Discussion:
Moving large messages to spam folder
Chris
2017-02-13 02:19:01 UTC
Permalink
Anything bigger than 100k has the subject appended as below. Lately
I've been getting messages from yahoo accounts that run about 630k give
or take that I know are spam and I'd like to have them moved with
procmail to my spam folder automatically. I found the 2nd formail
recipe below by doing some googling and put it into my .procmailrc.
Instead of using the sender IP I've been putting the CIDR into the
badips file - 98.136.192.0/18 for example. I don't want to filter out
all of yahoo because I have a few yahoo mailing lists I'm on. Does this
make sense or is there a much easier way to do this?

:0 fh w
* > 100000
* ^Subject:\/.*
| formail -I "Subject: {* -BIG- *} $MATCH"

:0
* ? formail -x"From:" -x"Sender:" \
    -x"Reply-To:" -x"Return-Path:" \
    | egrep -is -f /home/chris/badips
$JUNKMAIL

Thanks for any assistance
Chris
--
Chris
KeyID 0xE372A7DA98E6705C
31.11972; -97.90167 (Elev. 1092 ft)
20:06:05 up 9 days, 12:04, 2 users, load average: 0.07, 0.16, 0.17
Description: Ubuntu 16.04.2 LTS, kernel 4.4.0-62-generic
@lbutlr
2017-02-16 03:53:36 UTC
Permalink
Post by Chris
Anything bigger than 100k has the subject appended as below. Lately
I've been getting messages from yahoo accounts that run about 630k give
or take that I know are spam and I'd like to have them moved with
procmail to my spam folder automatically. I found the 2nd formail
recipe below by doing some googling and put it into my .procmailrc.
Instead of using the sender IP I've been putting the CIDR into the
badips file - 98.136.192.0/18 for example. I don't want to filter out
all of yahoo because I have a few yahoo mailing lists I'm on. Does this
make sense or is there a much easier way to do this?
:0 fh w
* > 100000
* ^Subject:\/.*
| formail -I "Subject: {* -BIG- *} $MATCH"
:0
* ? formail -x"From:" -x"Sender:" \
-x"Reply-To:" -x"Return-Path:" \
| egrep -is -f /home/chris/badips
$JUNKMAIL
I would do the following:

:0 fh w
* > 100000
{
:0fw # Need to wait for filter to complete
* ^Subject:\/.*
| formail -I "Subject: {* -BIG- *} $MATCH"

:0
* ? formail -x"From:" -x"Sender:" \
-x"Reply-To:" -x"Return-Path:" \
| egrep -is -f /home/chris/badips
$JUNKMAIL
}

(This assumes the formail works as you expect)

This way the only messages that are checked for badips are ones that are larger than 100,000 bytes.

Personally, Yahoo is dead to me now. All messages are rejected with a message about pathological lack of security. It forced two of my family members to stop using Yahoo as they could no longer email the rest of the family that is on my mail server. :)

I wouldn’t trust any email from yahoo, but that’s just me.
--
Apple broke AppleScripting signatures in Mail.app, so no random signatures.



____________________________________________________________
procmail mailing list Procmail homepage: http://www.procmail.org/
***@lists.rwth-aachen.de
https://mailman.rwth-
Chris
2017-02-16 19:50:47 UTC
Permalink
Post by Chris
Post by Chris
Anything bigger than 100k has the subject appended as below. Lately
I've been getting messages from yahoo accounts that run about 630k give
or take that I know are spam and I'd like to have them moved with
procmail to my spam folder automatically. I found the 2nd formail
recipe below by doing some googling and put it into my .procmailrc.
Instead of using the sender IP I've been putting the CIDR into the
badips file - 98.136.192.0/18 for example. I don't want to filter out
all of yahoo because I have a few yahoo mailing lists I'm on. Does this
make sense or is there a much easier way to do this?
:0 fh w
* > 100000
* ^Subject:\/.*
Post by Chris
formail -I "Subject: {* -BIG- *} $MATCH"
:0
* ? formail -x"From:" -x"Sender:" \
    -x"Reply-To:" -x"Return-Path:" \
    | egrep -is -f /home/chris/badips
$JUNKMAIL
:0 fh w
* > 100000
{
  :0fw # Need to wait for filter to complete
  * ^Subject:\/.*
  | formail -I "Subject: {* -BIG- *} $MATCH"
  :0
  * ? formail -x"From:" -x"Sender:" \
    -x"Reply-To:" -x"Return-Path:" \
    | egrep -is -f /home/chris/badips
    $JUNKMAIL
}
(This assumes the formail works as you expect)
This way the only messages that are checked for badips are ones that
are larger than 100,000 bytes.
Personally, Yahoo is dead to me now. All messages are rejected with a
message about pathological lack of security. It forced two of my
family members to stop using Yahoo as they could no longer email the
rest of the family that is on my mail server. :)
I wouldn’t trust any email from yahoo, but that’s just me.
Actually I thought of a better way:

:0 fh w
* > 625000
* ^From:.*@yahoo.com
$JUNKMAIL

and as I leave any yahoo lists I'm on I can remove the size modifier
from the recipe and just leave it as from yahoo.
--
Chris
KeyID 0xE372A7DA98E6705C
31.11972; -97.90167 (Elev. 1092 ft)
13:46:09 up 13 days, 5:44, 2 users, load average: 0.88, 1.51, 1.29
Description: Ubuntu 16.04.2 LTS, kernel 4.4.0-62-generic
@lbutlr
2017-02-17 22:02:32 UTC
Permalink
Post by Chris
:0 fh w
* > 625000
$JUNKMAIL
and as I leave any yahoo lists I'm on I can remove the size modifier
from the recipe and just leave it as from yahoo.
Are you honestly getting messages that large from a mailing list? That’s more than 10 times the size of the largest mailing list message I could find on my machine (57K) in a few seconds of searching.
--
Apple broke AppleScripting signatures in Mail.app, so no random signatures.



____________________________________________________________
procmail mailing list Procmail homepage: http://www.procmail.org/
***@lists.rwth-aachen.de
https://mailman.rwth-aachen.de/mailman/lis
Chris
2017-02-17 23:21:25 UTC
Permalink
Post by @lbutlr
Post by Chris
:0 fh w
* > 625000
$JUNKMAIL
and as I leave any yahoo lists I'm on I can remove the size
modifier
from the recipe and just leave it as from yahoo.
Are you honestly getting messages that large from a mailing list?
That’s more than 10 times the size of the largest mailing list
message I could find on my machine (57K) in a few seconds of
searching.
No, these aren't mailing list. Coming in with subjects like

{* -BIG- *}  Discover (munged)  Cell (munged)  Phones & Plans for
(munged) Seniors

With from addresses such as
Cell(munged)Phones(munged)For(munged)SeniorsSite <daviderist-at-yahoo.c
om>

That is 632k which is the norm for these. Hopefully all the (munged)
will let this through. I really don't want to run them through SA
because of the size. I've noticed that I'm not getting anything from
yahoo groups anymore so I can safely just throw everything from yahoo
now into $JUNKMAIL.
--
Chris
KeyID 0xE372A7DA98E6705C
31.11972; -97.90167 (Elev. 1092 ft)
17:11:29 up 14 days, 9:09, 2 users, load average: 0.80, 0.74, 0.69
Description: Ubuntu 16.04.2 LTS, kernel 4.4.0-62-generic
@lbutlr
2017-02-21 03:59:35 UTC
Permalink
Post by Chris
Post by @lbutlr
Post by Chris
:0 fh w
* > 625000
$JUNKMAIL
and as I leave any yahoo lists I'm on I can remove the size
modifier
from the recipe and just leave it as from yahoo.
Are you honestly getting messages that large from a mailing list?
That’s more than 10 times the size of the largest mailing list
message I could find on my machine (57K) in a few seconds of
searching.
No, these aren't mailing list. Coming in with subjects like
{* -BIG- *} Discover (munged) Cell (munged) Phones & Plans for
(munged) Seniors
Then i don't understand why you are setting the threshold so high. I would probably set it at 100K or so if I didn't simply trash all messages from yahoo.com at the mail server.

helo_checks.pcre:
/.*\yahoo\.com/ 550 Yahoo is not allowed here, use gmail or someone who hasn't leaked over a billion passwords

And yes, I know that will trap anything coming from any address with "yahoo.com" in it, anywhere. That is the point.
Post by Chris
That is 632k which is the norm for these. Hopefully all the (munged)
will let this through. I really don't want to run them through SA
because of the size.
SA defaults (or used to) to not processing any message over 256K.
--
Apple broke AppleScripting signatures in Mail.app, so no random signatures.


____________________________________________________________
procmail mailing list Procmail homepage: http://www.procmail.org/
***@lists.rwth-aachen.de
https://mailman.rwth-aachen.de/mailman
Chris
2017-02-22 01:55:04 UTC
Permalink
Post by @lbutlr
 
Then i don't understand why you are setting the threshold so high. I
would probably set it at 100K or so if I didn't simply trash all
messages from yahoo.com at the mail server.
/.*\yahoo\.com/ 550 Yahoo is not allowed here, use gmail or someone
who hasn't leaked over a billion passwords
And yes, I know that will trap anything coming from any address with
"yahoo.com" in it, anywhere. That is the point.
SA defaults (or used to) to not processing any message over 256K.
I've now got all of @yahoo going direct to my spam folder. 
--
Chris
KeyID 0xE372A7DA98E6705C
31.11972; -97.90167 (Elev. 1092 ft)
19:51:50 up 1 day, 11:09, 1 user, load average: 0.08, 0.11, 0.14
Description: Ubuntu 16.04.2 LTS, kernel 4.4.0-63-generic
Loading...