Mail redirect hacks

From test.coolscript.org
Jump to navigation Jump to search

Samples for redirecting twitter mails:

SA Rule!

header TWI Subject =~ /twitter/i
score TWI 9
describe TWI  TWI


Mimedefang (sub filter_end):

my($entity) = @_;
my $recip;
if (($Subject =~ /\*\*\*\*\*SPAM\*\*\*\*\*/) and ($Subject =~ /twitter/i)) {
 # Delete original recipients
 foreach $recip (@Recipients) {
  delete_recipient($recip);
 }
 ## Add spam-trap recipient
 add_recipient('<mk@hitchhiker.com');
 # Add a header with list of original recipients
 $recip = join(", ", @Recipients);
 action_change_header("X-Orig-Recipients", $recip);
}



Sep  8 13:02:32 mail spamd[63893]: spamd: processing message <6E.7B.26424.5CC8D045@twitter.com> for mk:1001
Sep  8 13:02:33 mail milter-sender[3192]: 57794 NOQUEUE: host [10.0.1.26] [10.0.1.26] OK
Sep  8 13:02:33 mail spamd[63893]: spamd: identified spam (6.5/3.0) for mk:1001 in 1.2 seconds, 17381 bytes.
Sep  8 13:02:33 mail spamd[63893]: spamd: result: Y 6 - BAYES_00,GEO_MAIL_SEARCH,HTML_MESSAGE,RCVD_IN_DNSWL_LOW,RP_MATCHES_RCVD,SPF_PASS,TWI,T_DKIM_INVALID,T_REMOTE_ IMAGE scantime=1.2,size=17381,user=mk,uid=1001,required_score=3.0,rhost=localhost,raddr=127.0.0.1,rport=54997,mid=<6E.7B.26424.5CC8D045@twitter.com>,bayes=0.000000,a
utolearn=no
Sep  8 13:02:33 mail sm-mta[64336]: s88B2U6q064336: Milter add: header: X-Spam-Flag: YES
Sep  8 13:02:33 mail sm-mta[64336]: s88B2U6q064336: Milter add: header: X-Spam-Status: Yes, score=6.5 required=3.0 tests=BAYES_00,GEO_MAIL_SEARCH,\n\tHTML_MESSAGE,RC
VD_IN_DNSWL_LOW,RP_MATCHES_RCVD,SPF_PASS,TWI,T_DKIM_INVALID,\n\tT_REMOTE_IMAGE autolearn=no version=3.3.2
Sep  8 13:02:33 mail sm-mta[64336]: s88B2U6q064336: Milter add: header: X-Spam-Level: ******
Sep  8 13:02:33 mail sm-mta[64336]: s88B2U6q064336: Milter add: header: X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on mail.hitchhiker.com
Sep  8 13:02:33 mail sm-mta[64336]: s88B2U6q064336: Milter change: header Subject: from  =?UTF-8?Q?Dein_Twitter_Passwort_zur=C3=BCcksetzen?= to *****SPAM***** =?UTF-
8?Q?Dein_Twitter_Passwort_zur=C3=BCcksetzen?=
Sep  8 13:02:33 mail sm-mta[64336]: s88B2U6q064336: Milter change: header Content-Type: from  multipart/alternative; \n\tboundary="----=_Part_43377723_1113119865.141
0174149915" to multipart/mixed; boundary="----------=_540D8CC9.2A25FD70"
Sep  8 13:02:33 mail sm-mta[64336]: s88B2U6q064336: Milter message: body replaced
Sep  8 13:02:33 mail sm-mta[64336]: s88B2U6q064336: Milter add: header: X-Virus-Scanned: clamav-milter 0.98.4 at mail
Sep  8 13:02:33 mail sm-mta[64336]: s88B2U6q064336: Milter add: header: X-Virus-Status: Clean
Sep  8 13:02:33 mail sm-mta[64336]: s88B2U6q064336: Milter add: header: X-Scanned-By: milter-sender/1.16.916  (mail.hitchhiker.de [10.0.3.30]); Mon, 08 Sep 2014 13:0
2:33 +0200
Sep  8 13:02:33 mail mimedefang.pl[63679]: MDLOG,s88B2U6q064336,mail_in,,,<t03216c4d04-eae490d6b-f1dd5d1db0dd499db5b2038671b8edd6@bounce.twitter.com>,<mk@hitchhiker.
com>,*****SPAM***** =?UTF-8?Q?Dein_Twitter_Passwort_zur=C3=BCcksetzen?=
Sep  8 13:02:33 mail sm-mta[64336]: s88B2U6q064336: Milter delete: rcpt <mk@hitchhiker.com>
Sep  8 13:02:33 mail sm-mta[64336]: s88B2U6q064336: Milter add: rcpt: <mk@hitchhiker.com
Sep  8 13:02:33 mail sm-mta[64336]: s88B2U6q064336: Milter change (add): header: X-Orig-Recipients: <mk@hitchhiker.com>
Sep  8 13:02:33 mail sm-mta[64336]: s88B2U6q064336: Milter add: header: X-Scanned-By: MIMEDefang 2.71 on 10.0.3.30
Sep  8 13:02:34 mail spamd[63851]: prefork: child states: II
Sep  8 13:02:34 mail sm-mta[64435]: s88B2U6q064336: to=matthias, delay=00:00:02, xdelay=00:00:00, mailer=local, pri=81721, dsn=2.0.0, stat=Sent
Sep  8 13:02:34 mail sm-mta[64435]: STARTTLS=client, relay=utopia.hitchhiker.de., version=TLSv1/SSLv3, verify=OK, cipher=AES128-SHA, bits=128/128
Sep  8 13:02:34 mail sm-mta[64435]: s88B2U6q064336: to=mkrauss@utopia.hitchhiker.de, delay=00:00:02, xdelay=00:00:00, mailer=esmtp, pri=81721, relay=utopia.hitchhiker.de. [10.0.1.11], dsn=2.0.0, stat=Sent (<6E.7B.26424.5CC8D045@twitter.com> [InternalId=1197735] Queued mail for delivery)