[Mimedefang] Detecting bogus AOL addresses
Kevin A. McGrail
kmcgrail at pccc.com
Sat May 8 02:30:27 EDT 2004
Kelson,
Your idea to check for valid AOL sender addresses is really simply yet
amazingly elegant. I took the liberty of porting it into a spamassassin
rule rather than using MIMEDefang. I'm always worried about false
positives.
See http://www.peregrinehw.com/downloads/SpamAssassin/contrib/KAM.cf and
I've posted below though word wrapping will probably mess things up:
# Rule based on Kelson Vibber's MD code for bogus AOL Addresses
# Check for bogus AOL addresses as described at
# http://postmaster.aol.com/faq/mailerfaq.html#syntax
# - all alphanumeric, starting with a letter, from 3 to 16 characters long.
header __KAM_AOL From =~ /\@aol.com$/i
describe __KAM_AOL Partial Rule: Marks AOL Addresses
header __KAM_GOODAOL From =~
/^[a-z][a-z0-9]{2,15}\@aol.com$/i
describe __KAM_GOODAOL Partial Rule: Marks Bad AOL
Addresses
meta KAM_COMBO_BADAOL __KAM_AOL && !(__KAM_GOODAOL)
describe KAM_COMBO_BADAOL From: Invalid AOL Email Address.
High probability of spam.
score KAM_COMBO_BADAOL 0.1
Feedback appreciated.
Regards,
KAM
----- Original Message -----
From: "Kelson Vibber" <kelson at speed.net>
> I recently came across the specification for valid AOL addresses. It's
> simple, and easy to put into a regexp. It's only blocked 8 messages in
the
> last few hours since I went from logging to rejecting, but that's 8
messages
> that didn't need to be scanned for viruses or spam.
> # Check for bogus AOL addresses as described at
> # http://postmaster.aol.com/faq/mailerfaq.html#syntax
> # - all alphanumeric, starting with a letter, from 3 to 16 characters
long.
> if ($sender =~ /\@aol.com$/i && $sender ne 'mailer-daemon at aol.com'
> && $sender !~ /^[a-z][a-z0-9]{2,15}\@aol.com$/i) {
> return ('REJECT', 'Forged AOL address detected.');
> #md_syslog 'info', "$QueueID: Forged AOL address detected.";
More information about the MIMEDefang
mailing list