[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [leafnode-list] filtering spam articles using the "from" field

On Sat, 1 May 2004, Mark wrote:

> There is a lot of spam lately that has names in the "from" field such as
> jamiescot@xxxxxxxxxxxxxxxx
> deanmartin@xxxxxxxxxxxxxxxx
> peterreid@xxxxxxxxxxxxxxxx
> Is there any way to create a leafnode filter that will reject all posts 
> based on the .shawcable.net.

It's actually fairly easy, but you may want to reconsider just a bit. 
I believe you will find that a lot of legitimate posts in your spool 
from users @xx.shawcable.net since shaw is one of the bigger cable 
connectivity providers in Canada.
The following filter will work:

pattern = ^From:.*shawcable.net
action = kill
But from glancing at your example, you would probably gain a lot more
with less damage by rejecting articles that are excessively
crossposted. There is no legitimate reason that I can think of for
anything to be crossposted to all of those groups (in fact it looks
like troll sign rather than spam). Note that it is more effective to
use a filter that looks for excessive commas (,) in the Newsgroups:
header than it is to use the maxcrosspost directive.)

For example:

pattern = ^Newsgroups:.*,.*,.*,.*,
action = kill

will reject any articles crossposted to 5 or more newsgroups. On my 
system I limit it to 3 (pattern = ^Newsgroups:.*,.*,.*,) and anything 
crossposted to 4 or more will be rejected.


leafnode-list mailing list