info about spam messages
Tom Anderson
tanderso at oac-design.com
Mon Jun 14 16:58:40 CEST 2004
From: "David Relson" <relson at osagesoftware.com>
> 1) runs bogofilter and remembers the bogofilter classification. This
> can be done several ways, for example by saving "bogofilter -v" output
> in an environment variable.
>
> 2) runs spamitarium to get the determine the IP address.
>
> 3) puts results (1) and (2) together and logs the info.
I would alternatively do this -- let's say this is the spammer's SMTP
conversation:
SPM> HELO mail.angel.com
MTA> 250 server.com Hello [6.6.6.6]
SPM> MAIL FROM: your_friend at aol.com
MTA> your_friend at aol.com... Sender ok
SPM> RCPT TO: blah at server.com
At this point, you know who the intended recipient is, and you have some
basic information to go on regarding who is requesting to send it, so I
would do the following:
cat "Received: from mail.angel.com [6.6.6.6] by server.com for
blah at server.com\nFrom: your_friend at aol.com\n\n" | spamitarium -sreadfw |
bogofilter -TT -d ~blah/.bogofilter
Spamitarium will perform the rDNS and ASN lookup. Bogofilter will then
output a spamicity, and if it is higher than some given cutoff, let's call
it the certainty_cutoff, then return "550 5.7.1 Delivery not authorized".
Leave the logs out of it, just use the recipient's bogofilter wordlist
instead. If the spamicity is below the certainty_cutoff, then deliver as
usual.
How to actually do the above procedure with any given MTA, I don't know.
Tom
More information about the Bogofilter
mailing list