# REPORT-SC.RC # # Author: Garen Erdoisa # # Updated 3/24/2005 Modified ${DD} -bs parameter from 1K to 1k # per Sam Napolitano's comment about Sun # compatibility. # Updated 3/17/2005 Adjusted the SBLOG entries based on # conversation with Cahterine Hampton. # Updated the comments to reflect the # current state of the code. # Updated 3/12/2005 Modified based on Feedback from Julian Haight # Updated 9/29/2004 Incorporated SBLOGLEVEL rules. # Updated 8/25/2004 with changes recommended by Catherine Hampton # # Author's Notes: The following user settable variables need to be set as # follows in the user's .procmailrc before this recipe will be called. # # SPAMCOPREPORT=NORMAL|QUICK|MIXED|NONE|no # SPAMCOPEMAIL=YourReportingEmail@spam.spamcop.net # # Where: # # QUICK * quick report spams that are already blacklisted by spamcop. # * quick report spams with dangerous content. # (Viruses, Executable Attachments, Embedded Scripts) # * quick report spams that have the spamscore at or above the spamcop # handshake score to spambouncer@spam.spamcop.net even if not blacklisted # # NORMAL * quick report spams with dangerous content. # * report spams above the users BLOCKLEVEL to their spamcop reporting address only. # Requires User interaction to confirm or cancel each spam reports. # # MIXED * quick report spams with dangerous content. # * quick report spams already on bl.spamcop.net to spambouncer@spam.spamcop.net # * quick report spams with a score that is at or higher than the spamcop.net # handshake score to spambouncer@spam.spamcop.net # * Normal report spams with a score between the users BLOCKLEVEL and the # spamcop.net handshake score to the users spamcop reporting address. # Requires user interaction to confirm the report. # # NONE * Do not report the spam to spamcop.net # # For QUICK reporting SPAMCOPEMAIL defaults to spambouncer@spam.spamcop.net. # If you turn on spamcop reporting in QUICK or MIXED modes, then qualifying emails # will be forwarded to this address. Spamcop uses the information sent to this # address in aggragate form. If you want to notify abuse desks via spamcop, then # you will need to signup with spamcop.net, obtain your own reporting address, # and use NORMAL reporting. # # For NORMAL reporting SPAMCOPEMAIL defaults to noemail@example.com unless explicitly set by the user. # # See http://spamcop.net to obtain a reporting account for NORMAL or MIXED (quick/normal) reporting modes. # No spamcop.net account is necessary for QUICK mode reporting. # Check to see if this message ID has already been seen. # This avoids re-reporting the same spam. # Note: sometimes spams can arrive via multiple routes # with the same message id's. # These duplicate spams are somewhat rare and can be # reported manually if needed :0 Whc: ${HOME}/.report.lock | ${FORMAIL} -D 8192 ${HOME}/.report.cache :0 a { SBLOG="C4N-Spamcop Report: Duplicate message ID -- report not sent" INCLUDERC=${SBDIR}/functions/loglevel.rc } # start of spamcop.net else wrapper # :0 E * ! FIRSTEXDOMAIN ?? spamcop\.net * SPAMCOPEMAIL ?? .*@spam\.spamcop\.net$ { LOCALPID="$$" LOCALMIMEBDRY=` ${DATE} +%N%s ` # Test for empty message bodies. :0 * B ?? [a-zA-Z0-9] { LOCALNOBODY=no } :0 E { SBLOG="C4N-Spamcop Report: message body contains no alphanumeric characters" INCLUDERC=${SBDIR}/functions/loglevel.rc :0 hc: spamcop.header.${LOCALPID} LOCALNOBODY=yes } # Truncate messages greater than 47k to comply with spamcop.net's reporting policies. :0 Wc: * < 47000 spamcoptemp.${LOCALPID} :0 WE { :0 Wc: spamcoptemp.large.${LOCALPID} :0 Wa { LOG=`${DD} if=${MAILDIR}/spamcoptemp.large.${LOCALPID} of=${MAILDIR}/spamcoptemp.${LOCALPID} bs=1k count=47 ;\ ${ECHO} -e "\n\n-=-=-=-=-=Message Truncated by the Spambouncer=-=-=-=-=-=-\n" >>${MAILDIR}/spamcoptemp.${LOCALPID} ;\ ${RM} -f ${MAILDIR}/spamcoptemp.large.${LOCALPID} ` } :0 a { SBLOG="C4N-Spamcop Report: message size greater than 47k. Report truncated" INCLUDERC=${SBDIR}/functions/loglevel.rc } } LOCALERROR=no :0 { :0 Wic: spamcoptemp.${LOCALPID}.lock * LOCALNOBODY ?? no | ( ${FORMAIL} -rt\ -I"From: ${LOGNAME}@${HOST}"\ -I"To: ${SPAMCOPEMAIL}"\ -I"Subject: report spam"\ -I"MIME-Version: 1.0"\ -I"Content-Type: multipart/mixed; boundary=\"ReportSpam${LOCALMIMEBDRY}ReportSpam\""\ -I"X-Mailer: SpamBouncer ${SBVERSION}" ;\ ${ECHO} "This is a multi-part message in MIME format." ;\ ${ECHO} "" ;\ ${ECHO} "--ReportSpam${LOCALMIMEBDRY}ReportSpam" ;\ ${ECHO} "Content-Type: text/plain; charset=us-ascii" ;\ ${ECHO} "Content-Transfer-Encoding: 7bit" ;\ ${ECHO} "" ;\ ${ECHO} "" ;\ ${ECHO} "--ReportSpam${LOCALMIMEBDRY}ReportSpam" ;\ ${ECHO} "Content-Type: message/rfc822" ;\ ${ECHO} "Content-Disposition: attachment" ;\ ${ECHO} "" ;\ ${CAT} spamcoptemp.${LOCALPID} ;\ ${ECHO} "" ;\ ${ECHO} "--ReportSpam${LOCALMIMEBDRY}ReportSpam--" ;\ ${ECHO} "" ) |${SENDMAIL} -oi -t :0 Wic: spamcoptemp.${LOCALPID}.lock * LOCALNOBODY ?? yes | ( ${FORMAIL} -rt\ -I"From: ${LOGNAME}@${HOST}"\ -I"To: ${SPAMCOPEMAIL}"\ -I"Subject: report spam"\ -I"MIME-Version: 1.0"\ -I"Content-Type: multipart/mixed; boundary=\"ReportSpam${LOCALMIMEBDRY}ReportSpam\""\ -I"X-Mailer: SpamBouncer ${SBVERSION}" ;\ ${ECHO} "This is a multi-part message in MIME format." ;\ ${ECHO} "--ReportSpam${LOCALMIMEBDRY}ReportSpam" ;\ ${ECHO} "Content-Type: text/plain; charset=us-ascii" ;\ ${ECHO} "Content-Transfer-Encoding: 7bit" ;\ ${ECHO} "" ;\ ${ECHO} "" ;\ ${ECHO} "--ReportSpam${LOCALMIMEBDRY}ReportSpam" ;\ ${ECHO} "Content-Type: message/rfc822" ;\ ${ECHO} "Content-Disposition: attachment" ;\ ${ECHO} "" ;\ ${CAT} spamcop.header.${LOCALPID} ;\ ${ECHO} "Spam email had no message body" ;\ ${ECHO} "" ;\ ${ECHO} "--ReportSpam${LOCALMIMEBDRY}ReportSpam--" ;\ ${ECHO} "" ) |${SENDMAIL} -oi -t } # cleanup # note: if sendmail generated an error or there was a procmail broken pipe error # in the above recipe add a header indicating that event. :0 Wiac | ${RM} -f spamcoptemp.${LOCALPID} :0 E { :0 Wic | ${RM} -f spamcoptemp.${LOCALPID} SBLOG="L4-Spamcop Report: sendmail error. Report not sent." INCLUDERC=${SBDIR}/functions/loglevel.rc :0 { LOCALERROR=yes } } :0 Wic * ? ${TEST} -f ${MAILDIR}/spamcop.header.${LOCALPID} | ${RM} -f ${MAILDIR}/spamcop.header.${LOCALPID} :0 * ! LOCALERROR ?? yes { :0 * SPAMCOPEMAIL ?? spambouncer@spam.spamcop.net { SBLOG="A1N-Spamcop Quick Report submitted." INCLUDERC=${SBDIR}/functions/loglevel.rc } :0 E { SBLOG="A1N-Spamcop Standard Report submitted." INCLUDERC=${SBDIR}/functions/loglevel.rc } } #end of spamcop.net else wrapper }