I'll try it.. Will t work only with v8.x or all versions of Imail. Jeff Kratka ************************************************ TymeWyse Internet P.O.Box 84 - 110 Ecklund St., Canyonville, OR 97417 tel/fax: (541) 839-6027 - [EMAIL PROTECTED] ************************************************
-----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Admin-ML Sent: Saturday, March 20, 2004 1:04 PM To: [EMAIL PROTECTED] Subject: [IMail Forum] IMail Advanced spam checker add-in Hi all, just wanted to know that i have written a little program to catch even more spam than IMail itself can do with on-board stuff. The reason why I coded it is that we don't have the budget to buy Declude (well, actally my boss isn't willed to pay anything more for mail stuff), plus with this thingy I have complete control over what I want to let through and what not. Own code means full control :). If anybody is interested in using it as well, let me know and I package it up. What it does: - makes upper and mixed case <A HREF and <IMG SRC to lower case. This is important because IMail 8.05HF2 still only supports lower case links for URL domain black list - Adds a X-Header (which then can be handled by in- and outbound rules) when: - there is a line break between the <a and the actual link part (same for <font and <img) - used by m*a*n*y spam mails to confuse anti-spam filters - never seen in any regular mail, so its a 99,99% indicator of spam mail - link after href= has no "" around (also often used by spam mails) - there is an URL that has a 2nd one included (like http://g.msn.com/bla/somescript?site=http://realspamsite.com) - there is an URL that contains a @ for the domain part (used as username) - there is an URL that contains a % for the domain part (used as ASCII code initiater) - contains a specific phrase of a list provided via a text file. (*) (*) The big advantage of this phrase over Content Filtering and Rules in IMail is that you can easily define a list of an exact character definition that leads to spam. Since it is a "dump" byte-by-byte comparison without case changing and where "." means "." and nothing else, and it also finds substrings, it is for example great to find patterns in URLs. A lot of spam is for example successfully found with the patterns "/v9.gif", "/gone.php", ".biz/" and "?AFF_ID=". This is an important feature because a lot of spam mailers own quite a few domains, so their domainname changes quite often, but for example the filename of the JPG they are accessing is always the same. Please note that this is of course no competition to Declude or anything else, but it is a quick'n'dirty little helper tool that increases effiency at least here dramatically. (On the other hand this are all things that *should* be provided by IMail itself). Basically it is the result of my spam analysing the last 2 months. Of course I can give you no warranty or support or anything like that, so using it would be your own risk! To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/
