These scripts fail the 
One Question Certification Test for E-Mail Filter Authors. Nowadays, most mail is sent with forged From: headers that point to real, but innocent, addresses. This quickly becomes a huge problem because while spam is easy to filter, responses to spam are not.
By employing any kind of software that may respond to messages with a forged From:, YOU ARE PART OF THE PROBLEM.
Do not use the scripts from this page. They are left here for the interest of the curious, but should not be employed.
You may want to read some more interesting discussion about the evils of autoresponders of any kind.
A note from the original author - I've long-since stopped using this script for exactly that reason. Very little spam comes from a valid reply address, the only consistent exception is 419 spammers. I'm also guilty of installin AV software that sends bounces, but I plan to fix that next time I'm working on the servers in question.
Also I'm not sure this script is even 'safe' - it can very probably be exploited by a well-crafted subject line or source email address to run untrusted programs as the user.
This is probably the very worst kind of scripting, but it works. Feel free to suggest improvements (rewriting it in Python might be a good start :)). The original idea is AsSeenOnSlashdot. I should probably add something to .procmail so it doesn't reply to robot mailings. When I unsubbed from the UpYours mailing list (opt-in, but mostly advertising) the acknowledgement message also got tagged as spam.
Haha.. just this morning I got an unsubscribe confirmation from "addmenewsletter" which was triggered by the autoresponse. I have a feeling this is going to land me on a few "live address" lists.. However in general spammers almost invariably use a fake From: address, any that don't will be flooded with complaints, flames and bounce messages. Hardly any spammers will ever see this reply, and a few are already checking their mail against SpamAssassin so it's no big secret.
# Excecutable attachments; Are these -ever- not viruses?
:0
*^Content-type: (multipart/mixed|application/octet-stream)
{
:0 HB
*^Content-Disposition: attachment;
*filename=".*\.(exe|vbs|chm|hlp|shs|wsf|vbe|wsh|hta|pif|scr)"
/dev/null
}
# Bounce messages. When you reply to spammers, 90% of them are
# using an invalid address so you get lots of bounces. I just
# ignore them.
:0
* ^From:.*<MAILER-DAEMON@.*>
/dev/null
# Call spamassassin on messages under 256kb
:0 fw
* < 256000
| spamassassin
# Mails with a score of 12 or higher are almost certainly spam (with 0.05%
# false positives according to rules/STATISTICS.txt).
:0
* ^X-Spam-Level: \*\*\*\*\*\*\*\*\*\*\*\*
/dev/null
:0 c
* ^X-Spam-Status: Yes
| areyouspam >> mail/probably-spam
# Work around procmail bug: any output on stderr will cause the "F" in "From"
# to be dropped. This will re-add it.
:0
* ^rom[ ]
{
LOG="*** Dropped F off From_ header! Fixing up. "
:0 fhw
| sed -e '1s/^/F/'
}
#!/bin/bash
LOGFILE=/var/log/areyouspam.log
MAIL="$( mktemp /tmp/areyouspam.XXXXX )"
if [ -z "$MAIL" ] ; then
echo "Sorry, couldn't create temporary file." >> $LOGFILE
exit 1
fi
trap "rm $TMP" EXIT INT QUIT TERM
cat > $MAIL
SUBJECT="$( formail -c -x Subject: < $MAIL )"
TO="$(
formail -c -x Envelope-To: -x X-Envelope-To: -x To: < $MAIL \
| head -1 \
| tr [:upper:] [:lower:]
)"
REPLYTO="$(
formail -c -x X-List-Unsubscribe: -x From: -x Reply-To: < $MAIL \
| head -1 \
| sed -e 's/.*<//g; s/>.*//g;'
)"
if [ -z "$REPLYTO" ] ; then
echo "Noone to reply to?" >> $LOGFILE
exit 1
fi
/usr/sbin/sendmail -ba $REPLYTO 2>&1 >> $LOGFILE <<END_MAIL
From: AreYouSpam <$TO>
Reply-To: "Don't reply" <$TO>
To: $REPLYTO
Subject: RE: $SUBJECT
Your recent email to me was identified as spam and has been deleted unread.
If your message was important please resend it. You will need to edit it
first so it looks less like spam.
Things you might need to change:
* Avoid html-formatted messages
* Avoid strings of dollar signs or exclamation marks
* Don't use capital letters excessively
* Don't put spaces/dots/dashes between each letter in words.
* Avoid common spam words and phrases.
Thank you.
END_MAIL
echo -e "To: $TO From: $REPLYTO\n Subject: $SUBJECT" >> $LOGFILE
It just does the response within the procmailrc, and checks for a password in subject to bypass the filter:
########################################################################
# <SPAMASSASSIN>
########################################################################
# Variables that must be set above this: FORMAIL, HOME, BYPASSWD - e.g.
# FORMAIL=/usr/bin/formail
# BYPASSWD=CATWALK
# HOME is usually an environment variable that doesn't need setting.
# Also, a file named spamassassinnotify should exist in the home directory.
# Set SABYPASSWD
#
SABYPASSWD=${BYPASSWD}
# Check for SABYPASSWD
#
:0 f
* $ ^Subject:.*${SABYPASSWD}
| ${FORMAIL} -A"X-SpamAssassinPass: SABYPASSWD"
# Start of "else" wrapper so SABYPASSWD matches skip everything else
:0 E
{
# The lock file ensures that only 1 spamassassin invocation happens
# at 1 time, to keep the load down.
#
:0fw: spamassassin.lock
* < 256000
| spamassassin
# Check for mail tagged as spam (i.e. with a score higher than the set threshold)
#
:0:
* ^X-Spam-Status: Yes
{
# Instruct sender on how to get past the filter (on the off-chance the sender exists)
#
:0
{ BLOCKPID=`echo $$` }
:0 c:
blocktemp.${BLOCKPID}
:0 c: blocktemp.${BLOCKPID}.lock
| (${FORMAIL} -rt \
-I"From: ${ALTFROM}" \
-A"X-Loop: ${NOLOOP}";\
echo "Please resend your message with \"${SABYPASSWD}\" somewhere in the subject.";\
echo " ";\
cat ${HOME}/spamassassinnotify;\
echo " ";\
cat blocktemp.${BLOCKPID};\
rm -f blocktemp.${BLOCKPID}) \
| ${SENDMAIL} -oi -t
# Stash the message
# Mails with a score of 15 or higher are almost certainly spam (with 0.05%
# false positives according to rules/STATISTICS.txt).
#
:0:
* ^X-Spam-Level: \*\*\*\*\*\*\*\*\*\*\*\*\*\*\*
aa/aa.sa-almost-certainly-spam
# else...
#
:0 E
aa/aa.sa-probably-spam
}
# Workaround for procmail bug: any output on stderr will cause the "F" in "From"
# to be dropped. This will re-add it.
:0
* ^^rom[ ]
{
LOG="*** Dropped F off From_ header! Fixing up. "
:0 fhw
| sed -e '1s/^/F/'
}
}
# End of :0 E wrapper around SABYPASSWD
########################################################################
# </SPAMASSASSIN>
########################################################################
No other page links to AreYouSpam yet.
