Hi
all,
just wanted to know
that i have written a little program to catch even more spam than IMail itself
can do with on-board stuff. The reason why I coded it is that we don't have the
budget to buy Declude (well, actally my boss isn't willed to pay anything more
for mail stuff), plus with this thingy I have complete control over what I want
to let through and what not. Own code means full control :).
If anybody is
interested in using it as well, let me know and I package it
up.
What it
does:
- makes upper and
mixed case <A HREF and <IMG SRC to lower case. This is important because
IMail 8.05HF2 still only supports lower case links for URL domain black
list
- Adds a X-Header
(which then can be handled by in- and outbound
rules) when:
- there is a
line break between the <a and the actual link part (same for <font and
<img) - used by m*a*n*y spam mails to confuse anti-spam filters - never seen
in any regular mail, so its a 99,99% indicator of spam mail
- link after
href= "" no "" around (also often used by spam mails)
- there is an
URL that has a 2nd one included (like http://g.msn.com/bla/somescript?site=http://realspamsite.com)
- there is an
URL that contains a @ for the domain part (used as
username)
- there is an
URL that contains a % for the domain part (used as ASCII code
initiater)
- contains a
specific phrase of a list provided via a text file. (*)
(*) The big
advantage of this phrase over Content Filtering and Rules in IMail is that you
can easily define a list of an exact character definition that leads to spam.
Since it is a "dump" byte-by-byte comparison without case changing and
where "." means "." and nothing else, and it also finds substrings, it is for
example great to find patterns in URLs. A lot of spam is for example
successfully found with the patterns "/v9.gif", "/gone.php",
".biz/" and "?AFF_ID=". This is an important feature because a lot of spam
mailers own quite a few domains, so their domainname changes quite often,
but for example the filename of the JPG they are accessing is always
the same.
Please note
that this is of course no competition to Declude or anything else, but it is a
quick'n'dirty little helper tool that increases effiency at least here
dramatically. (On the other hand this are all things that *should* be provided
by IMail itself). Basically it is the result of my spam analysing the last 2
months.
Of course I can give
you no warranty or support or anything like that, so using it would
be your own risk!
