J 
		
								
				
				
			
		Jim Gillogly
Does anyone have a good procmail recipe for this new worm?
I'm using the following:
:0 B
* ^This message contains Unicode characters and has been sent
$PMDIR/mydoom-spam
:0 B
* ^The message contains Unicode characters and has been sent
$PMDIR/mydoom-spam
:0 B
* ^The message cannot be represented in 7-bit ASCII encoding and
$PMDIR/mydoom-spam
:0 B
* ^Mail transaction failed. Partial message is available.
$PMDIR/mydoom-spam
After testing this I symlinked "mydoom-spam" to /dev/null.
It gets most of them, but not the few that don't have these strings
in them. Someone suggested filtering by size, which I guess would
be messages between about 31K and 36K, but that seems a bit
draconian. It's still pretty awful, since the 10% or so getting
through this filter still run a dozen every five minutes or so.
It also doesn't catch all the bounces from the damned spammers
having used my email address as the forged sender!
Is anyone using a more specific procmail recipe?
Thanks -
__
Jim Gillogly
				
			I'm using the following:
:0 B
* ^This message contains Unicode characters and has been sent
$PMDIR/mydoom-spam
:0 B
* ^The message contains Unicode characters and has been sent
$PMDIR/mydoom-spam
:0 B
* ^The message cannot be represented in 7-bit ASCII encoding and
$PMDIR/mydoom-spam
:0 B
* ^Mail transaction failed. Partial message is available.
$PMDIR/mydoom-spam
After testing this I symlinked "mydoom-spam" to /dev/null.
It gets most of them, but not the few that don't have these strings
in them. Someone suggested filtering by size, which I guess would
be messages between about 31K and 36K, but that seems a bit
draconian. It's still pretty awful, since the 10% or so getting
through this filter still run a dozen every five minutes or so.
It also doesn't catch all the bounces from the damned spammers
having used my email address as the forged sender!
Is anyone using a more specific procmail recipe?
Thanks -
__
Jim Gillogly
