[unisog] brain dead spam complaints

Sylvain Robitaille syl at alcor.concordia.ca
Thu Dec 11 20:20:42 GMT 2003


On Thu, 11 Dec 2003, Chris Edwards wrote:

> Luckly, its false-spam-allegation messages all seem to have this header:
>
>   X-SpamKiller-AutoReply:

Ooooh!  I hadn't noticed that.  This means it should be trivial to
create a procmail script to send back the canned response automatically.
How about something like this (syl quickly copies his "Declude auto-
responder" and adapts it):

:0 HB
* ^TO(abuse|postmaster)@((smtp1|smtp2|smtp3)\.)?domain\.edu
* ^X-SpamKiller-AutoReply:
* ^I have received the attached unsolicited e-mail from
* ^I do not wish to receive such messages in the future
{
   # -- gather info about message
   :0 ch
   subject=| formail -x "Subject:"
   :0 ch
   from=|    formail -x "From:"

   # -- Store a copy of the original.
   :0 c
   | $FILE +$FOLDERS/postmaster

   # auto responder:
   :0
    | ( \
        echo "From: University Postmaster <postmaster at domain.edu>"; \
        echo "To: $from"; \
        echo "Subject: faulty spam report (was $subject)"; \
        echo "Precedence: junk"; \
        echo "Date: `date '+%d %h %Y %T %Z'`"; \
        echo "X-Old-Subject: $subject"; \
        echo "X-Was-From: $from"; \
        echo "X-Loop: auto-reply"; \
        echo ""; \
        echo "[ this is an automatic reply to your software's automatic report ... ]"; \
        echo ""; \
        echo "Please note that your spam reporting software (\"McAfee"; \
        echo "Spamkiller\") is broken software, as it relies on easily"; \
        echo "forged information to attempt to determine the provenance of"; \
        echo "a message."; \
        echo ""; \
        echo "Please replace your software with a package that does not"; \
        echo "rely on false information to send its reports, or at least"; \
        echo "turn off the reporting function of the software you're using."; \
        echo ""; \
        echo "Thank you."; \
        echo ""; \
        echo "If you have reason to believe that my conclusion is"; \
        echo "incorrect, and that this message really did originate"; \
        echo "from a computer system at This University, please"; \
        echo "do let me know, and please do not hesitate to contact me"; \
        echo "about inappropriate activity from any computer system at"; \
        echo "This University."; \
        echo ""; \
        echo "-- "; \
        [ -f ${SIGNATURE} ] && cat ${SIGNATURE}; \
        echo; \
        cat; \
      ) | sendmail -t -oi -om
}

I'm going to review more of those messages before actually implementing
this, but the Declude version of that was rather effective at reducing
the number of automatic Declude reports I was receiving.  :-)

-- 
----------------------------------------------------------------------
Sylvain Robitaille                              syl at alcor.concordia.ca

Systems analyst / Postmaster                      Concordia University
Instructional & Information Technology        Montreal, Quebec, Canada
----------------------------------------------------------------------



More information about the unisog mailing list