Here's mine based on a very clever scoring system by MBM.
It has two weaknesses:
1. Chinese spam always gets through and I seem to be on a Taiwan based
spam list. I need to find a way to block "charset=BIG5"
2. Sometimes stuff gets through because it is delivered but has nothing
that gets caught by the filter. I would love to find a way to say at
the end of .forward, "anything not processed so far must be spam".
Procmail does this with the DEFAULT=~/dir setting in .procmailrc
The good thing is the scoring system allows you to filter out html spam
from yahoo accounts while receiving mail from clients who use yahoo
web-mail.
Patrick
# Exim filter
# Error trapping
if error_message then finish endif
# Scoring spam filters
# Note - this is based on http
# Step 1
# Things that are definitely spam because its either
# a spam trap mailbox or because they keep sending me unwanted mail.
if ${lc:$h_To:} matches "pkirk"
or ${lc:$h_To:} matches "pkgames"
or $h_To: matches "inbox@???"
or ${lc:$h_To:} matches "friend" # Not your friend
or ${lc:$h_From:} matches "friend" # Not my friend
or $message_body matches "Dear Friend," # Sickening
or $h_From: contains "wotch.com" # Just won't go away
or $h_subject: contains "ADV "
or $h_subject: contains "[ADV]"
or $h_subject: contains "ADV:"
then
add 1100 to n9
endif
# Step 2
# Things that are often spam. It's 2 strikes and you're out
# on this list
if $h_subject: contains "Viagra" # Real men dont need it
or ($h_Subject: matches \\\$\\\$+) # No dollars for me
or $h_subject: contains "Card" # Credit card scams
or $h_subject: contains "Weight loss Offer" # Fat is a sign of maturity
or $h_subject: contains "Lowest Mortgage Rates" # Got my mortgage
or $h_subject: contains "Free Pics" # Avoid RSI today
# Score the mail
then
add 62 to n9 # 62 might be too high?
endif
if (${lc:$message_body} matches "<script") # javascript mail
then add 62 to n9 endif
if ${lc:$message_body_end} matches "to be removed"# amazing this works
then add 62 to n9 endif
if ${lc:$message_body} matches "not junk mail" # Trust me
then add 62 to n9 endif
if ${lc:$message_body} matches "spam free" # Nothing is free
then add 62 to n9 endif
# If we find a "mailto:" link for which the address is not
# the same as the sender address or return path.
if (${lc:$message_body} matches "a\\\\shref=(['\"])mailto:([^@]@[^@])\$1"
and $2 is not {$lc:$return_path}
and $2 is not {$lc:$sender_address})
# Score the mail
then
add 62 to n9
endif
# Step 3
# There are a lot of legitimate users of hotmail and
# of html mail. There are other indications that hint
# that are not conclusive.
# So its now 3 strikes and youre out
if(${lc:$sender_address} matches
"([a-z\\\\d]+)@(lycos|hotmail|aol|yahoo|msn)\\\\.co(\\\\..*|m)" and $1 matches \\d)
then
add 41 to n9
endif
if (${lc:$message_body} matches "<html>") # html mail
then
add 41 to n9
endif
# If the To: box is empty, that's suspicious
if(${domain:${lc:$h_To:}} is "")
then
add 41 to n9
endif
# A lot of spams seem to have a subject which has a number
# (possibly in brackets) at the right-hand side, this is
# designed to catch this
if(${lc:$h_Subject:} matches "\\\\s\\\\s\\\\s\\\\s+(\\\\(\\\\d+\\\\)|\\\\d+)\\\$")
or (${domain:${lc:$h_To:}} is " ") # To: is empty
then
add 41 to n9
endif
# Now neatly put all the spam in its own special
# mailbox and log what's happened
if($n9 is above 99)
then save
$home/mail/junkmail
logfile $home/mail/.spam 0644
logwrite "[$tod_log] ${lc:$h_From:} ${lc:$h_Subject:} $n9: Filtered spam"
finish
endif
# Set up logging for non-spam emails
logfile $home/mail/.mail 0644 # ... so i can still "mailstat ~/mail/.mail"
# Allow postmaster access
if $original_local_part is postmaster
then save $home/mail/enterprise-hr.com
logwrite "[$tod_log] ${lc:$h_From:} ${lc:$h_Subject:} $n9: Postmaster"
endif
# All that pesty useful info from root and cron...
if $h_From: contains "root"
then save $home/mail/rootmail
logwrite "[$tod_log] $n9: Root message"
endif
if $h_Sender: contains "exim-users-admin@???"
then save $home/mail/lists
logwrite "[$tod_log] ${lc:$h_From:} ${lc:$h_Subject:} $n9: Exim User"
# Getting the speedtouch modem working under Linux
elif $h_To:,$h_Cc:,$h_From: contains "speedtouch"
then save $home/mail/enterprise-hr.com
logwrite "[$tod_log] ${lc:$h_From:} ${lc:$h_Subject:}: Speedtouch"
# Linux from Scratch
elif $h_Reply-To: contains "lfs-"
then save $home/mail/lfs
logwrite "[$tod_log] ${lc:$h_From:} ${lc:$h_Subject:}: LFS"
# Debian - of course
elif $h_To:,$h_Cc:,$h_From: contains "debian-user"
then save $home/mail/lists
logwrite "[$tod_log] ${lc:$h_From:} ${lc:$h_Subject:} $n9: Debian User"
# Deliveries to my enterprise-hr.com domain
elif $h_To:,$h_Cc: contains "patrick@???"
then save $home/mail/enterprise-hr.com
logwrite "[$tod_log] ${lc:$h_From:} ${lc:$h_Subject:} $n9: enterprise-hr.com"
endif
# Deliveries to my kirks.net domain
if $h_To:,$h_Cc: contains "patrick@???"
then save $home/mail/kirks.net
logwrite "[$tod_log] ${lc:$h_From:} ${lc:$h_Subject:} $n9: kirks.net "
endif
