[lug] Filtering by User-Agent with procmail
Michael Belanger
mrb at ciclops.org
Tue Jul 5 13:30:32 MDT 2005
Hey there.
I am trying to come up with a little procmail rule to move all email sent from
Outlook Express to $SUSPECT_MAIL mbox.
:0B
* ^User-Agent:.*Outlook Express
$SUSPECT_MAIL
Is this correct or will I need more wildcards?
It appears that someone on my network has a zombie windows machine sending out
spam to our mail lists and individuals. The messages are getting right through
spamassassin even though they are obviously spam.
I am hoping to narrow the list of suspects by examining email sent by Outlook
Express since most, if not all, of my people should be using Mozilla or
Thunderbird for email.
-M
--
Michael Belanger
CICLOPS, Space Science Institute
More information about the LUG
mailing list