headers
Bert Hiddink | 6 Mar 2000 03:41
Picon

Re: Chinese Spam Filter

Hello, Walter,

El 5 Mar 00, a las 19:59, Walter Dnes escribó: 

>> On Thu, 2 Mar 2000 07:54:45 -0800 (PST), Eric Hilding
>> <eric <at> hilding.com> wrote:
>> 
>> > 
>> > Sorry...my inbox with over 17,000 e-mails bit the dust before I
>> > could download and implement that last version of an anti-Chinese
>> > Spam Filter someone had posted.  I am DELUGED with this junk, and
>> > would sure appreciate it if whoever made that post could send it
>> > along again.  I believe it "addressed" pulling the ".cn" from the
>> > "Received:" lines?????  Most regular "From:" lines in these junk
>> > mailings are bogus.
>>   I have a filter recipe on my site that checks for characters
>> with the high-bit set (CHR(128)..CHR(255)).  If an email is
>> more than 5% high-bit characters, it's trapped.  The filter will
>> count actual high-bit characters and "quoted-printable" versions
>> thereof.  The filter is on my website (see sig).  Click on
>> the item about filtering Chinese spam.
>> 
>>   Booby-trap warning... In order to trap high-bit characters,
>> the filter must list them.  Be careful that the editor you use
>> can handle high-bit characters.  vim in strict vi-compatable mode is
>> OK, but native vim mode has problems.  If you see the characters as
>> "\0xC0", etc, you're OK.
>> 
>> -- 
>> Walter Dnes <waltdnes <at> waltdnes.org> http://www.waltdnes.org
>> SpamDunk Project procmail spamfilters.
>> A picture is worth a thousand words; unfortunately,
>> it consumes the bandwidth of ten thousand words.

Thanks a lot for your script! I would like to implement it, however, 
it checks for "chinese" characters in the body of the message. Since 
all the spam I receive, do have the high-bit characters in the 
subject-line and not all of them do have in the body (sometimes it is 
just an URL), my question is: how to proceed if I want to apply your 
filter just on subject-lines? IOW: How to change the line: 
 :0BD
...so that it only does egrep for the subject line?

Many thanks in advance for your help!

-brt 

   Bert Hiddink, FUNDACION GALILEO
   Correo electronico: hiddink <at> galileo.or.cr
   Sitio: http://www.galileo.or.cr
   Tel. (506) 280 8683, telefax. (506) 280 8847
Permalink | Reply |

Gmane