Re: Debian Lists, USENET & Spam
On Sun, Jan 06, 2002 at 09:20:12AM -0500, Jens Gecius wrote:
| dman <dsh8290@rit.edu> writes:
|
| > On Fri, Jan 04, 2002 at 08:27:13PM -0800, Paul E Condon wrote:
| > | Where is there a HOWTO or tutorial on using available tools (e.g.
| > | procmail) to filter spam? Is it something that the "unwashed masses"
| > | like myself can learn to do?
| >
| > If you would like, I can send you what I have.
| >
| > I made a script I that given a message on stdin will append the
| > address in the From: header to a file. I also have a mutt macro that
| > invokes this script (and flags the message for deletion) with a single
| > key press. This part is just to reduce the effort required to
| > blacklist someone. I have exim setup to check that file against
| > sender addresses and return a failure notice (instead of delivering)
| > any address that is blacklisted. It is really a simple setup (just
| > several components).
| >
| > When I see some spam that hits my inbox, I press F12 and it goes away
| > forever :-).
|
| OK, so, could you post your scripts? That might be very helpful for
| others.
The script is
------ ~/bin/spammer_log.py ------
#!/usr/bin/python2.2
"""
This script takes an RFC2822 message on stdin, extracts the From: address and
records it in a blacklist of spammers.
"""
BLACKLIST = "/home/dman/.exim/bouncelist"
import email
import sys
try :
message = email.message_from_file( sys.stdin )
from_ = message[ "From" ]
_ , addr = email.Utils.parseaddr( from_ )
if not addr :
raise Exception( "Couldn't find address in header 'From: %s'" % from_ )
print "Blacklisting address '%s' ('From: %s')" % (addr , from_)
blacklist_file = file( BLACKLIST , "a" )
blacklist_file.write( addr + "\n" )
blacklist_file.close()
except Exception , err :
sys.stderr.write( str(err) )
sys.exit( 127 )
import time
time.sleep( 2 )
sys.exit( 0 )
-------------
This does require python 2.2. Adjust the path near the beginning of
the script to reference your home directory. (obviously this script
can't be shared by multiple users as it is now, perhaps I could just
grab the value of $HOME instead?)
The mutt macro is
-------------
macro index <f12> "<pipe-message>spammer_log.py\r<delete-message>"
-------------
The relevant portion of my exim.conf is
-----------------
#
# Check the user's bouncelist
#
user_bouncelist:
driver = smartuser
require_files = /home/${local_part}/.exim/bouncelist
senders = /home/${local_part}/.exim/bouncelist
new_address = :fail: \"${local_part}@${domain}\" thinks you are a spammer
user = ${local_part}
-----------------
This belongs in the top of the DIRECTORS CONFIGURATION section.
| Another question: you check in exim if that sender is a spam-address.
| How exactly does that work? Do you just check the headers and then
| deny transport for that mail (not receiving the body at all) or do you
| receive the whole mail and send another one as failure notice to the
| sender of the spam?
This particular config checks the sender against the list of
perl5-compatible regular expressions. If it finds a match it sends a
failure message to the sender. I don't exactly when exim looks for a
director, but I think it is after receiving the message. This setup
may not be correct -- I just realized that I'm not sure if a 'sender'
is the envelope-sender (given by the 'MAIL FROM:' SMTP command) or the
address listed in the From: header of the message (the message is
given in the DATA part of the SMTP transfer).
-D
--
The heart is deceitful above all things
and beyond cure.
Who can understand it?
I the Lord search the heart
and examine the mind,
to reward a man according to his conduct,
according to what his deeds deserve.
Jeremiah 17:9-10
Reply to: