Automatic mail processing
Spam Filtering
The filtering language of Maildrop uses regular expressions, which allows you to build powerfull filter criteria. Below are some examples to filter more spam.
In this case, the regular expressions end with a :b, indicating that Maildrop should also search in the message body. Because this can be a CPU-intensive task, this is only done for messages smaller then 20kB.
- Filtering Spam: ~/.mailfilter
# special case for message smaller then 20kB if( $SIZE < 20000 ) { # check the body of the message too (note the /:b suffix) if( /<HEAD><TITLE>My Homepage<TITLE>/:b ) { # these e-mails get past my spam filter log "---- *SPAM* 'my homepage' not filtered" to "$MAILBOX/.Spam/" } # sorry, this Linux machine didn't sent MS-Windows virusses if( ( /infected attachment/:b ) \ || ( /quarantined/:b ) \ || ( /virus in a message you sent/:b ) ) { log "---- *SPAM* 'infected attachment message' not filtered" to "$MAILBOX/.Spam/" } } #---------------------------------------------------------- # # Virus e-mail check # if( $SIZE < 200000 ) { if( ( /www\.lovescr\.net/ ) \ || ( /www\.loverscreensaver\.net/ ) ) { # yet another cute e-mail I don't want log "---- *VIRUS* love screensaver" to "$MAILBOX/.Spam/" } if( /^Microsoft (client|parter|customer|upgrade)/:b ) { # I wouldn't believe that kind of false messages... log "---- *VIRUS* fake microsoft update" to "$MAILBOX/.Spam/" } # Match the <iframe> exploit of outlook express, that causes execution # of programs - loaded in the iframe - caused by the mangled content type. # if( /<iframe src=3D"?cid:/:b ) { log "---- *VIRUS* outlook <iframe> exploit" to "$MAILBOX/.Spam/" } # Ignore attachments with unwanted file extensions # It seams another nastry trick is also popular: # A lot of spaces between the .ext and .pif extension. # # Content-Type: audio/x-midi # <tab> name=file.ext .pif # if( /[\n\r]Content\-Type: [a-zA-Z\-\/]+;[\n\r]*[:space:]+name=.*\.(bat|pif|scr)"?[\n\r]/:bw ) { log "---- *VIRUS* unwanted extensions in content-type" to "$MAILBOX/.Spam/" } # Match for the content-disposition header too, like: # Content-Disposition: attachment; filename=file.src # if( /[\n\r]Content\-Disposition: attachment;[\n\r]*[:space:]+filename=.*\.(bat|pif|scr|exe)"?[\n\r]/:bw ) { log "---- *VIRUS* unwanted extensions in content-disposition" to "$MAILBOX/.Spam/" } # Search for a piece of attachment code # sent by a certain e-mail virus # if( /UEsDBAoAAAAAAJBKhDBiZMYWCWMAAAljAAASAAAAZm91bmRfbmV3cy50eHQuc2NyTVqQAAMA/:b ) { # zip file with virus log "---- *VIRUS* zip file matched" to "$MAILBOX/.Spam/" } }