Spam admin autoresponder (was Re: mutt question)

To: Debian user mailing list <debian-user@lists.debian.org>
Subject: Spam admin autoresponder (was Re: mutt question)
From: kmself@ix.netcom.com
Date: Wed, 6 Dec 2000 13:59:40 -0800
Message-id: <[🔎] 20001206135940.E30558@ix.netcom.com>
In-reply-to: <[🔎] 20001206092454.B9716@dirac.org>; from p@dirac.org on Wed, Dec 06, 2000 at 09:24:54AM -0800
References: <[🔎] 20001206092454.B9716@dirac.org>

on Wed, Dec 06, 2000 at 09:24:54AM -0800, Peter Jay Salzman (p@dirac.org) wrote:
> dear all,
> 
> this is a pretty complicated question...
> 
> when i get spam, i like to send complaint letters to the people responsible
> for the ip and/or zone that the spam came from.  i also like to use
> traceroute to send a complaint to the system upstream from them, since that
> usually belongs to the same zone anyway.
> 
> i usually send complaints to postmaster and security at each ip address
> listed above.
> 
> is there a way to "drop" an ip address into mutt, and have
> 
> 	postmaster@ipaddress, security@ipaddress
> 
> automagically appear in the To: header?
> 
> i know this is complicated and would prolly require an external
> script, but it would really make my life more convenient.
> 
> of course, i would find the ip addresses in another virtual console;
> all i want is to be able to send mutt these addresses and have mutt
> automatically fill the To: header.

This is an external-script problem.  Best handled by procmail or
something similar.

I'm actively researching this myself.  I've got a good spam filtering
mechanism in place (Lars Wirzenius's 'spamfilter' Debian package), but
I'd like to automate the process of responding to site and ISP
administrators.  I'm assuming you have resolved the issue of detecting
spam, it's the response part that you're interested in.

Rationale:  I can filter spam.  It's going to be far more interested in
doing what I can to help make spammers jobs more difficult by shutting
down accounts and/or blacklisting ISPs which sponsor significant spam
activity.


I've found some useful references, among them:

    Tools and Techniques for Limiting Spam
    http://www.spam.abuse.net/tools/index.html

    For a *very* extensive procmail FAQ (100+ pages, printed 2-up!),
    Jari Alto's Procmail Tips page:
    http://mirror.ncsa.uiuc.edu/procmail/ssjaaa/pm-tips-body.html

    Rahul Dhesi's tips on tracing real accounts:
    http://www.spam.abuse.net/tools/flameblock.txt

    Nancy McGough's Filtering Mail FAQ
    http://www.ii.com/internet/faqs/launchers/mail/filtering-faq/

    Catherine Hampton's Spam Bouncer
    http://www.spambouncer.org/

    Brett Glass, in a rare clear moment, on spam:
    http://www.brettglass.com/spam/paper.html


There are also several resources listed at Freshmeat, in particular:

    parp:  http://freshmeat.net/projects/parp/
    ricochet:  http://freshmeat.net/projects/ricochet/
    spam.pl:  http://freshmeat.net/projects/spam.pl/
    Spamkill:  http://freshmeat.net/projects/spamkill/
    The Veganizer:  http://freshmeat.net/projects/theveganizer/
    Vipul's Razor:  http://freshmeat.net/projects/vipulsrazor/


I haven't tried these tools out, but the above seem from descriptions to
be close to what I'm looking for.  Reviews/reports welcomed.


The solution I'm looking for ultimately will:

  - Automate checking for listing on RBL (MAPS, ORBS) lists (this should
    actually be part of the filtering process), and submitting relay IPs
    to the ORBS list for testing.  I've created a short script for the
    latter.

  - Automate/batch response to abuse@ and postmaster@ addresses of
    spammer's host and upstream provider.  Likewise, automate forwarding
    of spam to spam-collection lists and centers.  E.g.:  my ISP has a
    "spaminator" service which apparently matches spam based on content.
    While I don't use or particularly trust the service, I might be able
    to help others.

  - Archive the abuse letter for processing including...
  
  - Automate/batch processing of responses to abuse letters.  MAPS
    requires measures to contact ISPs associated with spam.  Giving a
    24-48 hour response interval, then forwarding data, might be a way
    to get more spam houses onto the MAPS RBL.  Format data
    appropriately, with activity log, to MAPS.

  - Automate testing for repeat spam from particular ISPs, hosts, or
    nodes, using heuristics to determine whether or not this
    host/network is principally good (much non-spam content, little
    spam), bad (largely/all spam, little non-spam content), or mixed.
    This can be used to adjust mail rules for default allow or default
    deny policies for this particular domain.


'Nother words:  try to get the spammers offline, share the data, and use
patterns of behavior to modify and update my own filters.

-- 
Karsten M. Self <kmself@ix.netcom.com>     http://www.netcom.com/~kmself
 Evangelist, Zelerate, Inc.                      http://www.zelerate.org
  What part of "Gestalt" don't you understand?      There is no K5 cabal
   http://gestalt-system.sourceforge.net/        http://www.kuro5hin.org

Attachment: pgpHsMxTiNIuI.pgp
Description: PGP signature

Reply to:

Follow-Ups:
- Re: Spam admin autoresponder (was Re: mutt question)
  - From: Damon Muller <dm-debian-user@empire.net.au>

References:
- mutt question
  - From: Peter Jay Salzman <p@dirac.org>

Prev by Date: Turtle Beach Santa Cruz sound card
Next by Date: Re: nvidia + GL = X crash
Previous by thread: mutt question
Next by thread: Re: Spam admin autoresponder (was Re: mutt question)
Index(es):
- Date
- Thread