[HCoop-Discuss] Filtering out bogus bounce notification e-mails
Karl Chen
quarl at cs.berkeley.edu
Sat Jan 27 21:16:14 EST 2007
>>>>> On 2007-01-25 03:46 PST, Adam Chlipala writes:
Adam> In the one day I've been test-driving this, it's worked
Adam> _almost_ perfectly. The single exception so far is that
Adam> e-mail notifications from Mailman with moderation
Adam> requests end up in my Bounces folder. Any suggestions
Adam> for improvements from the combined font of wisdom that
Adam> we have on this mailing list?
Here's an excerpt of my mail filter for filtering junk - it's much
more complicated (and more conservative) than just checking the
Precedence header though, since not all
challenge-response/vacation/etc implementations set it, and also
some "bulk" mail isn't junk (e.g. mailing-list related).
my $lsubject = $subject;
$lsubject =~ s/\*\*\* SPAM \[[0-9.]+\] \*\*\* //;
$lsubject =~ s/^\[[a-z-]+\] //;
# undeliverables not for myself
#
# "(\[[a-z-]+\] )?" is for mailing list subject prefixes, e.g.
# "[cs-grads] Undeliverable mail"
my $is_from_mailer_daemon = (
Header("Return-Path") eq '' ||
$from =~ /^mailer-daemon\@/mi ||
$from =~ /^postmaster\@/mi ||
$raw_from =~ /^MAILER-DAEMON$/i ||
$from =~ /^MDaemon\@/ ||
$from =~ /^#\@/ || # qmail
$from =~ /^mailfilter\@/i ||
$from =~ /^AntiVirus_Gateway\@/ ||
$from =~ /^virus-admin.ch\@/ ||
$from =~ /^virusalert\@/ ||
$from =~ /^Antivirus-Daemon\@/ ||
$from =~ /^virus\@/ ||
$from =~ /^Administrator\@/ ||
$from =~ /proofpoint-pps\@/ ||
$from =~ /MailSecurityServer\@/ ||
0);
# Addresses which I would never send from, so any returned mail, etc. to those
# addresses are junk.
my $is_to_junky_address;
die 'FILL THIS IN';
# *** set this for your wildcard domains excluding From addresses you might
# use, and also mailing lists, e.g. (m/\@example.com/ &&
# !m/quarl\@example.com/)
my $is_delivery_junk_subject;
for ($lsubject) {
$is_delivery_junk_subject = (
m/^Returned mail([:.]|$)/i ||
m/^Undelivered Mail Returned to Sender/ ||
m/^(Undeliverable|Undelivered)( mail)?(:|$)/i ||
m/^(Mail )?delivery (failed|failure|unsuccessful|problems?) *(:|$)/i ||
m/^NDN: / ||
m/^Permanent Delivery Failure$/ ||
m/^Spam Notification/ ||
m/^Delivery Report$/i ||
m/^Delivery Status Notification/ ||
m/^Delivery Status$/ ||
m/^Delivery Notification: Delivery has failed/i ||
m/^Delivery Notification for </i ||
m/^failure notice$/i ||
m/^failure delivery$/i ||
m/^Warning: message [a-z0-9-]+ delayed [0-9]+ hours/i ||
m/^Warning: could not send message for past [0-9]+ hours/i ||
m/Notificaci(.|=F3)n[ _]del[ _]estado[ _]de[ _]la[ _]entrega/i ||
m/^Unzustellbar:/ ||
m/^Message could not be delivered$/ ||
m/^Considered UNSOLICITED BULK EMAIL, apparently from you$/ ||
m/^[*][*]Message you sent blocked by/ ||
m/^Mail System Error - Undeliverable Mail/ ||
m/^Network Associates Webshield - e-mail Content Alert/ ||
m/^ArgentinaChicago Wrong Email/ ||
m/^BANNED message from you/ ||
m/^BANNED \(.*?\) IN MAIL FROM YOU/ ||
m/^[*][*]Virus in mail from you[*][*]/ ||
m/^Sender Virus-alert/ ||
m/^Virus Alert$/ ||
m/^Considered UNSOLICITED BULK EMAIL from you$/ ||
m/^VIRUS IN YOUR MAIL$/ ||
m/^Non[ _]remis( :|=A0=3A)/ ||
m/^Returned Mail - Error During Delivery/ ||
m/^Problems delivering your mail$/ ||
m/^Delivery failure notification - / ||
m/^Mail could not be delivered$/ ||
m/^\[MailServer Notification\]Attachment Blocking Notification/ ||
m/^Undeliverable Mail - User Unknown/ ||
m/^Message status - undeliverable$/ ||
m/^Warning: E-mail viruses detected/ ||
m/^Email contained Restricted Attachment Type/ ||
m/Virus .*? infected attachment .*? removed/ ||
m/^Mail System Error - Returned Mail/ ||
m/^Postmaster Notification -- Attachment Removed/ ||
m/^Email refused Automated message:/ ||
0);
}
my $precedence = Header("Precedence");
my $is_autoreply_junk_subject;
for ($lsubject) {
$is_autoreply_junk_subject = (
m/^Out of Office AutoReply:/ ||
m/^Out of Office$/i ||
m/^R(é|=E9)ponse[ _]automatique[ _]d('|=27)absence[ _]du[ _]bureau/ ||
# Vacation
(Header("User-Agent") =~ m#^Vacation/# &&
$precedence =~ /bulk/ &&
m/^out of office$/) ||
(m/^Abwesenheitsnotiz:/) ||
($precedence =~ /bulk/ &&
m/^Automatic response to your mail/) ||
# Automatisk svar når du er borte fra kontoret:
(m/^Automatisk[ _]svar[ _]n(å|=E5)r[ _]du[ _]er[ _]borte[ _]fra[ _]kontoret/) ||
# Request Tracker (RT)
(Header("X-Managed-By") =~ /Request Tracker/ &&
$precedence =~ /bulk/ &&
$from =~ /^rt\@/ &&
m/#[0-9]+\]/ &&
1 #body: has been received and assigned a request number
) ||
(Header("X-Mailer") =~ /Kayako SupportSuite/ &&
Header("X-Priority") =~ /3/) ||
### Challenge-response systems (TMDA, etc.):
# TMDA
($precedence =~ /bulk/ &&
Header("Auto-Submitted") =~ /auto-replied/ &&
Header("X-Delivery-Agent") =~ /TMDA/) ||
(m/^Automatic message from SafestMail/) ||
# Active Spam Killer
(Header("X-AskVersion") && m/^Please confirm/) ||
(Header("X-Autogenerated") eq 'Reply') ||
(Header("X-Autorespond")) ||
(m/^Authorisation required to send emails to /) ||
($precedence =~ /autoreply/) ||
## redundant with just checking Precedence junk
# (Header("X-Mailer") =~ /Confixx Autoresponder/ &&
# $precedence =~ /junk/) ||
# SpamArrest
(Header("X-Spamarrest-noauth") =~ /1/ &&
$from =~ /\@spamarrest.com/) ||
# Boxtrapper
(Header("X-Boxtrapper") &&
m/^Your email requires verification/) ||
# Servage.net AntiSpam
($from =~ /^antispam\@servage.net/ &&
m/^Autoreply:/) ||
# Spamrival.com
($from =~ /NoReply\@spamrival.com/ &&
Header("X-Mailer") =~ /S p a m R i v a l . c o m/) ||
($from =~ /verify\@0spam.com/) ||
(Header("X-Sanitizer") =~ /Advosys mail filter/ &&
$from =~ /noreply\@/) ||
(Header("X-ChoiceMail-Registration-Request") =~ /ChoiceMail registration request/) ||
(m/^Seu email requer a verifica/) ||
# Majordomo
($from =~ /^Majordomo\@/ && m/^Majordomo results: /) ||
# Mailman
(Header("X-Mailman-Version") &&
m/^Your message to Mailman awaits moderator approval/) ||
# Lyris ListManager
($from =~ /lyris-admin\@/) ||
# Imail
($from =~ /^imailsrv\@/ &&
m/^Illegal IMail List Server Command!/) ||
# Yahoo groups
($from =~ /confirm.*\@yahoogroups[.]/ &&
(m/^Please confirm your request to join/ ||
m/^Por favor, confirme su pedido de/)) ||
# how nice :)
$precedence =~ /junk/ ||
(Header("Auto-Submitted") =~ /auto-replied/ &&
m/^Autoresponder$/) ||
($from =~ /pmgsender\@returns.mb00.net/ &&
m/^Address Incorrect/) ||
(m/^Your message \[/) ||
(m/^Automated reply from /) ||
(Header("X-Mailer") =~ /TFS Secure Messaging Server/ &&
m/^TFS Delivery Failure:/) ||
0);
}
# if ($trace) {
# print "## lsubject=$lsubject\n";
# print "## is_from_mailer_daemon=$is_from_mailer_daemon\n";
# print "## is_delivery_junk_subject=$is_delivery_junk_subject\n";
# print "## is_to_junky_address=$is_to_junky_address\n";
# print "## is_autoreply_junk_subject=$is_autoreply_junk_subject\n";
# }
if ($is_from_mailer_daemon && $is_delivery_junk_subject && $is_to_junky_address)
{
Accept "junk";
}
# mailer-daemon junk that is actually addressed to me, but highly spammy so
# probably junk anyway
if ($is_from_mailer_daemon && $is_delivery_junk_subject && $spam_level > 12)
{
Accept "junk";
}
if ($is_autoreply_junk_subject && $is_to_junky_address)
{
Accept "junk";
}
--
Karl 2007-01-27 18:00
More information about the HCoop-Discuss
mailing list