E-mail Blacklists on a User Basis? 14
spectro asks: "My e-mail address is in some Argentinian spam list and there is no day I receive less than a couple of spams. I've asked my ISP to block any server from the ".ar" domain to send me mail and the response was : "no problem... if you tell me how to do it." So my question for you is, how can I specify anti-spam rules for each user?. I know you can put a rule in /etc/mail/access (they use sendmail) but this will block it for all users. I also know I can use procmail, but I want the server to -refuse- any mail for me if it is on my spam list (/home/user/.spam). The idea is to make spammers think my e-mail account has ben cancelled so they erase me from their database. Can somebody suggest some tweaked implementation of the access_db feature to do such thing?"
Procmail (Score:1)
Procmail should do it. (Score:1)
My ISP supports procmail, and some users were posting their scripts, and you can tell it to return an error code. I don't know about reading from a file, but the rest is there.
I pull all my email down, and use Eudora to filter it out, so I didn't follow the details.
A FAQ, Infinate Ink, & Security through Procmail (Score:5)
Procmail scripts -- for the novice to the expert -- are in abundance at these sites (listed in order of importance);
http://www.ii.com/internet/robots/procmail
http://www.ling.helsinki.fi/~reriksso/procmail/m ini-faq.html
ftp://ftp.rubyriver.com/pub/jhardin/antispam/pro cmail-security.html
Procmail can be easily adapted to read a user-specific file. The file could be edited using a web page form to keep users from messing up the syntax. Procmail is easy to use, but will fail to process some or all of the script commands if the syntax isn't correct!
It's practical adopt a simple set of rules, easily created with a Procmail script, and use them as a general filter. Using a specific filter is just one form of security-through-obscurity and is easy to thwart.
1. All mail from known addresses is let through.
2. (optional) Mail from known senders is sent to a specific mail folder for that user (Business, Friends, Family, Natilie_Portman, ...).
3. All mail addressed to the user directly -- but not as a BCC list -- is sent through to the user's INBOX.
4. (optional) All remaining mail is sent to either /dev/null or a Probable_Spam mail folder.
I have simillar problems. (Score:1)
I get around a dozen emails a week, most of which are in Chinese and therefore unreadable.
However I do get some genunine emails from the .tw and .hk domains which I'd like to keep, so a simple filter rule won't work for me. I also have no idea at present if my ISP can implement mail filtering rules.
Simple Procmail script (Score:1)
:0
* (^TO one@good.hk)
Good
# This dumps all the rest from *.hk into Spam
:0
* (^TO *.hk)
Spam
Adjust these as necessary. Once you're happy they are working, you can change the "Spam" folder to
Use blacklists! (Score:1)
General information on blocking Spam can be found at http://spam.abuse.net/tools/mailblock.html [abuse.net]
If they are using an up to date version of sendmail and wish to use a local blacklist this is trivial and is documented at the following URL: http://www.sendmail.org/antispam.html [sendmail.org]
Look around sendmail.org to find detailed info on using blacklists.
Another good reference is http://www.orbs.net [orbs.net]
Spammers have gotten wise to the fact that using their own sites to send their Spam gets them blacklisted in short order. However there are lots of broken sites that accept anonymous relaying. Orbs keeps a DB of these sites so you can refuse to accept Email from these potential sources of Spam.
Pat
sendmail.cf (Score:1)
*Not a Sermon, Just a Thought
*/
Re:Use blacklists! (Score:1)
FEATURE(`blacklist_recipents')
that is set up for this purpose in the m4 config file. I have not had the need to use it yet, but you can find information on it @ http://www.sendmail.org/m4/features.html. Then click on the Anti-spam configuration control page for info on how to set up the database. I think this will allow your ISP to block the spam at the server.
Hope this helps,
NoKill
Re:sendmail.cf (Score:1)
This is what I am looking for!
do you know how to do it?
---
Forging Bounces (the real question) (Score:1)
The question you ask is a good one -- I've been considering the idea of giving a user some mechanism to create faux bounce messages. This ability would stop all but the most brain-dead of spam lists cold. (Even if they caught on, it would be to their detriment to ignore all bounces.)
The cleanest way would be to write a setuid root or postmaster (etc.) program that a user can run with an argument of a target address. It would then send an email to the target looking identical to a bounce, claiming nondelivery for the address of the real uid. An even better version would accept a whole email as input, grep for the headers, and thereby figure out the sender and intended recipient. This could then easily be called from your
Of course, this being setuid and all, might not be a good idea and could introduce abuse.
The other way, rather kludgy, and depending on the configyration of your ISP's mail server, would be to write a script that forges the mail itself, by connecting to the local smtp server. Even better would be a smart one that nslookup's the mx record for the source domain and connects directly. This would have to run from a shell host though -- it would be too easy to detect that you weren't really a mail server by checking you against DUN. (Imagine that -- spammers using DUN to thwart antispam!)
Of course, the truly nice solution would be to develop an SMTP server (and/or procmail hook) that spits out 550 No such user depending on sending host or address.
Who knows, though -- maybe the successor to SMTP will solve some of our contemporary email troubles.
MAIL FROM: funmlm@earthlink.com
RCPT TO: romulus@jerky.net
542 Recipient doesn't like you
:)
--
program: Bounce Spam Mail (Score:1)
Bounce Spam Mail v.1.8
by Albert Yale ay@aci.qc.ca
http://www.er.uqam.ca/merlin/fg591543/bsm/
Re:Forging Bounces (the real question) (Score:1)
Re:Forging Bounces (the real question) (Score:1)
RCPT TO: romulus@jerky.net
542 Recipient doesn't like you
This is what I need. I want the server to refuse mail based on user blacklists.
---
Re:Forging Bounces (the real question) (Score:1)
MAIL FROM: argentinian@spammer.com.ar
RCPT TO: somebody.that@dont.like.spam.com
550 Recipient not found
Your server refuses that mail, so you as the postmaster should never get an error message. The postmaster from the relay or the spammer himself does.
Right now you can do this at server level with sendmail using the access_db feature. I only receive spam from the .ar domain, but there must be other users that don't want that domain blocked. Implementing this feature will be a giant leap for spam-free mankind.
---