perl script - bogofilter /smtp daemon (Was: dnsbl'S + bogofilter)
Chris Fortune
cfortune at telus.net
Fri Nov 12 23:10:54 CET 2004
> With objective lists, I'm confident enough in the false positive rate.
> Moreover, the bounces are descriptive, they aren't just dropped.
> Therefore, not only is collateral damage virtually nil, but if there is
> any damage, it is a minor inconvenience, not fatal. The expense of an
> overloaded SMTP server on the other hand may be fatal, which is why I
> prefer to bounce at SMTP time those addresses with the absolute highest
> probability of being spam (open relays/proxies, worms, virii, etc).
>
>
A stimulating discussion Tom, but not easily resolved. I think that the topics of user inconvenience and of DNSBL trustworthiness
could go on for some time, so I will leave it for others. But if it means the difference between life and death for your smtp
server, then I'm glad you found a cure. Meanwhile, I find DNSBLs very useful to classify emails that bogofilter is 'unsure' about.
I maintain that it is best to leave bogofilter as the authority for blocking, and modify bogofilter's classification with DNSBL
results.
>> customized ASSP (written in perl) to include bogofilter at SMTP time
>
> Would you mind posting this script?
Yes I mind posting the complete script because there is a lot of sensitive info in it, but its about time I gave something back to
this list after all. How about a cross-platform easy implementation of bogofilter at smtp time? I give you the nugget:
1. Go to http://assp.sourceforge.net/ and download the script (install it on a test server and get it running "as is". configure).
2. Replace their existing home-built Bayesian filter with bogofilter (see below)
3. Debug.
4. Enjoy
#assp.pl
#line 2187
...[snip]...
#####################################################################################
# SPAM Detection
sub isspam {
# check if the message is spam
# spam factors & thresholds are currently hardcoded
# uses local dnsbl, rblcheck, DCC and bogofilter - hey, good enough.
my $msg=$_[0];
return $SpamProb=0 if $whiteRe && $msg=~$whiteReRE;
return $SpamProb=1 if $blackRe && $msg=~$blackReRE;
# create temp file on ram disk
$temp_file = "/home/global_user/mnt/" . rand(100) . "\.tmp";
unless(open TEMP, ">$temp_file"){print DEBUG "couldn't open temp file" if $DEBUG; die;}
print TEMP $msg;
close TEMP;
# Bogofilter
$p1=0.0000;
my $res = `/usr/local/bin/bogofilter -Td/home/global_user/.bogofilter/ < $temp_file 2>&1`;
print DEBUG "Bogofilter: $res" if $DEBUG;
my($spamicity, $p1) = split (/\s/, $res);
# greylisting
if($p1 < 0.95){
if($greylist) {
$v = 0.5;
if ($ispip && $ispip=~$ip3) {
if ($ispgreyvalue) { $v=$ispgreyvalue; }
} else {
$v=$Greylist{$ip3} if $Greylist{$ip3};
}
$v -= 0.5;
$v *= 0.2;
$p1 += $v;
print DEBUG "gl=$v <$Greylist{$ip3}>\n" if $DEBUG;
}
}
# local RBL check
if($p1 < 0.95){
if(defined($Dnsbl{$ip}) || defined($Dnsbl{$ip3})) {
print DEBUG "Local DNSBL hit\n" if $DEBUG;
$p1 += 0.2;
}
}
if($p1 < 0.95){
my $ip=$_[1];
$ret = system("rblcheck -q $ip");
$ret /= 256 if $ret > 0;
print DEBUG "Return value of RBLcheck: $ret\n" if $DEBUG;
$p1 += $ret * 0.2;
}
# DCC
if($p1 < 0.95){
$DCCskore="";
$dcc = `/path/to/dccif-test.pl -I$temp_file 2>&1`;
($blah, $DCCskore) = split(/[=\s]/, $dcc);
$DCCskore =~ s/[\r\n]$//g;
print DEBUG "DCC: $DCCskore\n" if $DEBUG;
if($DCCskore eq "R"){ $p1 += 0.2; }
}
unlink ($temp_file);
$SpamProb=$p1;
if($p1 < 0.95){
if($p1 <= 0.01){
return 0; # not spam, probably
}
else{
# to do - store as unsure
return 0; #for now
}
}
elsif($p1 >= 0.95){
return 1; #it's spam!
}
}
...[snip]...
---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.786 / Virus Database: 532 - Release Date: 10/29/2004
More information about the Bogofilter
mailing list