#====== spamassin start ======= DROPPRIVS=yes #Spamassassin start :0 fw * < 256000 | /usr/bin/spamc -u $LOGNAME #Spamassassin end # secuadmin config spam delete :0 * ^X-Spam-Status: Yes #/var/spool/mail/spam #/dev/null #================================== # ============================================================================== # ÀÌ ·¹½ÃÇÇ´Â ¾Æ·¡ ¹®±¸¸¦ »èÁ¦ÇÏÁö ¾Ê´ÂÇÑ °³ÀÎ/ȸ»ç³»ÀÇ ¿ëµµ·Î # ÀÚÀ¯·ÎÀÌ »ç¿ë°¡´ÉÇÕ´Ï´Ù. # Copyright 2004 # edited by skyer9 # procmailrc v3.3.3 # ºí·ÏÄÚµå(ÇÊÅ͸µ»çÀ¯) # 100 Á¤»ó¸ÞÀÏ # 201 ±¤°íÇ¥½Ã¸ÞÀÏ, ¼ºÀθÞÀÏ°ü·Ã¹®±¸ Ç¥½Ã # 202 ±¤°í°ü·Ã´Ü¾î»ç¿ë¸ÞÀÏ(Ä«µå/ÀÚ±Ý/°ø¹«¿ø&Á÷ÀåÀÎ) # 203 Á¦¸ñ³¡ºÎºÐ¿¡ ¹«ÀÛÀ§¿µ¾î »ç¿ë # 204 multipart/alternative ¸¦ Ç¥½ÃÇϸ鼭µµ ³»¿ë¿¡¼­ ¹Ùµð°¡ ÇÑ°³Àΰæ¿ì # 205 º¸³½»ç¶÷ÀÇ À̸ÞÀÏÁÖ¼Ò°¡ ±¤°í»çÀÌÆ®Àΰæ¿ì # 206 ºñ¾Æ±×¶ó °ü·Ã ¹®±¸»ç¿ë # 207 ¾àÇ°°ü·Ã ¹®±¸¸¦ 3ȸÀÌ»ó »ç¿ë # 208 Àǹ̾ø´Â ¸µÅ©»ç¿ë( µî) # 301 ¹ÙÀÌ·¯½ºÀǽɸÞÀÏ(100k ÀÌ»ó) # 302 wav ÷ºÎ·Î Ç¥½ÃµÇ¾úÀ¸¸é¼­µµ ½ÇÇàÈ­ÀÏÀÌ Ã·ºÎµÈ °æ¿ì # 303 ÀϹÝÀûÀ¸·Î »ç¿ëµÇÁö ¾Ê´Â È­ÀÏ(bat,cmd,com,cpl,hta,scr,pif,vbs) ÷ºÎ½Ã # 304 15-65k »çÀÌÀÇ Ã·ºÎÈ­ÀÏ(exe,zip) - ÀϹÝÀûÀ¸·Î ÀÌ·±Å©±âÀÇ È­ÀÏÀº »ç¶÷ÀÌ »ç¿ëÇÏÁö ¾ÊÀ½ # 305 ¹ÙÀÌ·¯½ºÀǽɸÞÀÏ(15k ¹Ì¸¸Áß ¹ÙµðºÎºÐÀÌ ÇÑ°³¹Û¿¡ ¾ø´Â°æ¿ì) FILTERREASON = "100" # ============================================================================== # ȯ°æº¯¼ö¼³Á¤ # NL Àº Áٹٲ޹®ÀÚ¸¦ Ç¥½ÃÇÑ°ÍÀ̸ç, TAB Àº ½ÇÁ¦ ÅÇÀ» ÀÔ·ÂÇØ¾ß ÇÕ´Ï´Ù. # Áï, NL °°Àº°æ¿ì´Â ¿£ÅÍÈÄ¿¡ " ¸¦ Ç¥½ÃÇÏ°í, TAB Àº vi »ó¿¡¼­ # ½ÇÁ¦·Î ÅÇÅ°º¸µå¸¦ ´­·¯ÁÖ¸é µË´Ï´Ù. # ȯ°æº¯¼ö´Â ¸®´ª½º 7.3 À» ±âº»À¸·Î ÇÏ¿´À¸¸ç, °¢ÀÚÀÇ È¯°æ¿¡ µû¶ó º¯°æÇÏ¸é µË´Ï´Ù. # LOGFILE=/dev/null # VERBOSE=on VERBOSE=off # DROPPRIVS=yes PATH=/usr/bin:/usr/local/bin:/bin SHELL=/bin/sh FORMAIL=/usr/bin/formail LOGFILE=/var/log/procmail.log NL = " " TAB = " " NOW = `date +"%Y-%m-%d %H:%M"` # ============================================================================== # ¸ÞÀϼ­¹ö ÇØÅ·¹æÁö (Á¦¸ñÀÌ 1024ÀÚ ÀÌ»óÀÎ°Í »èÁ¦) :0 * -1024^0 * ^Subject:\/.* * 1^1 $MATCH ?? . /dev/null :0 * -19^0 * 1^1 $DEFAULT ?? . { TAB = " " } # ============================================================================== # Çѱ۵ðÄÚµù :0 fhw * ^(Subject|From|Cc|To):.*=\?EUC-KR\?(B|Q)\? | $FORMAIL -c | hcode -dk -m :0 fh w * ^(Subject|From|Cc|To):.*=\?EUC_KR\?(B|Q)\? | $FORMAIL -c | hcode -dk -m :0 fh w * ^(Subject|From|Cc|To):.*=\?ks_c_5601-1987\?(B|Q)\? | $FORMAIL -c | hcode -dk -m # ============================================================================== # Á¦¸ñ ±¸Çϱâ EMAILSUBJECT = "" REPLYSUBJECT = "" :0 * ^Subject:\/.* { ORGSUBJECT = "$MATCH" REPLYSUBJECT = "Re: $MATCH" EMAILSUBJECT = "$NL$MATCH$NL" } # ============================================================================== # ¹Ý¼Û¸ÞÀÏ ÇÊÅ͸µ(»èÁ¦) #:0 #* EMAILSUBJECT ?? Returned mail: see transcript for details #* $ ^To:.*@$HOST #/dev/null # ============================================================================== # ¼­¹ö¿¡¼­ ¹ß¼ÛµÈ ¸ÞÀÏÀº ±×´ë·Î Àü¼Û :0 * ^FROM_DAEMON $DEFAULT # ============================================================================== # ¸Þ½ÃÁö ¾ÆÀ̵ð Á¸Àç¿©ºÎ È®ÀÎ # ÆĶõ¸ÞÀÏ°ú ¸ð³×Ÿµî ¸î¸î »çÀÌÆ®ÀÇ À߸øµÈ °³¹ß·Î Ãß°¡ HASMESSAGEID = "no" :0 * ^Message-ID: * $ ! ^Message-ID:( )*[<][0-9]+[.][0-9a-zA-Z]+@$HOST[>] { HASMESSAGEID = "yes" } :0 * ^X-Mailer: .*(ParanMail Web|Netpion Enterprise|Office Outlook) * { HASMESSAGEID = "yes" } # ============================================================================== # ¼ö½ÅÀÚÀÇ ¼º¸í Á¸Àç¿©ºÎ È®ÀÎ(±¤°í¸ÞÀÏÀº ¼ö½ÅÀÚÀÇ À̸§À» ¸ð¸¥´Ù.) HASRECEIVERNAME = "no" :0 * ^To:.*[<].*[>] * ! ^To:( )*[<].*[>] { HASRECEIVERNAME = "yes" } # ============================================================================== # ¹ß½ÅÀÚÀÇ ¼º¸í Á¸Àç¿©ºÎ È®ÀÎ HASSENDERNAME = "no" :0 * ^From:.*[<].*[>] * ! ^From:( )*[<].*[>] { HASSENDERNAME = "yes" } # ============================================================================== # Á¦¸ñÀÌ Æ¯¼öÇÑ ÇüÅÂÀΰ¡(¿¹¸¦µé¸é "[¿¡ÇǼҵå]..." µîµî) ISFORMATTEDSUBJECT = "no" :0 * EMAILSUBJECT ?? ^( )*[[(<]+.*[])>]+ { ISFORMATTEDSUBJECT = "yes" } :0 * EMAILSUBJECT ?? ^( )*(ÀÐÀ½|Re|Fw): { ISFORMATTEDSUBJECT = "yes" } # ============================================================================== # ¸ÞÀÏÀü¼Û°æ·Î°¡ ¼¼°³ ÀÌ»óÀΰÍ(±¤°í¸ÞÀÏ/¹ÙÀÌ·¯½º¸ÞÀÏÀº ¹Ù·Î Àü¼ÛµÇ¾î °æ·Î°¡ Àû´Ù.) # sendmail Àº ¸ÞÀÏÆ÷¸äÆÃÀ» Çϱ⶧¹®¿¡ ±âº»ÀûÀ¸·Î ÇÑ°³ÀÌ»óÀÌ´Ù. # µû¶ó¼­ qmail ÀÏ °æ¿ì "* -2^0" ¸¦ "* -1^0" ·Î º¯°æÇϴ°ÍÀÌ ÁÁ´Ù. HASMULTIPATH = "no" :0 * -2^0 * 1^1 ^Received:.*$ { HASMULTIPATH = "yes" } # ============================================================================== # ·Î±×È­ÀÏ º¯°æ #LOGFILE=/var/log/procmail.log # ============================================================================== # ±¤°íÇ¥½Ã¸ÞÀÏ ¼ºÀΰü·Ã¸ÞÀÏ ÇÊÅ͸µ ISSPAM = "no" :0 * ! ISSPAM ?? yes * ! EMAILSUBJECT ?? [[(<£¨]+(±¤.*°í|ÎÆ.*ͱ|È«.*º¸|µ¿.*ÀÇ|±Ý.*À¶)[])>]+ * ! EMAILSUBJECT ?? @( )*$ * ! EMAILSUBJECT ?? (¼ºÀα¤°í|¼ºÀÎÁ¤º¸|¸ôÄ«|Æ÷¸£³ë|½º¿ÍÇÎ|ºü±¸¸®|¹«»èÁ¦|³ë¸ðÀÚÀÌÅ©|ÀÚÀ§ÇÑ´Ù|ÀÚÀ§ÇÏ´Â|»Ç¸£³ë|Æä´Ï½º|½ß¼î|¼½½º) * ! EMAILSUBJECT ?? (Ä«[.-]+µå|½Å[.-]+¿ë|´ë[.-]+Ãâ|ÃÖ[.-]+Àú[.-]+±Ý[.-]+¸®) * ! EMAILSUBJECT ?? ((광°í) { } :0 E { ISSPAM = "yes" FILTERREASON = "201" } :0 * ISSPAM ?? yes { LOG = "[$NOW] [Del$FILTERREASON] $DEFAULT$TAB$ORGSUBJECT$NL" LOGFILE :0 /dev/null } # ============================================================================== # 100k ÀÌ»óÀÇ ¸ÞÀÏ # ÷ºÎÈ­ÀÏÀÌ ÀÖÀ¸¸ç, Á¤»óÀû À̸ÞÀÏÇüÅ°¡ ¾Æ´Ñ°Í ÇÊÅ͸µ # ±âŸ¸ÞÀÏ Åë°ú ISVIRUS = "no" :0 * ISVIRUS ?? no * > 100000 * HASMESSAGEID ?? no * HASRECEIVERNAME ?? no * HASSENDERNAME ?? no * HASMULTIPATH ?? no * ^Content-Type: multipart[/]mixed { ISVIRUS = "yes" FILTERREASON = "301" } :0 * ISVIRUS ?? yes { LOG = "[$NOW] [Blk$FILTERREASON] $DEFAULT$TAB$ORGSUBJECT$NL" LOGFILE :0 * ! ^Precedence:.*junk * ! ^X-Loop:.* /var/spool/mail/spam :0 /dev/null } :0 * > 100000 { LOG = "[$NOW] [Pas$FILTERREASON] $DEFAULT$TAB$ORGSUBJECT$NL" LOGFILE :0 $DEFAULT } # ============================================================================== # 15k - 100k »çÀÌÀÇ ¸ÞÀÏ # ÷ºÎÈ­ÀÏÀÌ ÀÖÀ¸¸ç, Á¤»óÀû À̸ÞÀÏÇüÅ°¡ ¾Æ´Ï¸ç, ÷ºÎÈ­ÀϸíÀÌ ÇѱÛÀÌ ¾Æ´Ñ°Í ÇÊÅ͸µ # ±âŸ¸ÞÀÏ Åë°ú ISVIRUS = "no" :0 B * ISVIRUS ?? no * > 15000 * ^Content-Type: audio[/]x-wav; * ^.*(file)?name="?[a-z0-9 ._-]+\.(bat|cmd|com|cpl|exe|hta|scr|pif|vbs|zip)"?$ { ISVIRUS = "yes" FILTERREASON = "302" } :0 B * ISVIRUS ?? no * > 15000 * ^Content-Disposition: (attachment|inline); * ^.*(file)?name="?[a-z0-9 ._-]+\.(bat|cmd|com|cpl|hta|scr|pif|vbs)"?$ { ISVIRUS = "yes" FILTERREASON = "303" } :0 B * ISVIRUS ?? no * > 15000 * < 65000 * ^Content-Disposition: (attachment|inline); * ^.*(file)?name="?[a-z0-9 ._-]+\.(exe|zip)"?$ { ISVIRUS = "yes" FILTERREASON = "304" } :0 * ISVIRUS ?? yes * > 15000 * < 65000 * ^Content-Disposition: (attachment|inline); * ^.*(file)?name="?[a-z0-9 ._-]+\.(exe|vbs|zip)"?$ { :0 * ! HASMULTIPATH ?? no { } :0 E { ISVIRUS = "no" FILTERREASON = "100" } } :0 * ISVIRUS ?? yes { LOG = "[$NOW] [Vir$FILTERREASON] $DEFAULT$TAB$ORGSUBJECT$NL" LOGFILE :0 * ! * ! ^Precedence:.*junk * ! ^X-Loop:.* /var/spool/mail/spam :0 /dev/null } :0 * > 15000 { LOG = "[$NOW] [Pas$FILTERREASON] $DEFAULT$TAB$ORGSUBJECT$NL" LOGFILE :0 $DEFAULT } # ============================================================================== # 0k - 15k »çÀÌÀÇ ¸ÞÀÏ # ÷ºÎÈ­ÀÏÀÌ ¾ø´Â ¹ÙÀÌ·¯½º¸ÞÀÏ ÇÊÅ͸µ ISVIRUS = "no" :0 * ISVIRUS ?? no * < 5000 * HASMESSAGEID ?? no * HASMULTIPATH ?? no * H ?? ^Content-Type:( )*multipart/mixed * 2^0 * -1^1 B ?? ^Content-Type: { ISVIRUS = "yes" FILTERREASON = "305" } :0 * ISVIRUS ?? yes { LOG = "[$NOW] [Vir$FILTERREASON] $DEFAULT$TAB$ORGSUBJECT$NL" LOGFILE :0 * ! * ! ^Precedence:.*junk * ! ^X-Loop:.* /var/spool/mail/spam :0 /dev/null } # ============================================================================== # 0-15k »çÀÌÀÇ ¸ÞÀÏ ÇÊÅ͸µ ISSPAM = "no" :0 * ! * ISSPAM ?? no * HASMESSAGEID ?? no * HASRECEIVERNAME ?? no * ISFORMATTEDSUBJECT ?? no * HASMULTIPATH ?? no { ISSPAM = "yes" } :0 * ! * ISSPAM ?? no * ^Received: from [0-9]+\.[0-9]+\.[0-9]+\.[0-9]+ [(][[][0-9]+\.[0-9]+\.[0-9]+\.[0-9]+[]][)] { ISSPAM = "yes" } :0 * ! * ISSPAM ?? no * < 8000 * ^Received: from .*[0-9]+-[0-9]+-[0-9] { ISSPAM = "yes" } :0 * ISSPAM ?? no * EMAILSUBJECT ?? (Ä«µå( )*(´ë³³|°í¹Î|ºú|¿¬Ã¼|´ëÃâ|¼ÒÀ¯ÀÚ|¼ÒÁöÀÚ)|(±ä±Þ|±ÞÇÑ)( )*ÀÚ±Ý|Á÷ÀåÀÎ.*°ø¹«¿ø|°ø¹«¿ø.*Á÷ÀåÀÎ) { ISSPAM = "yes" FILTERREASON = "202" } :0 * ISSPAM ?? no * EMAILSUBJECT ?? (µ¹·Á¸·|¿¬Ã¼.*±Ý¸®|±Ý¸®.*¿¬Ã¼|¸¸¿ø.*ÀºÇà|ÀºÇà.*¸¸¿ø|1[%]´ë±Ý¸®|Á÷ÀåÀÎ.*¿©¼º¿ì´ë|[(][0-9]*¸¸¿ø[)]) { ISSPAM = "yes" FILTERREASON = "202" } :0 * ISSPAM ?? no * EMAILSUBJECT ?? [a-z ][a-z ][a-z ][a-z ][a-z ]$ * ISFORMATTEDSUBJECT ?? no * ! EMAILSUBJECT ?? ^( )*(Re|Fw): * ! EMAILSUBJECT ?? ^( )*[a-z0-9*?+[($^-]+ { ISSPAM = "yes" FILTERREASON = "203" } :0 * ISSPAM ?? no * < 10000 * H ?? ^Content-Type:( )*multipart/alternative * 2^0 * -1^1 B ?? ^Content-Type: { ISSPAM = "yes" FILTERREASON = "204" } :0 * ISSPAM ?? no * < 8000 { :0 * ! ^From: .*@(paypal.com|mortghelper.com|blocjunk.com|mail2Maggie.com|blocspam.com|worldbusinesslink.org) * ! ^From: .*@(bisops.com|teadrive.com|superpowerball.com|proxad.net|jsivey.com|dbz.com|alapaz.com) { } :0 E { ISSPAM = "yes" FILTERREASON = "205" } } :0 * ISSPAM ?? no * < 8000 { :0 * ! HB ?? (Pain Relief|rx refill|rx meds|obesity|Viagra|Cialis|Xanax|Valium|Amvien|schlong|Prozac|V-I-A-G-R-A) * ! HB ?? (sexual health|porn|orgasm) * ! HB ?? (mor( )?t( )?g( )?a( )?g( )?e) { } :0 E { ISSPAM = "yes" FILTERREASON = "206" } } :0 * ISSPAM ?? no * < 8000 * -2^0 * 1^1 HB ?? (meds|Medication|drug) { ISSPAM = "yes" FILTERREASON = "207" } :0 * ISSPAM ?? no * < 8000 * -5^0 * 1^1 HB ?? [.](com|net|org)"[>][<][/]a[>] { ISSPAM = "yes" FILTERREASON = "208" } :0 * ISSPAM ?? yes { LOG = "[$NOW] [Blk$FILTERREASON] $DEFAULT$TAB$ORGSUBJECT$NL" LOGFILE :0 * ! ^Precedence:.*junk * ! ^X-Loop:.* /var/spool/mail/spam :0 /dev/null } :0 { LOG = "[$NOW] [Pas$FILTERREASON] $DEFAULT$TAB$ORGSUBJECT$NL" LOGFILE :0 $DEFAULT }