SHELL=/bin/sh PATH=/usr/local/bin:/util/bin:/usr/ucb:/usr/bin VERBOSE=off MAILDIR=$HOME/Mail PMDIR=$HOME/.procmail LOGFILE=$PMDIR/log # CSE runs ClamAV to detect viruses in incoming mail. # ClamAV inserts an X-Virus-Status mail header into each # message's existing headers. ClamAV scans messages for # known virus signatures that are in its virus definitions # file. If a message contains a known virus signature, # ClamAV sets its X-Virus-Status to Infected. This rule drops # infected messages by sending them to the "null device". # Because this rule will catch a lot of junk, keep it high up # within .procmailrc. :0: *X-Virus-Status: Infected.* /dev/null # Whitelist important people; allow them to send you anything, # even spam and bulk mail. Because these rules are below the # Virus rule, procmail will drop viruses from whitelisted people. # If you want to allow them to send you viruses, put them above # the Virus rule. :0 * From:.*my_mother@gmail.com>?$ Mom :0 * From:.*my_brother@stanford\.edu>?$ My_Brother # CSE runs SpamAssassin to detect spam in incoming mail. # SpamAssassin inserts an X-Spam-Flag mail header into each message's # existing headers. SpamAssassin decides whether to set the flag to # [YES|NO] by using a variety of mechanisms, including text analysis, # Bayesian filtering, DNS blocklists, and collaborative filtering databases. # This rule sends mail whose X-Spam-Flag=YES to IN.BULK. # Because this rule will catch a lot of junk, keep it high up within # .procmailrc. :0: *X-Spam-Flag: YES IN.BULK # CSE runs Distributed Checksum Clearinghouse (DCC) to detect bulk # messages in incoming mail. DCC operates on the premise that most # spam mails have several copies floating around. So if one server # finds a mail to be spam, it does a checksum of the mail and posts # the hash to a central, collaborative, repository. The next server # receiving this mail would get the DCC results and can more easily # identify the spam. Our DCC implementation inserts a # X-DCC-Buffalo.EDU-Metrics mail header into each message's existing # headers. The X-DCC-Buffalo.EDU-Metrics Fuz2 field shows how many times # DCC has counted this message at various locations around the Internet. # After seeing a message a certain number of times, DCC stops counting # instances of the same message and just assigns Fuz2 = many. # # Trouble is, some bulk messages are *desirable*. # # If you receive bulk messages from listservs, conference announcements, # or other large-membership groups, you don't want those messages getting # lost among "junk" bulk mail. Put rules to process good bulk mail above # the two DCC rules. # If a message originates from outside of buffalo.edu and contains # conference invitation text in the message body, route it to your default # mail spool. :0B *!^From:.*buffalo\.edu$ * .*( Call for Papers | Call for Participation | Call for papers | Call for participation | call for papers | call for participation | CFP | Conference | conference| Deadline | deadline | Las Vegas | Refereed | refereed | Register| register | Registration | registration | Submission | Submissions | submission | submissions ).* $ORGMAIL # Place messages from known technology organizations into a file called # 'Tech-Spam'. :0 * ^.*cert-advisory@cert\.org>?$ Tech-Spam :0 * ^.*@sans\.org>?$ Tech-Spam :0 * ^.*@usenix\.org>?$ Tech-Spam # Now that you've treated your good bulk mail, implement the DCC # rules to route junk bulk mail to IN.BULK. # If a message originates from outside of buffalo.edu and DCC has # seen it more than 50 times, route it to IN.BULK. :0: *!^From:.*buffalo\.edu *X-DCC.*(Body|Fuz[1234])=([0-9]*[0-9][0-9][0-9]|[5-9][0-9]) IN.BULK # If a message originates from outside of buffalo.edu and DCC has # seen it 'many' times, route it to IN.BULK. :0: *!^From:.*buffalo\.edu *X-DCC.*(Body|Fuz[1234])=many IN.BULK