We have two new scripts, rc.example and rc.headers. The addition of these two scripts to the other SPAM kill scripts (rc.common, rc.cyberpromo and rc.bogusips) will stop almost all email SPAM you receive. They do this by looking for 1) known SPAM addresses, 2) known SPAM message formats (contained in rc.common and rc.cyberpromo), 3) known patterns of malformed messages (rc.lite2) and 4) only allowing mail actually addressed to you in.

The new script rc.headers (An example is here) will kill email messages that have certain patterns of malformed headers (that part of the email that controls delivery). Because it it possible that people you want to hear from maybe using mis-configured mail programs that are generating messages in the same way, using rc.headers must be treated with more caution then the older scripts. In my testing I log all messages that fail the SPAM test, in two weeks totaling about 3000 email messages (yes I get almost 300 a day) I only had two real messages that failed rc.headers. But if that ratio is unacceptable to you, do not use rc.headers. As with the others (rc.common, rc.cyberpromo, etc), you link to this file (please see the instructions for setting up these).

The file rc.example is a little different, in this case there is no existing code for you to use. There are examples, that are commented out, but you must copy rc.example into your account directory on Kendaco or Pacific. Then edit this file to sort your mail.

What this file does, is save any mail addressed to you in the To or CC lines, save any mail addressed to lists you subscribe to and trash everything else. I should point out that it will also trash any message you get that someone has sent you via the BCC line. This is because many SPAMers use that line to SPAM you. Sometime legitiment people also use that line, so it's possible (AGAIN) that this will trash mail you want to get.

This script requires you to do some work, but it alone will stop 99% of all SPAM mailed to you. This is because only about 1% of the SPAM you receieve actually has your address in the TO or CC lines. If you use this script, along with rc.common, rc.cyberpromo and rc.bogusips you will stop all but very, very few of SPAMs that you would have received.

This is because very little SPAM is, addressed to you (in the To or CC lines), correctly formated, and not coming from a known SPAM site. But it should be noted that it will allow SPAM coming from an unknown SPAM site, or a known good site, that is correctly formated and addressed to you in either the To or CC lines, as long as there is less then 45 people listed in these lines. So it is possible that you could -still- receive SPAM email. As I have said before, these scum are nothing if not inventive. In the two weeks I tested this I only actually received on piece of SPAM, and they promptly got added to the known SPAM addresses.

I must again note that this script (rc.example) will prevent you from receiving email addressed to you using the BCC header. You will sometimes receive email this way if the sender doesn't want everyone to know who is getting copies of this message, so there -is- a down side. Another reason -not- to trash the mail that fails this script

Lets go through a little example of how to use rc.example. First you need to sort out and save the list email you receive, which will look something like this:

:0:
* ^(To|CC):.*listname@server-name\.domain-name\.domain-type(\>|$)
/var/spool/mail/(yourlogin name)

Now for some examples of what this should look like:

:0:
* ^(To|CC):.*rv-talk@rvclub\.com(\>|$)
/var/spool/mail/username

:0:
* ^(To|CC):.*B5jms@cs\.columbia\.edu(\>|$)
/var/spool/mail/username

:0:
* ^(To|CC):.*procmail@Informatik\.RWTH-Aachen\.DE(\>|$)
/var/spool/mail/username

Now this is an actual exampe. You would need replace 'username' with your email name (ie. username@kendaco.telebyte.com)

If you get no email from lists, you only need the follow. Please note -some- subscribers on the Kendaco server will need to substitute home1 for home. To learn if you do you need to do the following:

Telnet into Kendaco and at the prompt type "cd .." (without the quotes) The computer (kendaco) will respond with a new prompt, which will either be:

[username@kendaco /home]
OR
[username@kendaco /home1]

If it says home1, use home1 in place of home in the last line of the following script

:0:
* !^(To|CC):.*telebyte\.(com|net)(\>|$)
/home/username/mail/mail.log

If you decide to delete all mail that fails this test, replace the last line with the following: So it would read

:0
* !^(To|CC):.*telebyte\.(com|net)(\>|$)
dev/null

If you are having trouble with this script (or any other script) contact me at stopspam@telebyte.com