info about spam messages

[Tom Anderson]

From: "David Relson" <relson at osagesoftware.com>
> 1) runs bogofilter and remembers the bogofilter classification.  This
> can be done several ways, for example by saving "bogofilter -v" output
> in an environment variable.
>
> 2) runs spamitarium to get the determine the IP address.
>
> 3) puts results (1) and (2) together and logs the info.

I would alternatively do this -- let's say this is the spammer's SMTP
conversation:

SPM> HELO mail.angel.com
MTA> 250 server.com Hello [6.6.6.6]
SPM> MAIL FROM: your_friend at aol.com
MTA> your_friend at aol.com... Sender ok
SPM> RCPT TO: blah at server.com

At this point, you know who the intended recipient is, and you have some
basic information to go on regarding who is requesting to send it, so I
would do the following:

cat "Received: from mail.angel.com [6.6.6.6] by server.com for
blah at server.com\nFrom: your_friend at aol.com\n\n" | spamitarium -sreadfw |
bogofilter -TT -d ~blah/.bogofilter

Spamitarium will perform the rDNS and ASN lookup.  Bogofilter will then
output a spamicity, and if it is higher than some given cutoff, let's call
it the certainty_cutoff, then return "550 5.7.1  Delivery not authorized".
Leave the logs out of it, just use the recipient's bogofilter wordlist
instead.  If the spamicity is below the certainty_cutoff, then deliver as
usual.

How to actually do the above procedure with any given MTA, I don't know.

Tom