######################################################################## # # Procmail Script for Stochastic UCE Detection # # Before executing the following procmail script fragment, dispose of # all messages that can be definitively handled, such as from mailing # lists, everyone in the user's domain, machine generated messages, # etc., e.g., get everything possible out of the way-using standard # procmail techniques. # ######################################################################## # # Double quote, (to avoid problems caused by how the procmail shell # expands conditions). # dq = '"' # # Handle messages from people the user has corresponded with before. # SPAMSCORE="0" # # Accept messages from expected addresses-those addresses in # ~/.procmail.accept, using both the machine generated and trusted # e-mail address. The ~/.procmail.accept file is a Unix flat file, in # lexical order, (i.e., all lowercase, and made with sort -u; look(1) # may be a suitable alternative to bsearchtext(1).) If the sender or the # sender's trusted address is found, assign a seven sigma probability # that the message is not spam-i.e., a virtual certainty. # :0 whc SENDER=| formail -rzx To: # :0 whc FROM=| formail -rztx To: # :0 whc DOMAIN=| formail -rzx To: | sed 's/^.*@//' # :0 * 1^0 ? bsearchtext -r n -f "${HOME}/.procmail.accept" "${FROM}" "${SENDER}" * 1^0 ? fgrep -i -s -e "${FROM}" "${HOME}/.mailrc" { SPAMSCORE="27384317" } # ######################################################################## # # Evaluation of header construction; if a condition is true, add the # natural logarithm of the probability that the message is spam do to # the conditional to the cumulative spam score. # :0 * $$SPAMSCORE^0 * -3361741^0 !^to: * -6454846^0 ^to:.*[<] *[>] * -6258282^0 ^to:.*undisclosed.*recipient * -4448203^0 ^cc:.*recipient.*list.*not.*shown * -5135798^0 ^received:.*microsoft exchange * -2167692^0 ^received:.*microsoft smtpsvc * -1272966^0 $ !^received:.*"${DOMAIN} * -1257903^0 $ !^message-id:.*"${DOMAIN} * -2217521^0 ^subject:.*! * -10361956^0 ^x-advertisement: * -5855766^0 ^subject:.*adv(ertise(ment)?.*)?([ .:-]|$) * -5750007^0 ? test "${SENDER}" != "${FROM}" * -1989573^0 !? receivedTodb -r m "${HOME}/.procmail.addresses" * -5213281^0 ? receivedIPdb -r n "${HOME}/.procmail.reject" * -2663031^0 ? receivedMSGIDdb -r n -f ${FROM} "${HOME}/.procmail.domains" * -4563378^0 ? receivedUnknowndb -r n "${HOME}/.procmail.domains" { } SPAMSCORE=$= # ######################################################################## # # Evaluation of body construction; if a condition is true, add the # natural logarithm of the probability that the message is spam do to # the conditional to the cumulative spam score. # BODYSCORE="0" # :0 * < 1000000 { :0 B * $$SPAMSCORE^0 * -1409686^0 base64 * -847052^0 delete * -4750287^0 mailing * -2342018^0 $ ${dq}mailto: * -2125098^0 remove * -1468567^0 unsolicited * -8449986^0 unsubscribe { } SPAMSCORE=$= } # ######################################################################## # # Evaluation of spam score; compare the cumulative spam score against a # 6 sigma probability that the message is spam-if equal to, or larger, # file the message in the spam folder; if not, compare the score against # 1 sigma probability, and if equal to, or larger, file the message in # the junk folder; else, it is probably a valid message-file it in the # user's inbox folder. # :0 * 20736769^0 * $$SPAMSCORE^0 { } # :0 E: spam # :0 * 1841022^0 * $$SPAMSCORE^0 { } # :0 E: junk # :0: inbox # ######################################################################## # # A license is hereby granted to reproduce this software for personal, # non-commercial use. # # THIS PROGRAM IS PROVIDED "AS IS". THE AUTHOR PROVIDES NO WARRANTIES # WHATSOEVER, EXPRESSED OR IMPLIED, INCLUDING WARRANTIES OF # MERCHANTABILITY, TITLE, OR FITNESS FOR ANY PARTICULAR PURPOSE. THE # AUTHOR DOES NOT WARRANT THAT USE OF THIS PROGRAM DOES NOT INFRINGE THE # INTELLECTUAL PROPERTY RIGHTS OF ANY THIRD PARTY IN ANY COUNTRY. # # So there. # # Copyright (c) 1992-2005, John Conover, , All Rights # Reserved. # # $Revision: 1.0 $ # $Date: 2005/03/11 22:57:48 $ # $Id: stochastic.UCE.detection.txt,v 1.0 2005/03/11 22:57:48 conover Exp $ # $Log: stochastic.UCE.detection.txt,v $ # Revision 1.0 2005/03/11 22:57:48 conover # Initial revision #