If you want to use procmail (on a Unix system) have a long and deep look at the manpages. It's not to easy to master, but once you get the hang of it, it's very powerfull.
:0 * ^X-Advertisement: spam :0 * ^X-Advertisment: spam :0 * ^Message-ID: <> spam :0 * ^Received: from --- unknown host --- spam :0 * ^X-Mailer: RM-Super * REMOVELIST: spamThe next ones are a bit trickyer. They work by the idea that I don't have an account on sites used in the To: line of a lot of spam. But I did have to revise this as I sometimes recieve mail also aimed at an account there.
:0 * ^To:.*@(mail-response|msn|aol|public|hotmail|webavenues|netcom|ix.netcom)\.com * !^(To|Cc):.*(koos|kh)@ spam :0 * ^To:.*@(mts|usa)\.net * !^(To|Cc):.*(koos|kh)@ spamIncluding ofcourse the by now famous 'firstname.lastname@example.org'. I pity whoever registered public.com. The check for mail not to 'koos@' is to make sure it's not by accident mail for a number of people including an account on one of those sites *and* me. That's valid mail.
The next set is 'famous spam relays'. The choice of addresses is purely from my own experience.
:0 * ^Received: from .*(mail.mymail.net|tsf-industries|spamrelay|flash.net|freemanchester.com|ultramax.net) spamI could filter on keywords in the body, but I chose not to because of performance issues on our mailserver.