.procmailrc: Fix Klez rule to avoid false positives

[dotfiles.git] / .procmailrc

#
# User configuration file for procmail
#

#
# SET VARIABLES

# Internal Variables

SHELL=/bin/sh               #Shell used to run procmail.  Be sure this points to
                            #your system's copy of sh.  DO NOT substitute a
                            #different shell unless you really know Unix

LINEBUF=4096                #Needed to keep Procmail from choking on long
                            #"recipes", or instructions on what to do with
                            #particular kinds of email.

PATH=$HOME/bin:$HOME/mail/bin:/bin:/usr/bin:/usr/local/bin
                            #Path for your programs -- this is probably best
                            #left alone.

VERBOSE=off                 #Change this to "on" when you try a new recipe
                            #so that Procmail will log literally every step
                            #it takes.  DO NOT LEAVE IT ON, though, because
                            #it creates huge logfiles.

# Default Program & file locations

MAILDIR=${HOME}/Mail        #you'd better make sure this directory exists

#ORGMAIL=/var/spool/mail/phd
#DEFAULT=${ORGMAIL}

LOGFILE=${MAILDIR}/procmail.log      #Logs message disposition.  Recommended -- otherwise
                                     #errors are emailed to you. :/

SENDMAIL=/usr/sbin/sendmail    #useful for autoreply recipes.
FORMAIL=/usr/bin/formail       #useful for autoreply recipes.


MYEMAIL=${HOME}/mail/misc/.myemail   #Tells Procmail where your MYEMAIL
                                     #file is located, a text file containing all the
                                     #email addresses you use.

ADMINFOLDER=${MAILDIR}/admin         #for bounced mail, mail from root,
                                     #postmaster, abuse, etc.

BLOCKFOLDER=${MAILDIR}/block         #for suspicious mail, but possibly not spam

BULKFOLDER=${MAILDIR}/bulk           #for bulk mail which appears legitimate, such
                                     #as mail from mailing lists or mail sent using
                                     #Bcc:

SPAMFOLDER=${MAILDIR}/spam           #change this to SPAMFOLDER=/dev/null
                                     #to delete spam entirely.

VIRUSFOLDER=/dev/null                #Set this variable to /dev/null to delete
                                     #all viruses. You don't want to take chances with a virus,
                                     #and the false positive rate on the virus filters is near zero.

# BEGIN RECIPES


# Create a backup cache of 2000 most recent messages in case of mistakes
:0 c
backup

  :0 ic
  | cd backup && rm -f dummy `ls -t msg.* | sed -e 1,2000d`

# Regenerate "From" lines to make sure they are valid
:0 fhw
| ${FORMAIL} -I "From " -a "From "


# *CLOSED (only subscribers can write)* MAILING LISTS
# No need to filter them for spam

:0
* ^(From|To|Cc|Reply-To): .*((mlug@unixcenter\.ru)|@altlinux\.ru)
lists/mlug

:0
* ^List-Id: Moscow Linux User Group <mlug\.UnixCenter\.RU>
lists/mlug

:0
* ^(To|Cc|Reply-To|Resent-To|X-BeenThere): .*(-list@(python\.org|cwi\.nl))
lists/python

:0
* ^Sender: .*@python\.org
lists/python

:0
* ^List-Id: .*<python-.*\.python\.org>
lists/python

:0
* ^Newsgroups: .*comp\.lang\.python
lists/python

:0
* ^From: sitelist-bounces@lists\.sourceforge\.net
* ^To: .*-owner@lists\.sourceforge\.net
* ^Subject: Uncaught bounce notification
${SPAMFOLDER}

:0
* ^From: .*-bounces@lists\.sourceforge\.net
* ^To: .*-owner@lists\.sourceforge\.net
* ^Subject: Auto-discard notification
${SPAMFOLDER}

:0
* ^List-Id: .+<sqlobject-(discuss|cvs)\.lists\.sourceforge\.net>
lists/python

:0
* ^To: "(\[sqlobject:(bugs|patches)\] )|(Ticket [0-9]+)" <[0-9]+@(bugs|patches)\.sqlobject\.p\.re\.sf\.net>
* ^Reply-To: "?(\\?\[sqlobject:(bugs|patches)\\?\] )|(Ticket [0-9]+)"? <[0-9]+@(bugs|patches)\.sqlobject\.p\.re\.sf\.net>
* ^Subject: (\[SQL-CVS\] )?\[sqlobject:(bugs|patches)\] (Re: )?\#[0-9]+
lists/python

:0
* ^From: "SQLObject Git repository" <noreply@(fullhistory|sqlobject|scripts)\.sqlobject\.p\.re\.sf\.net>
* ^To: "SQLObject Git repository" <noreply@(fullhistory|sqlobject|scripts)\.sqlobject\.p\.re\.sf\.net>
* ^Reply-To: "SQLObject Git repository" <noreply@(fullhistory|sqlobject|scripts)\.sqlobject\.p\.re\.sf\.net>
* ^Subject: \[sqlobject:(fullhistory|sqlobject|scripts)\]
lists/python

:0
* ^From: .+<notifications@github\.com>
* ^To: sqlobject/sqlobject <sqlobject@noreply\.github\.com>
* ^List-ID: sqlobject/sqlobject <sqlobject\.sqlobject\.github\.com>
lists/python

:0
* ^List-Id: .*<cheetahtemplate-(announce|discuss)\.lists\.sourceforge\.net>
lists/python

:0
* ^Sender: ppa-qps-devel-admin@lists\.sourceforge\.net
lists/python

:0
* ^List-Id: PyGreSQL Development <pygresql\.vex\.net>
lists/python


# Now filters

# Klez
:0 B
* ^Content-Transfer-Encoding: base64
* name( ?)=.*\.(exe|bat|scr|pif)
| ${FORMAIL} -A"X-Note: Klez" -A"X-Folder: Virus" >${VIRUSFOLDER}

# Sobig.E
:0 HB
* ^Subject: Re: (Movie|Application)$
* ^Content-Transfer-Encoding: base64
* ^Content-Disposition: attachment;
* filename=.your_details\.zip
| ${FORMAIL} -A"X-Note: Sobig.E" -A"X-Folder: Virus" >${VIRUSFOLDER}

# Sobig.F
:0 H
* ^Subject: .*(Thank you!|Your application|That movie|Approved|Details|My details|Your details|Wicked screensaver)$
* ^X-MailScanner: Found to be clean$
| ${FORMAIL} -A"X-Note: Sobig.F" -A"X-Folder: Virus" >${VIRUSFOLDER}

# MyDoom/Novarg
:0 HB
* <50000
* ^Subject: (test|hi|hello|Mail Delivery System|Mail Transaction Failed|Server Report|Status|Error|)$
* ^Content-type: application/octet-stream;
* (file)?name="(document|readme|doc|text|file|data|test|message|body)\.(pif|scr|exe|cmd|bat|zip)
| ${FORMAIL} -A"X-Note: MyDoom" -A"X-Folder: Virus" >${VIRUSFOLDER}

# Netsky
:0
* > 20000
* < 60000
* ^Subject:[ ]*(hi|hello|read it immediately|\
something for you|warning|information|stolen|fake|unknown)
* B ?? ^(anything ok\?|what does it mean?|ok|\
i'm waiting|read the details\.|here is the document\.|\
read it immediately\!|my hero|\
here|is that true?|is that your name?|is that your account?|\
i wait for a reply\!|is that from you?|you are a bad writer|\
I have your password\!|something about you\!|\
kill the writer of this document\!|i hope it is not true\!|\
your name is wrong|i found this document about you|\
yes, really\?|that is bad|here it is|see you|\
greetings|stuff about you\?|something is going wrong!|\
information about you|about me|from the chatter|\
here, the serials|here, the introduction|here, the cheats|\
that's funny|do you\?|reply|take it easy|why\?|\
thats wrong|misc|you earn money|you feel the same|\
you try to steal|you are bad|something is going wrong|\
something is fool)$
* B ?? ^(Content-Disposition:[  ]*attachment;)?[        ]*(file)?name="?(document|msg|doc|talk|message|creditcard|\
details|attachment|me|stuff|posting|textfile|concert|\
information|note|bill|swimmingpool|product|\
topseller|ps|shower|aboutyou|nomoney| found|\
story|mails|website|friend|jokes|location|\
final|release|dinner|ranking|object|mail2|part2|\
disco|party|misc)\..*(zip|exe|scr|com|pif)"?$
| ${FORMAIL} -A"X-Note: Netsky" -A"X-Folder: Virus" >${VIRUSFOLDER}

# Bagle.J
:0
* ^Subject:(.*E-mail account disabling warning)|\
   (.*E-mail account security warning)|\
   (.*Email account utilization warning)|\
   (.*Important notify about your e-mail account)|\
   (.*Notify about using the e-mail account)|\
   (.*Notify about your e-mail account utilization)|\
   (.*Warning about your e-mail account)
* B ?? ^Content-Type: application/octet-stream;
* B ?? ^Content-Transfer-Encoding: base64
* B ?? ^Content-Disposition: attachment;
| ${FORMAIL} -A"X-Note: Bagle.J" -A"X-Folder: Virus" >${VIRUSFOLDER}


# From http://www.internetguru.com.au/igblog-102.html

# Redirect common virus attachments inc. zipped versions
:0 B
* name=.*(document|readme|doc|text|file|data|test|message|body)\.(vbs\"|wsf\"|vbe\"|wsh\"|hta\"|scr\"|pif\"|exe\"|shs\"|bat\"|bas\"|cmd\"|zip\")
{
   :0
   | ${FORMAIL} -A"X-Note: executable attachment virus" -A"X-Folder: Virus" >>${VIRUSFOLDER}
}

# Some more common virus attachments inc. zipped versions
:0 B
* name=.*(Attach|Information|Readme|Document|Info|TextDocument|Textfile|MoreInfo|Message)\.(pif\"|zip\")
{
   :0
   | ${FORMAIL} -A"X-Note: executable attachment virus" -A"X-Folder: Virus" >>${VIRUSFOLDER}
}

# Redirect windows executables (note - haven't included exe and com
:0 B
* name=.*\.(vbs\"|wsf\"|vbe\"|wsh\"|hta\"|scr\"|pif\"|shs\"|bat\"|bas\"|scr\"|dll\")
{
   :0
   | ${FORMAIL} -A"X-Note: executable attachment virus" -A"X-Folder: Virus" >>${VIRUSFOLDER}
}

# This one finds them annoying Custom Logo spams that seem to get past most filters
:0 B
* .*out\.php\?email\=(sales|info)\@
{
   :0
   | ${FORMAIL} -A"X-Note: Custom Logo spam" -A"X-Folder: Spam" >>${SPAMFOLDER}
}

# This catches about 99% of deliberate viagra mispellings ie v1@GRa, v1agr@ etc
:0 H
* ^Subject.*[Vv][1jl\|][aA\@][Gg][Rr][Aa\@]
{
   :0
   | ${FORMAIL} -A"X-Note: viagra spam" -A"X-Folder: Spam" >/dev/null
}


# Chineese/japaneese/korean spam

:0
* ^Content-Type: text/(plain|html); *charset=("?)(big5|gb2312|iso-2022-jp|ks_c_5601-1987|shift_jis)("?)
| ${FORMAIL} -A"X-Note: chineese/japaneese/korean charset" -A"X-Folder: Spam" >/dev/null

:0
* ^X-RBL-Warning: .*(china|korea) does not seem to care about spam
| ${FORMAIL} -A"X-Note: chineese/korean source" -A"X-Folder: Spam" >>${SPAMFOLDER}


# SpamAssassin (spamassassin.org)
:0fw
* < 10240000
| spamc -U /tmp/spamassassin.sock -s 10240000


# Mail with a score of 14 or higher is certainly spam
:0:
* ^X-Spam-Level: \*\*\*\*\*\*\*\*\*\*\*\*\*\*
| ${FORMAIL} -A"X-Note: certainly spam" -A"X-Folder: Spam" >/dev/null

:0:
* ^X-Spam-Status: Yes
* > 20000
| ${FORMAIL} -A"X-Note: oversized spam" -A"X-Folder: Spam" >/dev/null

:0 HB:
* ^X-Spam-Status: Yes
* http://www\.gstinc\.com/
| ${FORMAIL} -A"X-Note: gstinc spam" -A"X-Folder: Spam" >/dev/null

:0 HB:
* ^X-Spam-Status: Yes
* (www\.)?sonidom\.ru
| ${FORMAIL} -A"X-Note: sonidom spam" -A"X-Folder: Spam" >/dev/null

:0 HB:
* ^X-Spam-Status: Yes
* (www\.)?pos-tel\.ru
| ${FORMAIL} -A"X-Note: pos-tel spam" -A"X-Folder: Spam" >/dev/null

:0 HB:
* ^X-Spam-Status: Yes
* @besttraining\.ru
| ${FORMAIL} -A"X-Note: besttraining spam" -A"X-Folder: Spam" >/dev/null

:0:
* ^X-Spam-Status: Yes
${SPAMFOLDER}


# MAILING LISTS

# Filter out mail from all mailing lists you are on. Just duplicate the recipe
# for each mailing list you are on, and put the correct address for the list in
# the condition statement. (The "* ^TO" part.) If you read mail on shell, you
# may find it easier to deliver this mail to separate folders, especially for
# busy lists. I do. :)


# Block all messages that are too big
:0
* > 1000000
| ${FORMAIL} -A"X-Note: the message is too big" -A"X-Folder: Block" >>${BLOCKFOLDER}


# unfiltered mail marked by exim (using RBL/ORBS/etc)

:0
* ^X-RBL-Warning:
* ^(To|Cc):.*phd
${BLOCKFOLDER}

:0
* ^X-RBL-Warning:
${SPAMFOLDER}


# Sort out mail that really is to you from mail Bcc'd to you, or mail
# which doesn't have any of your email addresses on the To: or Cc: line.
# For this to work properly, you must create a text file named .myemail
# in your home directory and enter all email addresses that belong to
# you in it, one per line, just as you do with your .nobounce file.
#
# This does =wonders= in keeping spam from appearing in your personal
# mail. :)
#
# Substitute your shell account email address, custom domain, and any other email
# address you may have for the entries below.
:0:
* ? test -f ${MYEMAIL} && \
    (${FORMAIL} -zxTo: -zxCc: |\
    fgrep -i -f ${MYEMAIL})
| ${FORMAIL} -A"X-Folder: Default" >>${DEFAULT}

# Deliver email which passed spam filtering, but which wasn't sent to
# a recognizable personal email address of yours, to your "bulk mail"
# folder, for reading on a less-urgent basis.
:0:
| ${FORMAIL} -A"X-Folder: Bulk" >>${BULKFOLDER}


# Vacation - modified version of procmail example from "man procmailex"

# Drop duplicates
#:0 Wh: msgid.lock
#| ${FORMAIL} -D 65536 msgid.cache
#
#:0 Whc: vacation.lock
#* !^From: .*phd
#* !^FROM_MAILER
#* !^FROM_DAEMON
#* !^X-Loop: phd@phdru.name
#* !^X-Loop: phd@iskra.aviel.ru
#* !^From: "AviTicket" <support@aviel\.ru>
#* !^From: .* <lj_notify@livejournal\.com>
#* !^From: .*report_card@sbrf.ru
#| ${FORMAIL} -rD 65536 vacation.cache
#
#:0 ehc  # if the name was not in the cache - reply
#| (egrep -v '^From phd|^Return-Path: phd' | \
#   ${FORMAIL} -r -A"Precedence: junk" \
#      -A"X-Loop: phd@phdru.name" -A"X-Loop: phd@iskra.aviel.ru" \
#      -A"Content-Type: text/plain; charset=koi8-r"; \
#   echo "Hello!"; echo "";\
#   echo "   I am on vacation. This is an auto-generated reply. Your message has been"; \
#   echo "delivered to my mailbox. Thanks a lot. I will read it after 0th of ."; \
#   echo ""; \
#   echo "Здравствуйте."; echo ""; \
#   echo "   Я уехал в отпуск. Это автоматический ответ. Ваше сообщение было доставлено."; \
#   echo "в мой почтовый ящик. Большое спасибо. Я прочту его, когда вернусь 0 ."; \
#   echo ""; cat $HOME/.signature) | $SENDMAIL -oi -t