E-mail Blacklists on a User Basis?

spectro asks: "My e-mail address is in some Argentinian spam list and there is no day I receive less than a couple of spams. I've asked my ISP to block any server from the ".ar" domain to send me mail and the response was : "no problem... if you tell me how to do it." So my question for you is, how can I specify anti-spam rules for each user?. I know you can put a rule in /etc/mail/access (they use sendmail) but this will block it for all users. I also know I can use procmail, but I want the server to -refuse- any mail for me if it is on my spam list (/home/user/.spam). The idea is to make spammers think my e-mail account has ben cancelled so they erase me from their database. Can somebody suggest some tweaked implementation of the access_db feature to do such thing?"

Procmail

[Anonymous Coward]

I've never actually tried it, but you should be able to get sendmail to execute procmail (on their server), which should read the .procmailrc from each user's home directory. Have it mail the spam to /dev/null. "man procmail" has some examples.

Procmail should do it.

[jhines]

Procmail is what you need, I will admit I don't know the details, but it is the tool to use.

My ISP supports procmail, and some users were posting their scripts, and you can tell it to return an error code. I don't know about reading from a file, but the rest is there.

I pull all my email down, and use Eudora to filter it out, so I didn't follow the details.

A FAQ, Infinate Ink, & Security through Procmail

[Spoing]

Procmail is definately your friend. So is Email Security through Procmail.

Procmail scripts -- for the novice to the expert -- are in abundance at these sites (listed in order of importance);

http://www.ii.com/internet/robots/procmail

http://www.ling.helsinki.fi/~reriksso/procmail/m ini-faq.html

ftp://ftp.rubyriver.com/pub/jhardin/antispam/pro cmail-security.html

Procmail can be easily adapted to read a user-specific file. The file could be edited using a web page form to keep users from messing up the syntax. Procmail is easy to use, but will fail to process some or all of the script commands if the syntax isn't correct!

It's practical adopt a simple set of rules, easily created with a Procmail script, and use them as a general filter. Using a specific filter is just one form of security-through-obscurity and is easy to thwart.

1. 1. All mail from known addresses is let through.

   2. (optional) Mail from known senders is sent to a specific mail folder for that user (Business, Friends, Family, Natilie_Portman, ...).

   3. All mail addressed to the user directly -- but not as a BCC list -- is sent through to the user's INBOX.

   4. (optional) All remaining mail is sent to either /dev/null or a Probable_Spam mail folder.

I have simillar problems.

[shippo]

My main ISP email address (not the hotmail one quoted here) appeared on a far-eastern mail list when I first signed up with them, 3 years or so ago.

I get around a dozen emails a week, most of which are in Chinese and therefore unreadable.

However I do get some genunine emails from the .tw and .hk domains which I'd like to keep, so a simple filter rule won't work for me. I also have no idea at present if my ISP can implement mail filtering rules.

Simple Procmail script

[Spoing]

# All known email sent to the Good folder
:0
* (^TO one@good.hk)
Good

# This dumps all the rest from *.hk into Spam
:0
* (^TO *.hk)
Spam

Adjust these as necessary. Once you're happy they are working, you can change the "Spam" folder to /dev/null and the mail will be discarded. It's good to log Procmail transactions so that you can catch defects in your scripts more easily.

Use blacklists!

[phayes]

Given the clueless nature of your ISP's response this may be asking for too much but what they should be doing is using a MTA (Mail Transfer Agent) that uses blacklists to refuse Email from known SPAM sites & open relays.

General information on blocking Spam can be found at http://spam.abuse.net/tools/mailblock.html [abuse.net]

If they are using an up to date version of sendmail and wish to use a local blacklist this is trivial and is documented at the following URL: http://www.sendmail.org/antispam.html [sendmail.org]

Look around sendmail.org to find detailed info on using blacklists.

Another good reference is http://www.orbs.net [orbs.net]

Spammers have gotten wise to the fact that using their own sites to send their Spam gets them blacklisted in short order. However there are lots of broken sites that accept anonymous relaying. Orbs keeps a DB of these sites so you can refuse to accept Email from these potential sources of Spam.

Pat

sendmail.cf

[The Madpostal Worker]

Im not a sendmail master, but couldnt you make your own rewrite rule that matches mail from .ar to you and then rewrite it as a bounced mail? not a sermon, just a thought.

/*
*Not a Sermon, Just a Thought
*/

Re:Use blacklists!

[NoKill]

I dont know if this helps but I was doing some work on sendmail config files last night and there is a feature:

FEATURE(`blacklist_recipents')

that is set up for this purpose in the m4 config file. I have not had the need to use it yet, but you can find information on it @ http://www.sendmail.org/m4/features.html. Then click on the Anti-spam configuration control page for info on how to set up the database. I think this will allow your ISP to block the spam at the server.

Hope this helps,

NoKill

Re:sendmail.cf

[spectro]

your own rewrite rule that matches mail from .ar to you and then rewrite it as a bounced mail?

This is what I am looking for!
do you know how to do it?

---

Forging Bounces (the real question)

[RomulusNR]

Hold on people ... you didn't read the whole thing.

The question you ask is a good one -- I've been considering the idea of giving a user some mechanism to create faux bounce messages. This ability would stop all but the most brain-dead of spam lists cold. (Even if they caught on, it would be to their detriment to ignore all bounces.)

The cleanest way would be to write a setuid root or postmaster (etc.) program that a user can run with an argument of a target address. It would then send an email to the target looking identical to a bounce, claiming nondelivery for the address of the real uid. An even better version would accept a whole email as input, grep for the headers, and thereby figure out the sender and intended recipient. This could then easily be called from your .procmailrc.
Of course, this being setuid and all, might not be a good idea and could introduce abuse.

The other way, rather kludgy, and depending on the configyration of your ISP's mail server, would be to write a script that forges the mail itself, by connecting to the local smtp server. Even better would be a smart one that nslookup's the mx record for the source domain and connects directly. This would have to run from a shell host though -- it would be too easy to detect that you weren't really a mail server by checking you against DUN. (Imagine that -- spammers using DUN to thwart antispam!)

Of course, the truly nice solution would be to develop an SMTP server (and/or procmail hook) that spits out 550 No such user depending on sending host or address.

Who knows, though -- maybe the successor to SMTP will solve some of our contemporary email troubles.

MAIL FROM: funmlm@earthlink.com
RCPT TO: romulus@jerky.net

542 Recipient doesn't like you
:)


--

program: Bounce Spam Mail

[jibs]

Bounce Spam Mail lets you send fake bounce messages to spammers to pretend your address is invalid. Unfortunately, it's manual, so get ready to do a lot of copy & pasting! :)

Bounce Spam Mail v.1.8
by Albert Yale ay@aci.qc.ca

http://www.er.uqam.ca/merlin/fg591543/bsm/

Re:Forging Bounces (the real question)

[jelizondo]

Well, not always! Part of my functions is to be postmaster for the company I work for and many spammers fake their return addresses, so if you bounce an email many times it just comes back as undeliverable, creating more work. The trick would be to somehow *beyond me at this point* insure that the return address is good and then return it. Even return it a thousand times for good measure!

Re:Forging Bounces (the real question)

[spectro]

MAIL FROM: funmlm@earthlink.com
RCPT TO: romulus@jerky.net

542 Recipient doesn't like you

This is what I need. I want the server to refuse mail based on user blacklists.

---

Re:Forging Bounces (the real question)

[spectro]

Please correct me if I am wrong but if you are talking with a SMTP server with this kind of blocking:

MAIL FROM: argentinian@spammer.com.ar
RCPT TO: somebody.that@dont.like.spam.com

550 Recipient not found

Your server refuses that mail, so you as the postmaster should never get an error message. The postmaster from the relay or the spammer himself does.

Right now you can do this at server level with sendmail using the access_db feature. I only receive spam from the .ar domain, but there must be other users that don't want that domain blocked. Implementing this feature will be a giant leap for spam-free mankind.

---