Okay guys, here is the deal:
-
download it here http://www.iff.uni-stuttgart.de/download/software/AdvancedSpamCheck.rar
-
unpack it into your IMail dir
-
read the AdvancedSpamCheck.txt file on how to install it
-
install it *only* on off-peak times and be sure to check mail delivery right
afterwards.
Source code is in
the package, if you want to look at what it does and how it does it. If you make
modifications let me know, maybe I will apply those changes in my code, too, if
the changes seem to be useful to other systems as well.
If you have Declude
or some other external spam tool, you shouldn't use it in this version, since it
won't call your other external spam tool after it processed the data. This might
be fixed in a later version. (If you know some C++ you can change it
yourself, since the source code is also there)
If you have questions, just ask it here on the
list.
Cya (c:p
...
-----Original Message-----
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]On Behalf Of Admin-ML
Sent: Saturday, March 20, 2004 4:04 PM
To: [EMAIL PROTECTED]
Subject: [IMail Forum] IMail Advanced spam checker add-inHi all,just wanted to know that i have written a little program to catch even more spam than IMail itself can do with on-board stuff. The reason why I coded it is that we don't have the budget to buy Declude (well, actally my boss isn't willed to pay anything more for mail stuff), plus with this thingy I have complete control over what I want to let through and what not. Own code means full control :).If anybody is interested in using it as well, let me know and I package it up.What it does:- makes upper and mixed case <A href and <IMG src to lower case. This is important because IMail 8.05HF2 still only supports lower case links for URL domain black list- Adds a X-Header (which then can be handled by in- and outbound rules) when:- there is a line break between the <a and the actual link part (same for <font and <img) - used by m*a*n*y spam mails to confuse anti-spam filters - never seen in any regular mail, so its a 99,99% indicator of spam mail- link after href= "" no "" around (also often used by spam mails)- there is an URL that has a 2nd one included (like http://g.msn.com/bla/somescript?site=http://realspamsite.com)- there is an URL that contains a @ for the domain part (used as username)- there is an URL that contains a % for the domain part (used as ASCII code initiater)- contains a specific phrase of a list provided via a text file. (*)(*) The big advantage of this phrase over Content Filtering and Rules in IMail is that you can easily define a list of an exact character definition that leads to spam. Since it is a "dump" byte-by-byte comparison without case changing and where "." means "." and nothing else, and it also finds substrings, it is for example great to find patterns in URLs. A lot of spam is for example successfully found with the patterns "/v9.gif", "/gone.php", ".biz/" and "?AFF_ID=". This is an important feature because a lot of spam mailers own quite a few domains, so their domainname changes quite often, but for example the filename of the JPG they are accessing is always the same.Please note that this is of course no competition to Declude or anything else, but it is a quick'n'dirty little helper tool that increases effiency at least here dramatically. (On the other hand this are all things that *should* be provided by IMail itself). Basically it is the result of my spam analysing the last 2 months.Of course I can give you no warranty or support or anything like that, so using it would be your own risk!
