divert(0) dnl dnl Original Version dnl ================= dnl http://quanta.kyunghee.ac.kr/~dacapo/sendmail/rulesets/quanta_spam-killer_REGEX.m4 dnl dnl Modified/Current Version dnl ------------------------ dnl http://www.Linux-Sec.net/Mail/etc.mail/linux-sec.m4 ( copy to endmail-x.y/cf/hack ) dnl dnl 23-May-02 amo Modified for my sanity - renamed to linux-sec.m4 ( aka header_chk.m4 ) dnl 25-May-02 amo Cleanup of dnl vs # for comments -- adding more error messages dnl 03-Jun-02 amo Fixed missing _foo message definitions dnl dnl VERSIONID(`@(#)quanta_spam-killer_REGEX.m4 v.1 (dacapo) 11/15/2001') divert(2) LOCAL_CONFIG KAD2000check regex -f -aAD2000 ....._NextPart_000_0..._01C0F..A\.93A..... KGammaDcheck regex -f -aGammaD \-\-\-\-\=_........_........_MA KKlezCheck regex -f -q -aKlez boundary=[A-Z][a-zA-Z0-9]+$ dnl dnl dnl Check these headers dnl HSubject: $>check_subject HContent-Type: $>check_ct HDate: $>check_date dnl HMessage-Id: $>check_msgid HTo: $>check_to HX-Reply-To: $>check_all HErrors-To: $>check_errto HX-MimeOLE: $>check_ole dnl dnl amo-- HX-Mailer: $>check_mailer dnl amo-- HX-MimeOLE: $>check_ole dnl amo-- HMessage-Id: $>check_msgid dnl amo-- HContent-Disposition: $>check_sircam dnl amo-- HTo: $>check_to dnl amo-- HX-Spanska: $>check_happy99 dnl amo-- HX-PMFLAGS: $>check_all dnl amo-- HX-Reply-To: $>check_all dnl amo-- HX-EM-Registration: $>check_all dnl amo-- HX-Library: $>check_xlib dnl amo-- HErrors-To: $>check_errto dnl amo-- HX-User: $>check_xuser dnl dnl D{Msg_master}" Spammer $&{client_addr} $&f rejected by PostMaster@$j" dnl dnl dnl D{Msg_Bad1}"501 ${Msg_master} - Bad AD2000 check" D{Msg_adv}"501 ${Msg_master} - ADV mail not accepted " dnl D{Msg_mailer}"553 ${Msg_master} - SPAMWARE detected " D{Msg_date}"553 ${Msg_master} - Bogus date format " dnl D{Msg_to}"553 ${Msg_master} - Bogus recipient address" D{Msg_toomany}"553 ${Msg_master} - Too many recepients" dnl dnl D{Msg_header}"553 ${Msg_master} - Bogus header" dnl dnl D{Msg_mime}"553 ${Msg_master} - we dont read MIME " dnl dnl dnl ----------------------------------------------------------------------------------------------- dnl Example Errors Messages .. tailor them to suit your preferences and laws of your jurisdiction dnl ----------------------------------------------------------------------------------------------- dnl dnl D{Msg_french}"553 ${Msg_master} - french jibberish " D{Msg_korean}"553 ${Msg_master} - korean jibberish " D{Msg_big5}"553 ${Msg_master} - chinese jibberish " D{Msg_html}"553 ${Msg_master} - we dont accept html jibberish " dnl D{Msg_yourmail}"553 ${Msg_master} - lairs and pretenders with fake replies" dnl D{Msg_virus}"553 ${Msg_master} - Your message has " D{Msg_porn}"553 ${Msg_master} - No such thing " dnl D{Msg_cell}"553 ${Msg_master} - We would like buy 1,000 cell phones a month one day" dnl D{Msg_Biz}"553 ${Msg_master} - We do NOT want your spam business" dnl D{Msg_sales}"553 ${Msg_master} - We would like buy 1,000 copies a month one day" dnl D{Msg_market}"553 ${Msg_master} - We do NOT want your spam marketing" dnl D{Msg_colo}"553 ${Msg_master} - We do NOT want your dumb/crappy colo" dnl D{Msg_newsletter}"553 ${Msg_master} - We do NOT want your dumb newsletter" dnl dnl D{Msg_psychic}"553 ${Msg_master} - We do NOT want your physic non-sense, you should already know that if you're any good" dnl dnl D{Msg_debt}"553 ${Msg_master} - You have been reported to the government agencies for providing fraudulent services" dnl D{Msg_prizes}"553 ${Msg_master} - You have been reported to the FTC government agencies for operating unlawful prizes/sweepstakes" dnl dnl dnl ------------------------------ dnl Licensed/Regulated Activities dnl ------------------------------ dnl dnl causes "Macro/class {foo}: too many long names dnl dnl D{Msg_EndLicense}" information/services and will be prosecuted to the fullest extent as provided by the Laws of California/USA" dnl D{Msg_EndLicense}" services" dnl dnl dnl D{Msg_credit}"553 ${Msg_master} - You're REQUIRED to have a personal property license to provide credit ${Msg_EndLicense}" D{Msg_credit}"553 ${Msg_master} - Providing credit info REQUIREs you to have a license" dnl dnl D{Msg_mortgage}"553 ${Msg_master} - You're REQUIRED to have a mortgage license to provide mortgage ${Msg_EndLicense}" D{Msg_mortgage}"553 ${Msg_master} - Providing mortgage info REQUIREs you to have a real estate license" dnl dnl D{Msg_insurance}"553 ${Msg_master} - You're REQUIRED to have a insurance license to provide insurance ${Msg_EndLicense}" D{Msg_insurance}"553 ${Msg_master} - Providing insurance info REQUIREs you to have an insurance license" dnl dnl D{Msg_investigate}"553 ${Msg_master} - You're REQUIRED to have a license to provide investigative ${Msg_EndLicense}" D{Msg_investigate}"553 ${Msg_master} - Providing investigative info REQUIREs you to have an investigators license" dnl dnl D{Msg_meds}"553 ${Msg_master} - You're REQUIRED to have a pharmaceutical license to provide prescriptions/medication ${Msg_EndLicense}" D{Msg_meds}"553 ${Msg_master} - Providing pharmaceutical info REQUIREs you to have a medical license" dnl D{Msg_sec}"553 ${Msg_master} - Prodividing securitues info REQUIREs you to have a securities license" dnl dnl D{Msg_travel}"553 ${Msg_master} - You're REQUIRED to have travel agents license to provide travel ${Msg_EndLicense}" D{Msg_travel}"553 ${Msg_master} - Prodividing travel info REQUIREs you to have a travel agents license" dnl dnl dnl LOCAL_RULESETS ################################################################## # quanta local rulesets v.1 (MAP_REGEX VERSION) since 1999 # # written by dacapo@quanta.kyunghee.ac.kr # # report your received spam to abuse@quanta.kyunghee.ac.kr # # for future updates of these rulesets :-) # ################################################################## # # http://www.sendmail.org/~ca/email/doc8.11/op-sh-5.html # # $* Match zero or more tokens # $+ Match one or more tokens # $- Match exactly one token # $=x Match any phrase in class x # $~x Match any word not in class x # ################################################### #### Local Rulesets (dacapo, 2002/02/12) ##### ################################################### # # Reject incoming spam suspect based on "Subject" # ----------------------------------------------- # Scheck_subject R $#error $: ${Msg_adv} RADV:$* $#error $: ${Msg_adv} RADV$* $#error $: ${Msg_adv} R[ADV]$* $#error $: ${Msg_adv} R$* $#error $: ${Msg_adv} RADV-ADULT$* $#error $: ${Msg_adv} # # R$* Make $* Money $* Fast $#error $: ${Msg_Biz} # R$* Make money $#error $: ${Msg_Biz} # R$* more money $#error $: ${Msg_Biz} R$* make money $* $#error $: ${Msg_Biz} R$* profits $* $#error $: ${Msg_Biz} R$* Increase your revenues $* $#error $: ${Msg_Biz} R$# claim $* money $* $#error $: ${Msg_Biz} # R$# home business $* $#error $: ${Msg_Biz} # # R$* debt $* $#error $: ${Msg_debt} # # R$* free $* $#error $: ${Msg_sales} R$* no cost $* $#error $: ${Msg_sales} R$* rebate $* $#error $: ${Msg_sales} R$* antivirus software $* $#error $: ${Msg_sales} R$* ink cartridges $* $#error $: ${Msg_sales} R$* inkjet cartridges $* $#error $: ${Msg_sales} # # # --------------------- # Licensed Activities # --------------------- # R$* refinance $* $#error $: ${Msg_mortgage} R$* mortgage $* $#error $: ${Msg_mortgage} R$* mortgage $* points $* fee $* $#error $: ${Msg_mortgage} # # R$* finance $* $#error $: ${Msg_sec} R$# investment $* $#error $: ${Msg_sec} R$# stock $* $#error $: ${Msg_sec} # # R$* bad credit $* $#error $: ${Msg_credit} R$* repair your credit $* $#error $: ${Msg_credit} R$* cre dit report $* $#error $: ${Msg_credit} R$* guaranteed approval $* $#error $: ${Msg_credit} R$* credit card $* approved $* $#error $: ${Msg_credit} R$* approved $* credit card $* $#error $: ${Msg_credit} R$* unsecured visa $* $#error $: ${Msg_credit} # # R$* insurance $* $#error $: ${Msg_insurance} # # R$* prescription $* $#error $: ${Msg_meds} R$* health $* $#error $: ${Msg_meds} # # R$* investigate $* $#error $: ${Msg_investigate} R$* private eye $* $#error $: ${Msg_investigate} R$* asset check $* $#error $: ${Msg_investigate} R$* background check $* $#error $: ${Msg_investigate} # # R$* travel $* trip $* $#error $: ${Msg_travel} # # # # R$* cell phone $* $#error $: ${Msg_cell} R$* phone bill $* $#error $: ${Msg_cell} # # R$* Conference calls $* $#error $: ${Msg_conf} # R$* internet advertising $* $#error $: ${Msg_market} R$* internet marketing $* $#error $: ${Msg_market} R$* potential $* internet $* $#error $: ${Msg_market} R$* MLM $* $#error $: ${Msg_market} # R$* co location $* $#error $: ${Msg_colo} R$* colo $* web hosting $* $#error $: ${Msg_colo} # RInternet Wire Technology Newsletter $#error $: ${Msg_newsletter} # R$* psychic $* $#error $: ${Msg_psychic} # # R$* prizes $* $#error $: ${Msg_prizes} R$* sweepstakes $* $#error $: ${Msg_prizes} # # R$* penis $* $#error $: ${Msg_porn} R$* breast implant $* $#error $: ${Msg_porn} R$* free porn $* $#error $: ${Msg_porn} R$* best porn $* $#error $: ${Msg_porn} R$* get hard $* $#error $: ${Msg_porn} R$* -get hard $* $#error $: ${Msg_porn} R$* men-get hard $* $#error $: ${Msg_porn} R$* cock $* $#error $: ${Msg_porn} # # R$* Re: your mail $* $#error $: ${Msg_yourmail} R$* hey there$* $#error $: ${Msg_yourmail} # # RImportant Message From $* $#error $: ${Msg_virus} Melissa virus RRe: Important Message From $* $#error $: ${Msg_virus} Melissa virus # # RILOVEYOU $#error $: ${Msg_virus} LoveLetter virus RLook at the pretty $#error $: ${Msg_virus} Klez.worm RSome advice on your shortcoming $#error $: ${Msg_virus} Klez.worm RWhy don't you reply to me? $#error $: ${Msg_virus} Klez.worm RNever kiss a stranger $#error $: ${Msg_virus} Klez.worm RHow about have dinner with me together? $#error $: ${Msg_virus} Klez.worm Rnew photos from my party! $#error $: ${Msg_virus} Win32/Myparty.worm # # Reject incoming spam suspect based on "Content_Type" # ---------------------------------------------------- # Scheck_ct R$*boundary=WC_MAIL_PaRt_BoUnDaRy_05151998 $#error $: ${Msg_mailer} R$+ $:$(AD2000check $1 $) R$*AD2000 $#error $: ${Msg_Bad1} R$+ $:$(GammaDcheck $1 $) R$*GammaD $#error $: ${Msg_master} - SPAMWARE detected R$+ $:$(KlezCheck $1 $) R$*Klez $#error $: ${Msg_master} - Your message may contain the Klez.H worm !! # R$+boundary="====_ABC1234567890DEF_====" $#error $: ${Msg_virus} NIMDA.worm !!! R$+boundary="====_ABC123456j7890DEF_====" $#error $: ${Msg_virus} NIMDA.worm !!! R$+X-Priority$+ $#error $: ${Msg_virus} Aliz.worm !!! # # R$*EUC-KR$* $#error $: ${Msg_korean} # R$*text/plain;$*charset="ks_c_5601-1987" $#error $: ${Msg_korean} R$*text/plain;$*charset=ks_c_5601-1987 $#error $: ${Msg_korean} R$*charset="ks_c_5601-1987" $#error $: ${Msg_korean} R$*charset=ks_c_5601-1987 $#error $: ${Msg_korean} R$*charset="euc-kr" $#error $: ${Msg_korean} R$*charset=euc-kr $#error $: ${Msg_korean} # R$*charset="big5" $#error $: ${Msg_big5} R$*charset=big5 $#error $: ${Msg_big5} # R$*charset="windows-1252" $#error $: ${Msg_french} # # # it's regular ascii # R$*charset="iso-8859-1" $#error $: ${Msg_html} # R$*charset=iso-8859-1 $#error $: ${Msg_html} # R$*text/html $#error $: ${Msg_html} R$*multipart/alternative $#error $: ${Msg_html} R$*multipart/report $#error $: ${Msg_html} R$*multipart/mixed $#error $: ${Msg_html} R$*multipart/mixed; $#error $: ${Msg_html} # # Reject incoming spam suspect based on "wrong time" # ### check_date, refer to RFC 822 # Scheck_date R$+Standard Time $#error $: ${Msg_date} R$+Daylight Time $#error $: ${Msg_date} R$+AM $#error $: ${Msg_date} R$+PM $#error $: ${Msg_date} #R$+ $-:$-:$- $#error $: ${Msg_date} # # Reject incoming spam suspect based on "bulk-mailer advertising itself" # Scheck_mailer RLightningMail$+ $#error $: ${Msg_mailer} RMailKing$+ $#error $: ${Msg_mailer} R $#error $: ${Msg_mailer} RWC Mail $+ $#error $: ${Msg_mailer} # R $#error $: ${Msg_mailer} RMail Bomber $#error $: ${Msg_mailer} RThe Bat! $+ $#error $: ${Msg_mailer} RThe Red Spider $+ $#error $: ${Msg_mailer} R$+emsoft$+ $#error $: ${Msg_mailer} RMegaMail $+ $#error $: ${Msg_mailer} RDiffondiCool$* $#error $: ${Msg_mailer} REasy Mail$* $#error $: ${Msg_mailer} RSimpleX Mailer $+ $#error $: ${Msg_mailer} R$*NetPIMS$+ $#error $: ${Msg_mailer} RWay-SERIES Mailer $+ $#error $: ${Msg_mailer} RPG-MAILINGLIST PRO $+ $#error $: ${Msg_mailer} RMIME::Lite $+ $#error $: ${Msg_mailer} RMailtouch $+ $#error $: ${Msg_mailer} RImoxion MailExpress API $+ $#error $: ${Msg_mailer} RDavinci Address Mailer $+ $#error $: ${Msg_mailer} RMerge & Group Mailer Version$+ $#error $: ${Msg_mailer} REVAMAIL $+ $#error $: ${Msg_mailer} RMMailer $+ $#error $: ${Msg_mailer} Rmyself2 $#error $: ${Msg_mailer} Rusa7777@msn.com $#error $: ${Msg_mailer} RNMK Mailer $+ $#error $: ${Msg_mailer} RMicrosoft Outloo $#error $: ${Msg_mailer} RMMSLight $+ $#error $: ${Msg_mailer} RLeoric-Mail $+ $#error $: ${Msg_mailer} # # Reject incoming spam suspect based on OLE # Scheck_ole RProduced By Microsoft MimeOLE V(null).$* $#error $: ${Msg_mime} # # Reject incoming spam suspect based on "MessageIDs" # --------------------------------------------------- # Scheck_msgid #R< $-.$-.$- @ localhost > $#error $: ${Msg_mailer} R $#error $: ${Msg_mailer} R<$-.$-.$- $u@$h> $#error $: ${Msg_mailer} R< $+ @ $+ > $@ OK R$* $#error $: ${Msg_header} # # Reject incoming spam suspect based on "happy virus" # Scheck_happy99 R$* $#error $: ${Msg_virus} Happy99 virus Scheck_all R$* $#error $: 553 We do not accept mail from spammers - ${Msg_master} # # Reject incoming spam suspect based on non-existent "To:" # Scheck_to Ranonymous@$j $#error $: ${Msg_mailer} R$@ $#error $: No reciepient specified R $#error $: ${Msg_mailer} RUndisclosed.Recipients@$j $#error $: ${Msg_mailer} # R$* alvin $* alvin $* alvin $#error $: ${Msg_toomany} # Rg_op@163.com $#error $: ${Msg_virus} W32/Gop.worm # # Reject incoming spam suspect based on ?? # Scheck_xuser R$-.$- $#error $: ${Msg_mailer} Scheck_sircam RMultipart message $#error $: 550 ${Msg_virus} Sircam.worm !!! Scheck_xlib RWincusSMTP $+ $#error $: ${Msg_mailer} RIndy $+ $#error $: ${Msg_mailer} # # Reject incoming spam suspect based on "cant return emails to a mua" # Scheck_errto RMicrosoft.Outlook.Express.$+@$+ $#error $: ${Msg_mailer} divert(0) dnl # # end of modified quanta.m4 aka header_chk.m4 aka linux-sec.m4 file