # ##xx # ##xx R$* bad credit $* $#error $: ${Msg_credit} ##xx R$* repair your credit $* $#error $: ${Msg_credit} ##xx R$* cre dit report $* $#error $: ${Msg_credit} ##xx R$* your credit $* $#error $: ${Msg_credit} ##xx R$* guaranteed approval $* $#error $: ${Msg_credit} ##xx R$* credit card $* approved $* $#error $: ${Msg_credit} ##xx R$* credit cards $* $#error $: ${Msg_credit} ##xx R$* unsecured credit card $* $#error $: ${Msg_credit} ##xx R$* unsecured credit cards $* $#error $: ${Msg_credit} ##xx R$* approved $* credit card $* $#error $: ${Msg_credit} ##xx R$* approved $* $#error $: ${Msg_credit} ##xx R$* unsecured visa $* $#error $: ${Msg_credit} ##xx R$* gold card $* $#error $: ${Msg_credit} ##xx R$* sick of debt $* $#error $: ${Msg_credit} ##xx # ##xx # ##xx # ##xx R$* cancer$* $#error $: ${Msg_meds} ##xx R$* prescription$* $#error $: ${Msg_meds} ##xx R$* doctor visit$* $#error $: ${Msg_meds} ##xx R$* health $* $#error $: ${Msg_meds} ##xx R$* diet $* $#error $: ${Msg_meds} ##xx R$* lose weight $* $#error $: ${Msg_meds} ##xx R$* losing weight $* $#error $: ${Msg_meds} ##xx R$* lost lbs $* $#error $: ${Msg_meds} ##xx R$* hair $* $#error $: ${Msg_meds} ##xx R$* hair loss $* $#error $: ${Msg_meds} ##xx R$* hgh$* $#error $: ${Msg_meds} ##xx R$* all natural $* $#error $: ${Msg_meds} ##xx R$* aging $* $#error $: ${Msg_meds} ##xx R$* look and feel $* younger $* $#error $: ${Msg_meds} ##xx R$* reverse aging $* younger $* $#error $: ${Msg_meds} ##xx R$* bipolar $* treatment $* $#error $: ${Msg_meds} ##xx R$* herbal $* $#error $: ${Msg_meds} ##xx # ##xx # ##xx # R$* contact lens$* $#error $: ${Msg_opto} ##xx # ##xx # ##xx # R$* cosmetics$* $#error $: ${Msg_cosmetics} ##xx # ##xx # ##xx R$* white teeth $* $#error $: ${Msg_dentist} ##xx R$* whiter teeth $* $#error $: ${Msg_dentist} ##xx R$* teeth white $* $#error $: ${Msg_dentist} ##xx R$* white smile $* $#error $: ${Msg_dentist} ##xx R$* yellow teeth $* $#error $: ${Msg_dentist} ##xx # ##xx # ##xx # 05-Nov-02 amo does seem to be case sensitive ##xx # ##xx R$* lowest rates $* $#error $: ${Msg_mortgage} ##xx R$* lower your rates $* $#error $: ${Msg_mortgage} ##xx R$* lower your interest $* $#error $: ${Msg_mortgage} ##xx R$* these rates $* $#error $: ${Msg_mortgage} ##xx R$* low rates $* $#error $: ${Msg_mortgage} ##xx R$* low interest $* $#error $: ${Msg_mortgage} ##xx R$* monthly payments $* $#error $: ${Msg_mortgage} ##xx R$* refinance $* $#error $: ${Msg_mortgage} ##xx R$* refinancing $* $#error $: ${Msg_mortgage} ##xx R$* interest rate $* $#error $: ${Msg_mortgage} ##xx R$* interest rates $* $#error $: ${Msg_mortgage} ##xx R$* mortgages $* $#error $: ${Msg_mortgage} ##xx R$* mortgage $* $#error $: ${Msg_mortgage} ##xx R$* mortgage $* points $* fee $* $#error $: ${Msg_mortgage} ##xx R$* home loan $* $#error $: ${Msg_mortgage} ##xx R$* home loans $* $#error $: ${Msg_mortgage} ##xx R$* our loans $* $#error $: ${Msg_mortgage} ##xx R$* loan application $* $#error $: ${Msg_mortgage} ##xx R$* compare rates $* $#error $: ${Msg_mortgage} ##xx # ##xx R$* finance $* $#error $: ${Msg_sec} ##xx R$* investment $* $#error $: ${Msg_sec} ##xx R$* stock $* $#error $: ${Msg_sec} ##xx R$* investing $* $#error $: ${Msg_sec} ##xx R$* equity $* $#error $: ${Msg_sec} ##xx R$* gain control $* finances $* $#error $: ${Msg_sec} ##xx R$* your boss $* $#error $: ${Msg_sec} ##xx # ##xx # ##xx R$* real estate$* $#error $: ${Msg_mortgage} ##xx # ##xx # ##xx R$* insurance $* $#error $: ${Msg_insurance} ##xx R$* life policy $* $#error $: ${Msg_insurance} ##xx R$* term life $* $#error $: ${Msg_insurance} ##xx R$* term policy $* $#error $: ${Msg_insurance} ##xx # ##xx # ##xx R$* investigate $* $#error $: ${Msg_investigate} ##xx R$* private eye $* $#error $: ${Msg_investigate} ##xx R$* asset check $* $#error $: ${Msg_investigate} ##xx R$* background check $* $#error $: ${Msg_investigate} ##xx # ##xx # ##xx R$* travel $* trip $* $#error $: ${Msg_travel} ##xx R$* escape to $* $#error $: ${Msg_travel} ##xx R$* airline $* tickets $* $#error $: ${Msg_travel} ##xx # ##xx # ##xx R$* auction $* $#error $: ${Msg_auction} ##xx # ##xx # ##xx R$* portable DVD $* $#error $: ${Msg_copy} ##xx R$* copy $* DVD $* $#error $: ${Msg_copy} ##xx R$* copy $* CD $* $#error $: ${Msg_copy} ##xx R$* CD-Writer $* $#error $: ${Msg_copy} ##xx # ##xx # ##xx R$* casino $* $#error $: ${Msg_casino} ##xx R$* play now $* $#error $: ${Msg_casino} ##xx R$* cash bonus $* $#error $: ${Msg_casino} ##xx # ##xx R$* conference championship$* $#error $: ${Msg_casino} ##xx # ##xx # # # # Pretenders # ----------- # R$* Re: your mail $* $#error $: ${Msg_yourmail} R$* hey there $* $#error $: ${Msg_yourmail} R$* your info $* $#error $: ${Msg_yourmail} R$* requested info $* $#error $: ${Msg_yourmail} R$* Info $* requested $* $#error $: ${Msg_yourmail} R$* more info $* $#error $: ${Msg_yourmail} # R$* Important $* please read $* $#error $: ${Msg_yourmail} # # # Nigerian scam # -------------- # R$* urgent $* $#error $: ${Msg_nigscam} R$* your assistance $* $#error $: ${Msg_nigscam} # # # # # Virus Stuff # ----------- # RImportant Message From $* $#error $: ${Msg_virus} Melissa virus RRe: Important Message From $* $#error $: ${Msg_virus} Melissa virus # # RILOVEYOU $#error $: ${Msg_virus} LoveLetter virus RLook at the pretty $#error $: ${Msg_virus} Klez.worm RSome advice on your shortcoming $#error $: ${Msg_virus} Klez.worm RWhy don't you reply to me? $#error $: ${Msg_virus} Klez.worm RNever kiss a stranger $#error $: ${Msg_virus} Klez.worm RHow about have dinner with me together? $#error $: ${Msg_virus} Klez.worm Rnew photos from my party! $#error $: ${Msg_virus} Win32/Myparty.worm # # # Reject incoming spam suspect based on "Content_Type" # ---------------------------------------------------- # Scheck_ct R$*boundary=WC_MAIL_PaRt_BoUnDaRy_05151998 $#error $: ${Msg_mailer} R$+ $:$(AD2000check $1 $) R$*AD2000 $#error $: ${Msg_Bad1} R$+ $:$(GammaDcheck $1 $) R$*GammaD $#error $: ${Msg_master} - SPAMWARE detected R$+ $:$(KlezCheck $1 $) R$*Klez $#error $: ${Msg_master} - Your message may contain the Klez.H worm !! # R$+boundary="====_ABC1234567890DEF_====" $#error $: ${Msg_virus} NIMDA.worm !!! R$+boundary="====_ABC123456j7890DEF_====" $#error $: ${Msg_virus} NIMDA.worm !!! R$+X-Priority$+ $#error $: ${Msg_virus} Aliz.worm !!! # # R$*EUC-KR$* $#error $: ${Msg_korean} # R$*text/plain;$*charset=ks_c_5601-1987 $#error $: ${Msg_korean} R$*charset=ks_c_5601-1987 $#error $: ${Msg_korean} R$*charset=euc-kr $#error $: ${Msg_korean} # R$* big5 $* $#error $: ${Msg_big5} R$*charset=big5 $#error $: ${Msg_big5} # R$*charset=windows-1252 $#error $: ${Msg_french} # # R$*charset="" $#error $: ${Msg_spanish} # # # it's regular ascii R$*charset="iso-8859-1" $#error $: ${Msg_html} R$*charset=iso-8859-1 $#error $: ${Msg_html} # # Reject HTML based emails # R$*text/html $#error $: ${Msg_html} R$*multipart/alternative $* $#error $: ${Msg_html} R$*multipart/report $* $#error $: ${Msg_html} R$*multipart/mixed $* $#error $: ${Msg_html} # # # # Reject incoming spam suspect based on "wrong time" # ### check_date, refer to RFC 822 # Scheck_date R$+Standard Time $#error $: ${Msg_date} R$+Daylight Time $#error $: ${Msg_date} R$+AM $#error $: ${Msg_date} R$+PM $#error $: ${Msg_date} R$+ $-:$-:$- $#error $: ${Msg_date} # # # Reject incoming spam suspect based on "bulk-mailer advertising itself" # Scheck_mailer RLightningMail$+ $#error $: ${Msg_mailer} RMailKing$+ $#error $: ${Msg_mailer} R $#error $: ${Msg_mailer} RWC Mail $+ $#error $: ${Msg_mailer} R $#error $: ${Msg_mailer} RMail Bomber $#error $: ${Msg_mailer} RThe Bat! $+ $#error $: ${Msg_mailer} RThe Red Spider $+ $#error $: ${Msg_mailer} R$+emsoft$+ $#error $: ${Msg_mailer} RMegaMail $+ $#error $: ${Msg_mailer} RDiffondiCool$* $#error $: ${Msg_mailer} REasy Mail$* $#error $: ${Msg_mailer} RSimpleX Mailer $+ $#error $: ${Msg_mailer} R$*NetPIMS$+ $#error $: ${Msg_mailer} RWay-SERIES Mailer $+ $#error $: ${Msg_mailer} RPG-MAILINGLIST PRO $+ $#error $: ${Msg_mailer} RMIME::Lite $+ $#error $: ${Msg_mailer} RMailtouch $+ $#error $: ${Msg_mailer} RImoxion MailExpress API $+ $#error $: ${Msg_mailer} RDavinci Address Mailer $+ $#error $: ${Msg_mailer} RMerge & Group Mailer Version$+ $#error $: ${Msg_mailer} REVAMAIL $+ $#error $: ${Msg_mailer} RMMailer $+ $#error $: ${Msg_mailer} Rmyself2 $#error $: ${Msg_mailer} Rusa7777@msn.com $#error $: ${Msg_mailer} RNMK Mailer $+ $#error $: ${Msg_mailer} RMicrosoft Outloo $#error $: ${Msg_mailer} RMMSLight $+ $#error $: ${Msg_mailer} RLeoric-Mail $+ $#error $: ${Msg_mailer} # # # Reject incoming spam suspect based on OLE # Scheck_ole RProduced By Microsoft MimeOLE V(null).$* $#error $: ${Msg_mime} # # # # Reject incoming spam suspect based on "MessageIDs" # --------------------------------------------------- # Scheck_msgid R< $-.$-.$- @ localhost > $#error $: ${Msg_mailer} R $#error $: ${Msg_mailer} R<$-.$-.$- $u@$h> $#error $: ${Msg_mailer} R< $+ @ $+ > $@ OK R$* $#error $: ${Msg_header} # # # Reject incoming spam suspect based on "happy virus" # Scheck_happy99 R$* $#error $: ${Msg_virus} Happy99 virus # # # default catch all # Scheck_all # R$* $#error $: 553 We do not accept mail from spammers - ${Msg_master} R$* $#error $: 553 ${Msg_master} - We do not accept mail from spammers # # # Reject incoming spam suspect based on non-existent "To:" # Scheck_to Ranonymous@$j $#error $: ${Msg_mailer} R$@ $#error $: No reciepient specified # R $#error $: ${Msg_mailer} # RUndisclosed.Recipients@$j $#error $: ${Msg_mailer} R $#error $: ${Msg_mailer} RUndisclosed.Recipients $#error $: ${Msg_mailer} # Ranonymous@$j $#error $: ${Msg_badto} # # R$* alvin $* alvin $* alvin $#error $: ${Msg_toomany} # R$* alvin $* alvin $* alvin $#error $: ${Msg_mailer} # # Rg_op@163.com $#error $: ${Msg_virus} W32/Gop.worm # # # ## xx # ## xx # Reject incoming spam suspect based on ?? ## xx # Scheck_xuser R$-.$- $#error $: ${Msg_mailer} # # Scheck_sircam RMultipart message $#error $: 550 ${Msg_virus} Sircam.worm !!! # # Scheck_xlib RWincusSMTP $+ $#error $: ${Msg_mailer} RIndy $+ $#error $: ${Msg_mailer} # # # Reject incoming spam suspect based on "cant return emails to a mua" # Scheck_errto RMicrosoft.Outlook.Express.$+@$+ $#error $: ${Msg_mailer} # divert(0) dnl # # end of modified quanta.m4 aka header_chk.m4 aka linux-sec.m4 file