Re: [IMail Forum] IMail Advanced spam checker add-in

[Doug White]

Can you pack it in zip format?    I am having a problem unpacking the file with the utilities that I have.   Thanks ====================================== Stop spam on your domain, Anti-spam solutions http://www.clickdoug.com/mailfilter.cfm For hosting solutions http://www.clickdoug.com ====================================== If you woke up breathing, congratulations! You have been given another chance!     ----- Original Message ----- From: Admin-ML To: [EMAIL PROTECTED] Sent: Monday, March 22, 2004 10:25 AM Subject: AW: [IMail Forum] IMail Advanced spam checker add-in Okay guys, here is the deal:   - download it here http://www.iff.uni-stuttgart.de/download/software/AdvancedSpamCheck.rar - unpack it into your IMail dir - read the AdvancedSpamCheck.txt file on how to install it - install it *only* on off-peak times and be sure to check mail delivery right afterwards.   Source code is in the package, if you want to look at what it does and how it does it. If you make modifications let me know, maybe I will apply those changes in my code, too, if the changes seem to be useful to other systems as well.   If you have Declude or some other external spam tool, you shouldn't use it in this version, since it won't call your other external spam tool after it processed the data. This might be fixed in a later version. (If you know some C++ you can change it yourself, since the source code is also there) If you have questions, just ask it here on the list.   Cya (c:p ...     -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]On Behalf Of Admin-ML Sent: Saturday, March 20, 2004 4:04 PM To: [EMAIL PROTECTED] Subject: [IMail Forum] IMail Advanced spam checker add-in Hi all,   just wanted to know that i have written a little program to catch even more spam than IMail itself can do with on-board stuff. The reason why I coded it is that we don't have the budget to buy Declude (well, actally my boss isn't willed to pay anything more for mail stuff), plus with this thingy I have complete control over what I want to let through and what not. Own code means full control :).   If anybody is interested in using it as well, let me know and I package it up.   What it does: - makes upper and mixed case <A href and <IMG src to lower case. This is important because IMail 8.05HF2 still only supports lower case links for URL domain black list - Adds a X-Header (which then can be handled by in- and outbound rules) when:   - there is a line break between the <a and the actual link part (same for <font and <img) - used by m*a*n*y spam mails to confuse anti-spam filters - never seen in any regular mail, so its a 99,99% indicator of spam mail   - link after href= "" no "" around (also often used by spam mails)   - there is an URL that has a 2nd one included (like http://g.msn.com/bla/somescript?site=http://realspamsite.com)   - there is an URL that contains a @ for the domain part (used as username)   - there is an URL that contains a % for the domain part (used as ASCII code initiater)   - contains a specific phrase of a list provided via a text file. (*)   (*) The big advantage of this phrase over Content Filtering and Rules in IMail is that you can easily define a list of an exact character definition that leads to spam. Since it is a "dump" byte-by-byte comparison without case changing and where "." means "." and nothing else, and it also finds substrings, it is for example great to find patterns in URLs. A lot of spam is for example successfully found with the patterns "/v9.gif", "/gone.php", ".biz/" and "?AFF_ID=". This is an important feature because a lot of spam mailers own quite a few domains, so their domainname changes quite often, but for example the filename of the JPG they are accessing is always the same.   Please note that this is of course no competition to Declude or anything else, but it is a quick'n'dirty little helper tool that increases effiency at least here dramatically. (On the other hand this are all things that *should* be provided by IMail itself). Basically it is the result of my spam analysing the last 2 months.   Of course I can give you no warranty or support or anything like that, so using it would be your own risk!