From: ag221 (Howard Eisenberger) Newsgroups: ncf.admin.net-abuse.discussion Subject: Re: Spam holiday Date: 13 Mar 2001 01:11:08 GMT Message-ID: Alfred K.Neilson wrote: > > OK Howard, about the only thing I want to do is delete junk spam entirely > and NOT save it to a file. Lets start with the Snow White worm. What is > the command (rule) that I need to put together to keep this out of my mailbox? > > Is it specific words in the email message or is it addresses that ELM > looks for in order to complete its command? The filter program cannot filter on the body of the message. It can only filter on: subject sender (rare) from to (includes cc) lines It can perform the following actions: leave (in your FreePort mailbox) save (to a folder in your work directory) delete forward bounce (not recommended!!) Each rule takes the form: if (CONDITION) then ACTION The Snow White e-mail that Richard Webb posted in the sightings group (ncf.admin.net-abuse) had a blank Subject: , no To: (or Cc:) line at all, and was From: hahaha@sexyfun.net. I'm not sure how big it was. So, in this case, you would need something like: if (from = "sexyfun.net") then delete However, as I explained elsewhere, I use a different strategy. Instead of filtering OUT the junk and keeping the rest, I filter IN what I want to keep and then dump the rest. If you look at my filter-rules file you should be able to see the pattern. What I want to keep is e-mail with my address in the To: (or Cc: line) or else e-mail of known origin (mailing lists, etc.). This particular Snow White e-mail would not have passed this test. > Once I initiate the ELM program, do I just go to the normal mail pickup > area, or do I have to read my mail with ELM? I get the impression that ELM > works in the background--is that true? The filter program is a separate program that works through the .forward mechanism. That part is taken care of when you activatee the filter from the menu. You don't have to read your mail with elm. You can read it on FreePort with 'mail', if you prefer. > > I'll try and "dumb down" the rules section in the "Elm Filter > > Guide" and some of the rules in my sample filter-rules file. > > Its a start Howard. A simpler understanding of the rules formatting would > help tremendously. Perhaps an example of a rule command to get rid of > unwanted junk by specific sender might be a good beginning. I started working on the documentation yesterday, so it should be ready "soon". I think I have already answered your question, but here's another simple example: if (from = "pest@yahoo.com") then delete > > In the meantime, people can post specific questions and ideas > > about different rules here. > > A good move--As each virus or worm or continuous annoying sender is known, > perhaps a rule could be formatted for general pasting to eliminte each one. Right, if someone spots a persistent spammer (or mailbomber) or possible virus, they can post a warning here. Howard E. -- DOS TCP/IP * Elm filter *