Automated mail message regexes
Gerald Combs
gerald at ethereal.com
Sat Jan 31 20:59:23 CST 2004
Postings to the Ethereal mailing lists have to make it through our virus
scanner, followed by SpamAssassin, then a Procmail recipe, and finally
Mailman's moderation system.
This normally works well. However, the viral orgy of the past week
resulted in about 3500 messages that made it past the first three
obstacles, and left the moderator (me) with a pile of messages to deal
with by hand. The vast majority of messages have been automated
responses of one form or another triggered by the viruses. (MyDoom and
its variants forge the "From:" line using addresses it finds in the
victim's address book. Apparently "ethereal-users at ethereal.com" is in a
bunch of address books.)
My question for the list is: Is there a comprehensive list somewhere of
regular expressions that can be used to match against automated bounce
messages? For instance, TrendMicro's virus scanner messages have a
"Subject:" line of "InterScan NT Alert". Qmail bounces begin with "Hi.
This is the qmail-send program at". Majordomo sends the subject
"Majordomo results:". Then there's the ever-popular "Returned mail:
User unknown". I have a good-sized collection now, but it's far from
complete.
Is anyone maintaining a list of these somewhere?
Rant-for-another-day: SpamAssassin is great, but if you think it's
"perfect" then you simply don't get enough spam.
More information about the Kclug
mailing list