## Re: FW: Suggestions to block this spam

On Wed, 2008-02-20 at 16:08 +1300, Michael Hutchinson wrote:
> From: Karsten Bräckelmann [mailto:guenther@rudersport.de]
> > On Wed, 2008-02-20 at 14:26 +1300, Michael Hutchinson wrote:
> > > You'll be lucky to catch them on anything other than phrase matching, as
> > > they're very simple in design, those spam messages. Much like the
> > > "downlooadable sooftware" one's we used to get. To a program, there's
> > > not much that looks like Spam about these messages.

> >
> > This is not true. I posted a meta rule that doesn't even look at the
> > body earlier.

[...]
> Ah yes, I saw that one earlier on. I hadn't employed it as my phrases
> are working well, but I do intend to tweak a meta based on the one you
> posted, once I've had time to fully test the CLIENT_TO_MX part

That much should be easy. The internal meta header holds all relays,
in this case the untrusted ones. Each relay's data inside square
brackets. The simple rule just enforces there be exactly one opening
square bracket, and thus exactly one external relay. (Note that you
definitely need to have your trusted network set up correctly.)

And the disclaimer, in the wise words of Donald E. Knuth: Beware of
bugs in the above program. I proved it correct, I did not try it.

guenther

--
char *t="\10pse\0r\0dtu\0.@ghno\x4e\xc8\x79\xf4\xab\x51\x8a \x10\xf4\xf4\xc4";
main(){ char h,m=h=*t++,*x=t+2*h,c,i,l=*x,s=0; for (i=0;i (c=*++x); c&128 && (s+=h); if (!(h>>=1)||!t[s+h]){ putchar(t[s]);h=m;s=0; }}}