You can subscribe to this list here.
2000 |
Jan
|
Feb
|
Mar
|
Apr
(25) |
May
(32) |
Jun
(3) |
Jul
|
Aug
(1) |
Sep
|
Oct
(7) |
Nov
|
Dec
(5) |
---|---|---|---|---|---|---|---|---|---|---|---|---|
2001 |
Jan
(16) |
Feb
|
Mar
(2) |
Apr
(1) |
May
(3) |
Jun
|
Jul
(1) |
Aug
|
Sep
|
Oct
|
Nov
(1) |
Dec
|
2002 |
Jan
(1) |
Feb
(3) |
Mar
|
Apr
(1) |
May
|
Jun
|
Jul
|
Aug
|
Sep
|
Oct
|
Nov
|
Dec
(1) |
2003 |
Jan
(1) |
Feb
|
Mar
|
Apr
|
May
|
Jun
|
Jul
|
Aug
|
Sep
|
Oct
|
Nov
|
Dec
|
2004 |
Jan
(4) |
Feb
(4) |
Mar
|
Apr
|
May
|
Jun
|
Jul
|
Aug
|
Sep
|
Oct
|
Nov
|
Dec
|
2005 |
Jan
|
Feb
|
Mar
|
Apr
|
May
|
Jun
|
Jul
|
Aug
|
Sep
|
Oct
|
Nov
|
Dec
(2) |
2006 |
Jan
(3) |
Feb
|
Mar
(2) |
Apr
|
May
|
Jun
|
Jul
|
Aug
|
Sep
|
Oct
|
Nov
|
Dec
|
2007 |
Jan
(3) |
Feb
(8) |
Mar
|
Apr
|
May
|
Jun
|
Jul
|
Aug
|
Sep
|
Oct
|
Nov
|
Dec
|
2008 |
Jan
|
Feb
|
Mar
|
Apr
|
May
(2) |
Jun
|
Jul
|
Aug
|
Sep
|
Oct
|
Nov
|
Dec
|
2012 |
Jan
|
Feb
|
Mar
|
Apr
|
May
|
Jun
|
Jul
|
Aug
|
Sep
|
Oct
(1) |
Nov
|
Dec
|
From: Holly S. <gop...@ao...> - 2012-10-20 21:05:11
|
please post me : gop...@ao... martin badger gop...@ao... |
From: Ask B. H. <as...@de...> - 2008-05-01 05:14:05
|
On Apr 30, 2008, at 20:14, Michael Mansour wrote: > Is this project still alive? Only for a very "stable" version of "alive". I think we'd be happy to set you up as an admin... - ask -- http://www.askbjoernhansen.com/ |
From: Michael M. <mi...@np...> - 2008-05-01 02:16:38
|
Hi, Is this project still alive? Last night I downloaded spam.pl and tested it. First thing I had to do was bugfix the script (as it would bomb out on the ParseConfig). I changed this: my $spamdir="$home/.spam"; mkdir("$spamdir", 0755) unless -d $spamdir; die "No $spamdir directory." unless -d $spamdir; my $spamconfig = "$spamdir/config"; my %config; unless (-e $spamconfig and %config = ParseConfig($spamconfig) ) { to this: my $spamdir="$home/.spam"; mkdir("$spamdir", 0755) unless -d $spamdir; die "No $spamdir directory." unless -d $spamdir; my $spamconfig = "$spamdir/config"; my $configfile = new Config::General($spamconfig); my %config; unless (-e $spamconfig and %config = $configfile->getall ) { so that it would work (the Config::General perl module doesn't work with the ParseConfig). After that, I tested spam.pl on some spam messages and liked the way it worked. I'm now looking for a way to implement it automatically for high scoring spam I receive. The other thing I can suggest is that the "bad" file be defined, as I get that "bad" file doesnt' exist notification when I run spam.pl, yet no help or documentation references the file. I also checked out the ricochet website (from the link on the spam.pl website) and it's also software which doesn't seem to be maintained (last release 2003). But it's README shows this which has me intrigued: 2.6 How Are Forged Headers Handled? Spammers often insert anything ranging from complete junk to carefully crafted header messages in order to mislead tracing attempts. These headers are often refered to as Fake or Forged headers and this section describes how Ricochet deals with them. The SMTP protocol doesn't provide a method for describing route authentication in mail headers. A receiving SMTP server/agent, therefore, cannot assume with certainity that any machine listed in the route actually participated in mail's relay; the only network identity it can authenticate is that of the immediate sender machine. In other words, it is impossible, due to lack of authentication data in the mail, to evaluate "truthness" of all "Received" headers; A sufficiently well forged header cannot be told apart from a real header without consulting the mail logs on the alleged machines. When ricochet is looking for fake headers it's really computing syntatic and semantic correctness of headers and the information encoded in them. The headers that don't confirm with RFC822 are assumed fake and discarded. Syntatically correct headers go through a phase of semantic verification, which ensures that the machines listed in the header actually exist and provide mail transport services. Headers that pass the second phase are assumed "real" and processed further. Does spam.pl try and do the same thing to determine forged headers? Michael. |
From: Jon F. <jo...@ap...> - 2007-02-09 11:54:52
|
I seem to remember that the CVS version had to have some massive debugging which is why it never became 0.26. I'll try to work out the kinks. On 2/7/07, Patrick Brueckner <on...@pa...> wrote: > > Hey, > > since CVS version has the feature only to process real received lines, I > played with it a little. > > processing a message with the following received line inside the header: > > Received: from cm43232.red83-165.mundo-r.com ( > cm43232.red83-165.mundo-r.com [83.165.43.232]) > by server3.paddy-net.com (Postfix) with SMTP id 374DB20166F9 > for <****@paddy-net.com>; Wed, 7 Feb 2007 09:27:20 +0100 (CET) > > i have tried trustreceived = 1 and 0 but I always get this output: > (running debug = 2) > > ## Parsing Header Information > No received: headers were found! > > processing the same message with 0.25 works fine. also processing > bundled testspaml works alright. > > processing the testspam with cvs and trustreceived=1 makes no difference > in recipients, allthough the received server of the testspam is not in > my friendly list. > > thats for now, > thanks a lot for the effort anyways. > > patrick > > ------------------------------------------------------------------------- > Using Tomcat but need to do more? Need to support web services, security? > Get stuff done quickly with pre-integrated technology to make your job > easier. > Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo > http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642 > _______________________________________________ > Spam-talk mailing list > Spa...@li... > https://lists.sourceforge.net/lists/listinfo/spam-talk > |
From: Patrick B. <on...@pa...> - 2007-02-07 16:49:08
|
hey, I think the lines 113-116 preceding a "+" are malformed. regards, patrick |
From: Patrick B. <on...@pa...> - 2007-02-07 09:51:52
|
Hey, since CVS version has the feature only to process real received lines, I played with it a little. processing a message with the following received line inside the header: Received: from cm43232.red83-165.mundo-r.com (cm43232.red83-165.mundo-r.com [83.165.43.232]) by server3.paddy-net.com (Postfix) with SMTP id 374DB20166F9 for <****@paddy-net.com>; Wed, 7 Feb 2007 09:27:20 +0100 (CET) i have tried trustreceived = 1 and 0 but I always get this output: (running debug = 2) ## Parsing Header Information No received: headers were found! processing the same message with 0.25 works fine. also processing bundled testspaml works alright. processing the testspam with cvs and trustreceived=1 makes no difference in recipients, allthough the received server of the testspam is not in my friendly list. thats for now, thanks a lot for the effort anyways. patrick |
From: Jon F. <jo...@ap...> - 2007-02-05 23:25:39
|
It may only be in the cvs version, I can't remember what is in 0.25 :P The friend list is used as the hosts/ips to trust. On 2/5/07, Patrick Brueckner <on...@pa...> wrote: > > cheers, > > i cannot find this implemetation anywhere in the software. is it in the > csv only or in 0.25? I was unable to find anything according to that, also > trying it out didn't work. > an where do you define the ip-to-trust? > > confused > > patrick > > Jon Feldhammer wrote: > > My mail is coming via about 5 different servers. The last header I'm > > trusting is the one that is added by one of them. So, tell spam.pl which > > hosts (ip addresses) are the last ones to trust. > > > > This is the best way I know of to implement the "only process real > received headers" solution. In fact I even have that as a comment in > spam.pl in the "process_received_headers" function. The incoming IP > address can't be forged then. Often it is an open relay though, so people > may still complain to you that they didn't send the message. However, in > that case they really are a true offender that can do something to stop the > spam. > > Sorry guys, it has been a long time since I looked at this code and looks > like I already implemented this solution :P. It looks like if you set > 'filterreceived = 1' then it will only process the true Received headers. > > Jon > > > > ------------------------------------------------------------------------- > Using Tomcat but need to do more? Need to support web services, security? > Get stuff done quickly with pre-integrated technology to make your job > easier. > Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo > http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642 > _______________________________________________ > Spam-talk mailing list > Spa...@li... > https://lists.sourceforge.net/lists/listinfo/spam-talk > > |
From: Patrick B. <on...@pa...> - 2007-02-05 21:54:16
|
cheers, i cannot find this implemetation anywhere in the software. is it in the csv only or in 0.25? I was unable to find anything according to that, also trying it out didn't work. an where do you define the ip-to-trust? confused patrick Jon Feldhammer wrote: > > My mail is coming via about 5 different servers. The last header I'm > trusting is the one that is added by one of them. So, tell spam.pl > which > hosts (ip addresses) are the last ones to trust. > > > This is the best way I know of to implement the "only process real > received headers" solution. In fact I even have that as a comment in > spam.pl in the "process_received_headers" function. The incoming IP > address can't be forged then. Often it is an open relay though, so > people may still complain to you that they didn't send the message. > However, in that case they really are a true offender that can do > something to stop the spam. > > Sorry guys, it has been a long time since I looked at this code and > looks like I already implemented this solution :P. It looks like if > you set 'filterreceived = 1' then it will only process the true > Received headers. > > Jon |
From: Jon F. <jo...@ap...> - 2007-02-05 21:32:23
|
> > My mail is coming via about 5 different servers. The last header I'm > trusting is the one that is added by one of them. So, tell spam.pl which > hosts (ip addresses) are the last ones to trust. > This is the best way I know of to implement the "only process real received headers" solution. In fact I even have that as a comment in spam.pl in the "process_received_headers" function. The incoming IP address can't be forged then. Often it is an open relay though, so people may still complain to you that they didn't send the message. However, in that case they really are a true offender that can do something to stop the spam. Sorry guys, it has been a long time since I looked at this code and looks like I already implemented this solution :P. It looks like if you set 'filterreceived = 1' then it will only process the true Received headers. Jon |
From: Esa <es...@la...> - 2007-02-04 23:02:58
|
Patrick Brueckner kirjoitti: > Also have I started thinking about a solution, how to tell spam.pl > only to parse real Received headers. Here I have two approaches: > 1) only parse the FIRST received line, quick and dirty, but probably > problematic of email is received on an remote box and then sent to a > local mta, or even if spam and virus check are a seperate mta (via proxy) > 2) only parse received lines that include the real hostname of the > mailserver Well, why not simulate a real person, which would look at the headers until it finds the last one he can trust? My mail is coming via about 5 different servers. The last header I'm trusting is the one that is added by one of them. So, tell spam.pl which hosts (ip addresses) are the last ones to trust. esa |
From: Patrick B. <on...@pa...> - 2007-02-04 22:44:13
|
Hey, And its me again. I have just created two patches and uploaded them to the patches-section at spam.pl's project site at sourceforge. I have also started expanding the list of third-level domains at the beginning of the script and I'm thinking about having an extra file like the IPBlks.pm for them since they make the script very long (so far I added about 50, but more are still to come up). Also have I started thinking about a solution, how to tell spam.pl only to parse real Received headers. Here I have two approaches: 1) only parse the FIRST received line, quick and dirty, but probably problematic of email is received on an remote box and then sent to a local mta, or even if spam and virus check are a seperate mta (via proxy) 2) only parse received lines that include the real hostname of the mailserver i don't know if the second solution is still the best, since even the real hostname could be spoofed (which has not happened to me so far) great work, again! without the script provided writing a similar programme would have taken me several months. regards, patrick Patrick Brueckner wrote: > Hey Jon, > > thank you for your quick reply. >> >> 1 >> i figured out, that the .spam/bad file use used to list bad email >> addresses, that return with a negative. today, i wanted to expand >> the >> list by an address that caused a delivery failure, but the email >> address >> was already included there. >> am i mistaken about the files usage? >> >> >> I hadn't fully implemented it yet. I just wrote the code that should >> implement this feature and checked it into cvs. It is actually bad >> domains right now, not bad emails (this should probably be changed). > 1: yes, bad emails makes more sense, since often spam.pl sends > complaints to postmaster@ and abuse@ and only one of the two exist. >> >> 2 >> for some emails i only receive the following answer from spam.pl: >> >> ## Parsing Header Information >> No unfriendly hosts were found. This cannot have been a spam! >> >> i don't quite understand this message. how can i deactivate it? >> >> >> It means that spam.pl found nothing to complain about. Can you send >> me an example of a spam message that triggers this (include the >> headers)? > 2: at the moment i can't this error message disappeared also in last > nights run. the problem is, that i have it configured to delete the > mail right after sending the complaint. >> >> 3 >> can i define additional whois servers for specific ip-ranges? many ip >> whois lookups seem to fail. >> >> >> Yes, in lib/IPBlks.pm you will see a huge list of IP addresses, add >> your ranges in there accordingly. Check out tools/netmask.pl in CVS >> for a useful tool that will spit out what exactly you should put into >> the IPBlks.pm file. > 3: thank you. I will extend it to my needs and send you the updated > version. >> >> 4 >> is it possible to tell spam.pl only to process the real, not the >> forged >> headers? almost all spam mail has forged headers now and i get many >> responses from abuse-desks telling me their address was spoofed >> and they >> can't do anything about it - and i guess its annoying, too. >> >> >> Right now it isn't. I think I started working on this and got >> distracted from this project. It really should be implemented. > 4: this is *really important* to me, since i get many complaints from > providers that are annoyed by the many abuse mails i sent out to them, > only because the forged header includes their ip/domain. > > unfortunately im no good at perl otherwise i could maybe figure some > things out myself. :( > > be assured that I will donate you a little extra money, as soon as the > software does what i want :) > > regards, > patrick > ------------------------------------------------------------------------ > > ------------------------------------------------------------------------- > Take Surveys. Earn Cash. Influence the Future of IT > Join SourceForge.net's Techsay panel and you'll get the chance to share your > opinions on IT & business topics through brief surveys - and earn cash > http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV > ------------------------------------------------------------------------ > > _______________________________________________ > Spam-talk mailing list > Spa...@li... > https://lists.sourceforge.net/lists/listinfo/spam-talk > |
From: Patrick B. <on...@pa...> - 2007-01-31 09:52:11
|
Hey Jon, thank you for your quick reply. > > 1 > i figured out, that the .spam/bad file use used to list bad email > addresses, that return with a negative. today, i wanted to expand the > list by an address that caused a delivery failure, but the email > address > was already included there. > am i mistaken about the files usage? > > > I hadn't fully implemented it yet. I just wrote the code that should > implement this feature and checked it into cvs. It is actually bad > domains right now, not bad emails (this should probably be changed). 1: yes, bad emails makes more sense, since often spam.pl sends complaints to postmaster@ and abuse@ and only one of the two exist. > > 2 > for some emails i only receive the following answer from spam.pl: > > ## Parsing Header Information > No unfriendly hosts were found. This cannot have been a spam! > > i don't quite understand this message. how can i deactivate it? > > > It means that spam.pl found nothing to complain about. Can you send > me an example of a spam message that triggers this (include the headers)? 2: at the moment i can't this error message disappeared also in last nights run. the problem is, that i have it configured to delete the mail right after sending the complaint. > > 3 > can i define additional whois servers for specific ip-ranges? many ip > whois lookups seem to fail. > > > Yes, in lib/IPBlks.pm you will see a huge list of IP addresses, add > your ranges in there accordingly. Check out tools/netmask.pl in CVS > for a useful tool that will spit out what exactly you should put into > the IPBlks.pm file. 3: thank you. I will extend it to my needs and send you the updated version. > > 4 > is it possible to tell spam.pl only to process the real, not the > forged > headers? almost all spam mail has forged headers now and i get many > responses from abuse-desks telling me their address was spoofed > and they > can't do anything about it - and i guess its annoying, too. > > > Right now it isn't. I think I started working on this and got > distracted from this project. It really should be implemented. 4: this is *really important* to me, since i get many complaints from providers that are annoyed by the many abuse mails i sent out to them, only because the forged header includes their ip/domain. unfortunately im no good at perl otherwise i could maybe figure some things out myself. :( be assured that I will donate you a little extra money, as soon as the software does what i want :) regards, patrick |
From: Jon F. <jo...@ap...> - 2007-01-31 00:21:28
|
> > 1 > i figured out, that the .spam/bad file use used to list bad email > addresses, that return with a negative. today, i wanted to expand the > list by an address that caused a delivery failure, but the email address > was already included there. > am i mistaken about the files usage? I hadn't fully implemented it yet. I just wrote the code that should implement this feature and checked it into cvs. It is actually bad domains right now, not bad emails (this should probably be changed). 2 > for some emails i only receive the following answer from spam.pl: > > ## Parsing Header Information > No unfriendly hosts were found. This cannot have been a spam! > > i don't quite understand this message. how can i deactivate it? It means that spam.pl found nothing to complain about. Can you send me an example of a spam message that triggers this (include the headers)? 3 > can i define additional whois servers for specific ip-ranges? many ip > whois lookups seem to fail. Yes, in lib/IPBlks.pm you will see a huge list of IP addresses, add your ranges in there accordingly. Check out tools/netmask.pl in CVS for a useful tool that will spit out what exactly you should put into the IPBlks.pm file. 4 > is it possible to tell spam.pl only to process the real, not the forged > headers? almost all spam mail has forged headers now and i get many > responses from abuse-desks telling me their address was spoofed and they > can't do anything about it - and i guess its annoying, too. Right now it isn't. I think I started working on this and got distracted from this project. It really should be implemented. Jon |
From: Patrick B. <on...@pa...> - 2007-01-30 09:26:05
|
hey, i'm using your tool as an isp to report all the spam that my customers receive. 1 i figured out, that the .spam/bad file use used to list bad email addresses, that return with a negative. today, i wanted to expand the list by an address that caused a delivery failure, but the email address was already included there. am i mistaken about the files usage? 2 for some emails i only receive the following answer from spam.pl: ## Parsing Header Information No unfriendly hosts were found. This cannot have been a spam! i don't quite understand this message. how can i deactivate it? 3 can i define additional whois servers for specific ip-ranges? many ip whois lookups seem to fail. 4 is it possible to tell spam.pl only to process the real, not the forged headers? almost all spam mail has forged headers now and i get many responses from abuse-desks telling me their address was spoofed and they can't do anything about it - and i guess its annoying, too. thanks for the great tool:) paddy2706 |
From: Jon F. <jo...@ap...> - 2006-03-02 13:12:00
|
I just gave spam.pl's website a facelift. Check it out at http://spam.sourceforge.net and let me know what you think. I used the opensource "white room" template. If anyone has logo making skills, I'd love to put a logo up :P Jon |
From: Jon F. <jo...@ap...> - 2006-03-02 05:33:29
|
Sorry about the slow response on this. For some reason I never got the original message and only looked through the archives today. Nice catch, an easy tweak and we can get a lot more whois information. Do you happen to know, does anyone besides arin use the '+' toggle? Ripe I know doesn't for instance. For now this will work: if ($whois_server eq 'whois.arin.net') { $args{query} =3D '+ ' . $args{query}; } on line 49 of the Whois.pm file and every lookup will add a '+ ' to the ip. I've checked a modified version of the Whois.pm into the cvs. Again, nice catch! Jon Hello. I've just downloaded your software (Version 0.25). If possible, I'm looking for a manner to give additionnal parameter when th= e perl script ask whois server, specialy option for whois server like '+' . because, Example in linux (operating system): 'whois -h whois.arin.net 65.216.21.203' don't give direct information, and 'whois -h whois.arin.net + 65.216.21.203 ' give more information. I have read ./spampl-0.25/lib/Whois.pm file, and I have found the call of whois: creating of a socket, Chinese to me ! :-( , to add options for asking whois server. So, It's my contribution to fight more spam.. When you have time!!?? Regards, Yvan. |
From: ygosset <yg...@fr...> - 2006-01-24 18:02:45
|
Hello. I've just downloaded your software (Version 0.25). If possible, I'm looking for a manner to give additionnal parameter when the perl script ask whois server, specialy option for whois server like '+' . because, Example in linux (operating system): 'whois -h whois.arin.net 65.216.21.203' don't give direct information, and 'whois -h whois.arin.net + 65.216.21.203 ' give more information. I have read ./spampl-0.25/lib/Whois.pm file, and I have found the call of whois: creating of a socket, Chinese to me ! :-( , to add options for asking whois server. So, It's my contribution to fight more spam.. When you have time!!?? Regards, Yvan. |
From: Jon F. <jo...@ap...> - 2006-01-08 06:29:10
|
Thought I'd send out an email with what is going on with spam.pl *1. -e/-p : the lost features* Does anyone use the -e (edit list) or the -p (prompt to view/edit) features with spam.pl? I have thoroughly broken these features with the newest revisions and they are not features I use. I'm considering dumping that functionality, let me know if you like those features, or use those features. *2. CVS mailing list* I've added another mailing list 'spam-cvs<http://lists.sourceforge.net/lists/listinfo/spam-cvs>' where all cvs commit emails will be sent, if you're dying to be on the bleeding edge of spam.pl :) *3. The newest accessible version of spam.pl* The current version of spam.pl in CVS has a couple of new features that mak= e spam.pl a lot more robust: - using Email::Simple to parse emails now - using Email::MIME to decode the email bodies - new option 'trustreceived' if enabled will only use Received: headers tha= t are from trusted mailservers, eliminating reporting to spoofed headers - new option 'bodyextractemails' if enabled will pull out the spammer's email from the body and report to the domain/domain hosts that they have a spammer - code cleanup If anyone checks it out, let me know if you run into bugs. I've noticed that Email::MIME breaks on some emails so I may end up having to write my own module for MIME decoding, further testing will determine that. *4. Upcoming feature* I currently report about 100 spam emails a day, and my biggest problem is handling all the bounces for the emails that bounce (generally due to spam.pl invention of email addresses). I'm testing out different solutions and I'm considering two approaches, I'd love to hear feedback or new ideas of how to handle this problem. a. Email::Valid -- this module can check to see if there is a valid mx record for a particular email, the problem is not all email servers are RFC compliant and they may very well have a mail server that accepts mail without a valid mx record. So in the alternative, if there is no mx record= , we could go out and try connecting to port 25 and see if a mail server pick= s up (this would be pretty slow, but effective). If I use this option, it would make sense to build a BerkeleyDB or a static file database of some sort collecting the domains that have been checked. b. Bounce list -- maintain a list or DB of emails that have bounced and don't email them again in the future. There are a few ways this can be implemented, i.e. manual entering of the bounced email address or add an option to spam.pl to bounce to a different inbox and build a script to pull out the emails that bounced and add them automatically to the list/DB. *5. How do you use spam.pl?* Do people use spam.pl in conjunction with pine or some other mail reader an= d just forward messages into it? Do people (like me) just go into a spam Maildir and ram the messages there into spam.pl? Would people like spam.plinterface directly into a pop3/imap account? Connect directly to an mbox file? Jon |
From: Jon F. <jo...@ap...> - 2006-01-02 14:27:45
|
I'm probably going to switch the email parsing over to Email::Simple and dump how it is done now. The only catch is Email::Simple relies on the email being RFC2822 compliant more than the current code does.=20 I've run a few hundred emails through it and it does a great job each time, but that is probably because all my mail servers are RFC2822 compliant. Does anyone have a mailserver that isn't RFC2822 compliant, or know of one, or have any reason I spam.pl shouldn't use Email::Simple? Jon |
From: Jon F. <jo...@ap...> - 2005-12-29 21:11:54
|
I released v0.25 of spam.pl today. It has some major bug fixes, and more efficiency increases. The code is a bit tighter as well. Changes: - ipwhois lookups are now performed whether or not the domain name resolve= s, apparently some valid ips actually resolve to false domain info - made debug mode a little less chatty - BUGFIX: body-host was grabbing and testing non-domain characters due to a regex bug - now doing abuse.net lookups using DNS server, significant speed increase= over whois lookups, requires module Net::DNS - BUGFIX: fixed a bug in how the IP information was parsed from the Received headers - fixed enough code that use strict is now on - using Config::General for the config file, unfortunately this means the config layout has changed, see the distributed 'config' file for details - BUGFIX: fixed email output so that the email header is all on one line - emailing with Net::SMTP rather than an open call to sendmail - will remove X-Spam headers from emails sent out - BUGFIX: kicked up the defense against reporting on friends - no longer using Net::Whois::Raw & Net::Whois::IP, they weren't very good, I wrote the module Whois.pm to replace it, as a bonus it is about 100x faster Jon http://spam.sourceforge.net |
From: Jon F. <jo...@ap...> - 2005-12-24 14:52:23
|
I released v0.24 today. It has major efficiency improvements as well as a ton of bug fixes. If you are currently using v0.23 upgrade today! I'm now using modules to do the whois lookups. The only thing I'm not totally happ= y about in this release is that Net::Whois::Raw doesn't use the correct whois servers for everything, particularly the more obscure domain names. It is pretty good, but spam.pl will discard a couple of domain names it could complain to because of it. Sorry I took such a long hiatus! I'm hoping to build out spam.pl some more in the next few weeks, keep your eyes open! I'd love feedback from anyone if you still use spam.pl. Jon |
From: <as...@de...> - 2004-02-03 04:14:34
|
On Feb 2, 2004, at 8:11 PM, Jon Feldhammer wrote: > Really? I've generally found that the Delivered-To and similar > headers were non standard and usually worthless. Often times they are > munged by different mail server that receive/relay the mail as well. > > Looking up MX records is a good idea though to give some basic > protection against spoofed Received headers. I sometimes get complaints from my own users of my forwarding services (for example @cpan.org addresses); it'd be nice if the script could not add to that problem. :-) - ask -- http://www.askbjoernhansen.com/ |
From: Jon F. <jo...@ap...> - 2004-02-03 04:12:19
|
Really? I've generally found that the Delivered-To and similar headers=20 were non standard and usually worthless. Often times they are munged by=20 different mail server that receive/relay the mail as well. Looking up MX records is a good idea though to give some basic=20 protection against spoofed Received headers. Jon Ask Bj=F8rn Hansen wrote: > > On Jan 26, 2004, at 5:29 AM, Jon Feldhammer wrote: > > It'd also be useful if it used Delivered-To and similar headers and=20 > then looked up MX records to figure out if an IP was a valid relay for=20 > the mail. > |
From: <as...@de...> - 2004-02-03 02:33:23
|
On Jan 26, 2004, at 5:29 AM, Jon Feldhammer wrote: It'd also be useful if it used Delivered-To and similar headers and then looked up MX records to figure out if an IP was a valid relay for the mail. -- http://www.askbjoernhansen.com/ |
From: Jon F. <jo...@ap...> - 2004-01-27 01:16:02
|
'm going to release a new version of spam.pl in the next week, here are some notes: I stumbled across spam.pl last week and thought it was a great idea. After downloading it and trying to get it to run I had to edit a lot of the regex's which no longer worked properly. I also noticed that spam.pl wasn't using ipwhois information which is probably the only useful information in a header. Lastly, I noticed that spam.pl wasn't in an easy to read format and I spent a lot of time moving code around and breaking it up into more functions. After making these changes I ran 300 spam messages through it and found some of the abuse departments were very responsive but that these sites generally were the victims of fake headers. Spam.pl was also emailing a lot of bogus hostnames, which I've added additional checking for so there won't be as many undeliverable email addresses. It would be irresponsible to release spam.pl in the form I have it now since it does harrass the victims of fake headers but I'm trying to fix this and get a new version out. FUTURE PLANS: 1. Add support for http://dnsbl.njabl.org/ to check the status of open relays etc. 2. ipwhois and whois double checking has slowed things down considerably, some sort of caching should be built in to speed things up since most people get spam from the same person over and over. 3. If someone isn't found in abuse.net don't just send to pos...@do... do some further research on the hostname, what tends to be useful is to examine the dns server the host is using and assume that person is hosting the site then complain to that site. If they are using a public dns server hopefully spam reports will get them booted from the dns server. (this is especially useful hostnames in the body of the email) 4. When reverse dns is possible, figure out the ip address, and do an ipwhois to report with, the ip information tends to be more reliable. In the header when reverse dns is not possible on the domain name it is likely we're dealing with a spoofed header and should probably disregard it. 5. Give a bit of a breakdown for system admins so they know WHY they are being emailed. I don't know if anyone still uses this script, but if anyone has hacked in mods I'd love to hear about it. Thanks Jon |