### nobody should really set HOME, just rely on the default...
### however in my case, I sometimes have an alternative homedir
### in a local password file, so I need to set it "properly"
HOME=/home/j/johnpc
MAILDIR=$HOME/Mail
LOGFILE=$HOME/procmail.log
LOGABSTRACT=all
COMSAT=no
INCLUDERC=$HOME/.procmailrc.settings
# uncomment VERBOSE=on to know exactly which rule matched what
# VERBOSE=on
# never invoke a shell
SHELLMETAS=

# is it greenlisted by my greenlist? (GREENLIST_REGEX is set in my
# .procmailrc.settings, which you have to duplicate from the XS greenlist)

:0
* ^From:(.*<| *)$GREENLIST_REGEX
{
    INCLUDERC=$HOME/.procmailrc.saverules
}

# I send all my outgoing mail through smtp.xs4all.nl, so every mail with
# ANY_BOUNCE_MESSAGE can be junked, as it is a fake bounce
:0:
* ^X-XS4ALL-Spam-Score:.*[ ,]ANY_BOUNCE_MESSAGE([, ]|$)
vbounce

# is it marked as spam already (eg for some aliases that do not
# redirect, and only tag)

:0 :
* ^X-XS4ALL-Spam: YES
spam2

#############################################################################
#
# Run the custom command line spamassassin. The command line versions
# contains extra rulesets over the standard version that are considered
# experimental, and that may cause additional false positives.
#
# If you read this, and want to copy it, you _MUST_ read the xs4all.general
# newsgroup to keep up-to-date on the development. This experimental
# spamassassin might be removed after June 1, 2008.
#
# Include your own whitelist here, too... (commandline spamassassin doesn't
# know about greenlisting).
:0 fw: spamassassin.lock
* < 204800
| spamassassin.lees.xs4all.general

### put everything this filter detects in a folder
:0 :
* ^X-Spam-Status: YES
spam-assassin-cmdline

###
# detect header-tagged xs4all spamfilters that I want to junk on, and put
# it in another MISSED file
:0
* ^X-XS4ALL-DNSBL-Warning:.*(list\.dsbl\.org\
			    |relays\.visi\.com\
			    |korea\.services\.net\
			    |opm\.blitzed\.org\
			    |[zensxbl-]*\.spamhaus.org\
			    |(socks|misc|smtp|l1\.spews)\
				    \.dnsbl\.sorbs\.net\
			    |(dnsbl|dynablock)\.njabl\.org\
			    |cbl\.abuseat\.org\
			    )
spam-assassin31-MISSED-RBLcheck

################
### spamfilters

### the filters below just "tag" a message using X-XS4ALL-Spamdetect and
### X-JohnPC-Spam headers. The former tags the type of filter matched,
### the second is set for filters that we want to be actively removed from
### our mailbox.
### This isn't exactly optimal performance-wise, but it allows us to 
### compare the performance of all filters.

### character set filters
### high-ascii is always crap
:0 fw
* ^(From|To|Subject):.*[€-ÿ][€-ÿ][€-ÿ]
| formail -A'X-XS4ALL-Spamdetect: LITERAL HIGH ASCII' -I'X-JohnPC-Spam: y'

### mark stuff in character sets I do not understand/wish to understand.
### note: junking this causes false positives. Even if people set their
### mailer to, eg, iso-2022-jp, they can still send english-only (or
### mainly english) emails.
ILLEGALCHARSET='(ks_c_5601-1987|\
                 gb2312|\
                 euc-kr|\
                 iso-2022-jp|\
                 koi8-r|\
                 big5)'

### strange character sets advertised in content-type header
:0 fw
* $^Content-Type:.*charset="?$ILLEGALCHARSET
| formail -A'X-XS4ALL-Spamdetect: CONTENT-TYPE CHARSET'

### strange charset in attachment
:0 fw
* ^Content-Type:[ 	]*multipart/
* B ?? $^Content-Type:.*charset="?$ILLEGALCHARSET
| formail -A'X-XS4ALL-Spamdetect: ATTACHMENT CHARSET'

### strange charset in rfc2047 headers
:0 fw
* $^(From|To|Subject):.*[ 	]=\?$ILLEGALCHARSET\?[bq]\?[^?]*\?=
| formail -A'X-XS4ALL-Spamdetect: RFC2047 CHARSET'

# some rules collected that should not match when I'm explicitly listed
# as the recipient, or one of my aliases is, or it's to a common mailinglist
# I receive
:0
* !^TO_((johnpc(\+[^@]+)?|Jan-Pieter(\.cornet)?|jpcornet|\
	xs-[-a-zA-Z0-9_.]+|\
	(nocol-)?(unix|n(et|sa)|adsl-?)?(beheer|-tech)(-checkins)?|\
	root|usenet|bofh|n(ews|oc)(master)?|majordom(o-owner)?|postmaster|\
	stichting-(xs|internet)4all|(owner-)?nl-pm|as-guardian|netapp-admin)\
    @((news(1|feed)|cash|obelix|smtp[1-9][0-9]?|(www-)?xls[0-9]|bsdi0).)?\
    xs4all\.n(l|et)|\
    irc@([-a-zA-Z0-9.]+\.)?((xs4all|utwente|kun)\.nl|uu\.net)|\
    [-a-zA-Z0-9_.]+-l@ams-ix.net|\
    [-a-zA-Z0-9_.]+@(lists\.)?(((nl|amsterdam)\.pm|perl|nl\.ircnet|cornet|\
	([-a-zA-Z0-9]+\.)?postgresql|cacert|drbob|pm|\
	yapc(europe|\.phenome))\.org|\
	(high5|clamav|sourceforge|ripe|melix\.ams-ix)\.net|\
	(roaringpenguin|birmingham2006|mathworks)\.com|\
	(sppn|perlpromo|wijvertrouwenstemcomputersniet)\.nl)|\
    [0-9]+@reports\.spamcop\.net|\
    ([-a-zA-Z0-9_.]*xs4all.(n(l|et)|be)|spamtools)@(lists\.)?abuse.net|\
    mplayer[^@]*@mplayerhq\.hu|\
    fors-discuss@yahoogroups\.com|\
    cornet@[a-z0-9-]*\.et.tudelft.nl)
* !^Sender: (owner-[-a-zA-Z0-9_.]+(@ripe.net|-pm@nl\.pm\.org)|\
	     (xs-(zandbak|admin)-admin(\+[^@]*)?@xs4all|\
	     euro-incidents-admin@security)\.nl)
* !^Mailing-List: contact [-a-zA-Z0-9_.]+-help@perl\.org
{
    # put in a notice if it wasn't addressed to "me"
    # this is mainly used to make sure I didn't forget any of my quantizillion
    # aliases or mailinglists :/
    :0 fw
    | formail -I'X-To-JohnPC: ### This message was not addressed to "me" ###'

    # spam: To: suspicious domains that i'm not on (thanks to KH)
    # ... or From those suspicious domains: same thing, junk it.
    :0
    * ^(To|From):.*@([a-zA-Z0-9-.]+\.)?(\
	   (mail-response|msn|aol|needinfo|unknown|(all)?public|generalnet|\
	    pobox|webavenues|netcom|romnews|unbounded|alltheplanet|\
	    sina|netease|mailcity|everywhere|ponio|internet|beer|world|\
	    investor|bigfoot|omnispin|china|bolt|myshoppingplace|seventhpower|\
	    freedomisyours|timshometownstories|putpeel|profitbanners|\
	    bigdollarbanner|hongkong|thesubway|multicity|em5000|yahoo|\
	    websidestory|monsterjoke|whatsofunny|vitafactory\
	    (hot|rocket|east|csweb|pars|selectmy)mail\
	   )\.com|\
	   p0pmailer.org|\
	   (mts|usa|xtalwind|bigpond|onehundred|smartworld|flash|webtv|zebra|\
	    hananet\
	   )\.net|\
	   [0-9]+\.[a-z][a-z][a-z]?[a-z]?|\
	   news-master\.de|\
	   to|mk|hk|kr|jp|ar|tw|cc)\
	   ([^-a-zA-Z0-9_.]|$)
    {
	# tag message as spam with type
	:0 fw
	| formail -A'X-XS4ALL-Spamdetect: BADDOM' -I'X-JohnPC-Spam: y'

	# save to spambox
	:0 c:
	spam-baddom
    }

}

# there.com is a members-only "ThereMail" system, that bounces forged
# messages back to the alleged (and forged) sender. The bounce lacks any
# relevant headers. Why are messages bounced and not simply rejected at
# the entry point. And third, they should install a virus scanner and
# junk header faking viruses (ok, so they are, but they are missing some).
# Junk and bounce all email that they send me, I'm not interested.
:0
* ^Received:.*theremail\.prod\.there\.com \[64\.125\.216\.[0-9]*\]
* ^From: postmaster@there.com
{
    EXITCODE=77

    :0
    /dev/null
}

# another there.com bounce signature
:0
* ^Received: from therecorp.there.com
* ^From:.*MAILER-DAEMON@therecorp.there.com
/dev/null

# The fucking idiots at *.kraslan.ru are ruthless spammers, and they
# are now using vserv.cifnet.com, and 198.63.210.177, more nests of
# crooks, to spread their garbage. Bounce their junk.
:0
* ^Received: from.*\((vserv\.cifnet\.com|.*\.kraslan\.ru) \[
{
    EXITCODE=77

    :0
    /dev/null
}

# a Bcc: header definately means it's garbage
:0
* ^Bcc:
{
    :0 fw
    | formail -A'X-XS4ALL-Spamdetect: BCC' -a'X-JohnPC-Spam: maybe'

    # deliver to spam mailbox
    :0 c:
    spam-bcc
}

# spam: invalid Message-Id:s
:0
* !^Message-Id:[ 	]*<[^> 	]+@[^> 	]+>
{
    :0 fw
    | formail -A'X-XS4ALL-Spamdetect: MSGID' -a'X-JohnPC-Spam: maybe'

    # deliver to spam mailbox
    :0 c:
    spam-msgid
}

# save everything tagged with X-JohnPC-Spam in the autospam box,
# and junk it at the same time
:0:
* ^X-JohnPC-Spam: y
autospam

### Silly microsoft mailers fuck up URLs by cutting off at 72 columns.
### note that the stupid procmail regex engine doesn't grok repeats.
### A simple regex would be: ^http://[^ ]{65}$
### fix the URL sillyness with a sed script, that keeps wrapping the
### lines while a non-blank URL can be made.
### actually, this is a bit sloppy because it tries to detect both
### http and https URLs that are wrapped, so it fuzzes a bit on the
### line length. (And allows for a leading < char, even, requiring more
### fuzzing)
:0
* ^X-MimeOLE:.*Microsoft
* B ?? ^<?https?://[^ ][^ ][^ ][^ ][^ ][^ ][^ ][^ ][^ ][^ ][^ ][^ ][^ ][^ ][^ ][^ ][^ ][^ ][^ ][^ ][^ ][^ ][^ ][^ ][^ ][^ ][^ ][^ ][^ ][^ ][^ ][^ ][^ ][^ ][^ ][^ ][^ ][^ ][^ ][^ ][^ ][^ ][^ ][^ ][^ ][^ ][^ ][^ ][^ ][^ ][^ ][^ ][^ ][^ ][^ ][^ ][^ ][^ ][^ ][^ ][^ ][^ ][^ ][^ ]?[^ ]?$
{
    :0 fw
    | sed -f $HOME/urlwrap.sed
}

### Silly mutt doesn't understand RFC3676, so it too can wrap long URLs
### while the sender sends it using "format=flowed; delsp=yes"
:0
* ^Content-Type:.*\<format="?flowed\>
* ^Content-Type:.*\<delsp="?yes\>
{
    :0 fw
    | sed -f $HOME/rfc3676-urlwrap.sed
}

### useless abuse reports sent to the wrong place
:0
* ^To: <netmaster@xs4all.nl>
* B ?? The following individual on your network has sent me a Spam email
* B ?? This email was generated by Visualware Security Suite
visualware-wrong-reporting-address

######
# include auto-save rules
INCLUDERC=/home/j/johnpc/.procmailrc.saverules

# fall off the end to make sure it gets delivered to the regular mailbox