From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on gnuweeb.org X-Spam-Level: X-Spam-Status: No, score=-2.2 required=5.0 tests=ALL_TRUSTED,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,NICE_REPLY_A,URIBL_BLOCKED autolearn=ham autolearn_force=no version=3.4.6 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=gnuweeb.org; s=default; t=1688630723; bh=UzpG8hPW0jHoWqoj4UDdyuDraolQz5LutWPGj2UtPYo=; h=Date:Subject:To:References:From:In-Reply-To; b=Tixgh+PupvlwMdTKOUXhfjVk9lxdIr4GpYsp0YzrPiFQaY+OWIAZr49z7d83mzrA6 nVXRuRa0aVSuiFpq5GKFcosnMsJzN1v9gWJgvDDFjVssFj3wRZnOQ0gi3KxlC11mvW /azw7RL1+UJqKlJqIogFd/yb9/vkmcq4Y7qlC6HIut9+COEEqCzCzd6TIqENonks6/ DwQkRKufOJBMfcILuBTCFnLepoLQX20FmtBeYXtAmXwdVSLmMsEzc8C84BGs9eBL5l aRWpsbXg2WJzNLKbTLSjGA5HZAyfMGasxmsxjSQtc9j/8+Kgpa58QIkVHoSWPxLHau u5ZgZ2xD/nOug== Received: from [10.20.0.2] (unknown [182.253.126.105]) by gnuweeb.org (Postfix) with ESMTPSA id C401323FD9D; Thu, 6 Jul 2023 15:05:21 +0700 (WIB) Message-ID: <9a7d7ec3-4885-5d3e-70c7-78a1ea4e6b26@gnuweeb.org> Date: Thu, 6 Jul 2023 15:05:18 +0700 MIME-Version: 1.0 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101 Thunderbird/102.11.0 Subject: Re: Ammar, we have awesome remote U.S. software engineering job opportunities waiting for engineers like you! Content-Language: en-US To: "Turing - U.S. Software Jobs" , gwml@gnuweeb.org References: From: Ammar Faizi In-Reply-To: Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit List-Id: It's like 7th times I've asked Turing to stop sending spam to our mailing list. I've even blocked the turing.com domain, but now it comes with a new domain to bypass my blocking. Let's see if the following patch is capable of blocking all their spam robots. diff --git a/bin/public-inbox-tg.php b/bin/public-inbox-tg.php index 2e611ec..08753cb 100644 --- a/bin/public-inbox-tg.php +++ b/bin/public-inbox-tg.php @@ -133,6 +133,29 @@ function clean_header_val(string $str): string function fx(string $input): int { + $hdr = explode("\n\n", $input, 2); + $hdr = trim($hdr[0]); + if (!preg_match("/(?:^|\\n)from:\s+?(.+?)(?:\\n\S+\:|$)/si", $hdr, $m)) { + $err = "Cannot get the \"from\" line"; + goto out; + } + $from = clean_header_val($m[1]); + + if (preg_match("/\\@turing\\.[\\w\\d\\.]+$/", $from)) { + /** + * Drop any email from turing.bla domain + * where 'bla' can be anything. Note that + * it was not enough to block turing.com + * because their spam system has started + * expanding to other TLDs (not only .com). + */ + + // Bounce the email. + printf("x: The MDA detected /\\@turing\\.[\\w\\d\\.]+$/ pattern and it's globally recognized as spam. The email cannot be delivered. Thank you!\n"); + + exit(1); + } + $tmpName = "/tmp/".date("Y_m_d_H_i_s_").rand().microtime(true).".txt"; file_put_contents($tmpName, $input); shell_exec("/usr/local/bin/public-inbox-mda < {$tmpName}"); -- Ammar Faizi