Hey everyone,
My signal-to-noise ratio with regard to SPAM has gotten to about 20%, and
I'm fed up.
So I did something about it.
My weekend project was building a generic SMTP
proxy for mail servers, that works with the SpamCop blackhole list. I
looked for a new NT mailserver that would work with these sorts of blackholes,
but they were in excess of $700, which is more than I'm prepared to pay for a
simple feature that I could write in my "spare time".
So, I wrote a generic TCP proxy (working title:
"JSpamProxy") that works like this:
1. Some remote mailserver connects to
port 25, where JSpamFilter is listening.
2. JSpamFilter spawns a thread to handle the
connection, then initiates a DNS lookup against bl.spamcop.net
3a. If the address is a known spammer
address, the connection is dropped (with a 421 Service Not Available
message)
3b. If the address appears clean, a new
connection is established to the port the mail server is "really" listening on
(port 26, by default.) A "Received:" header is added to the mail headers,
so that the source IP is not lost (since the mail server thinks the source IP is
127.0.0.1).
It's available under GPL at http://www.darylb.net/JSpamFilter/
Note: the SpamCop blackhole list is rather
aggressive, and if you have a large volume of [legitimate] mail, you'll likely
refuse some legitimate mail that simply got caught in the crossfire
(because they're using a mail server that is/was used by spammers.)
SpamCop also requests a donation if you use their service: see http://spamcop.net/bl.shtml and http://spamcop.net/fom-serve/cache/299.html before
using this.
That being said, it'd be trivial to modify the
source to use a different DNS-based blackhole list, such as MAPS or
SPAMHAUS.
--Daryl
P.S. I'm going to be out of town on Tuesday
night, and can't make the meeting. :-(
|