simple spam filtering system: critiques welcome
We currently use rblsmtpd to block mail based on RSS, DUL and RBL. What I've wanted all along is a way for individual users to have this same ability, rather than as a system-wide setting. Here's what I've come up with, and I'd appreciate criticisms and comments from my fellow qmail admins: http://www.vcnet.com/~jon/qmail-filter/ In a nutshell I use qmail-qfilter + rblcheck to add an extra header to mail delivered through RBL-listed sites. The added header also contains a ranking based on which lists it matched (as defined in the modified rblcheck source I link to). Then, a dot-qmail called script scans the message headers and rejects or accepts based on this ranking. The same system could be used to flag suspected virus infected mail, but I haven't gotten that far just yet. Huge oversights, ways of making it more efficient, etc are welcomed. I have NOT put this into production yet, but have tested it on a limited basis. Thanks, jon
Re: simple spam filtering system: critiques welcome
On Thu, Mar 15, 2001 at 02:42:53PM -0800, Jon Rust wrote: > We currently use rblsmtpd to block mail based on RSS, DUL and RBL. What > I've wanted all along is a way for individual users to have this same > ability, rather than as a system-wide setting. Here's what I've come up > with, and I'd appreciate criticisms and comments from my fellow qmail > admins: Sorry to follow up your announcement with mine ... I've done something like that, start at http://www.lamer.de/maex/creative/software/ucspi-tcp/ It consists of 3 parts: 1) is a modification to rblsmtpd that allows to define "tags" for RBLs. Each tag of a RBL that had a hit for that IP is put blank delimited into an evironment var RBLID 2) is a modification to qmail-smtpd it checks for RBLID env var and inserts one line per RBL tag into the header of the received mail like: X-RBL-Check: MAPS-RSS X-RBL-Check: MAPS-DUL 3) is a mess822 package called 822xrblcheck you can put it into .qmail files and call it e.g. with |bouncesaying "no messages from blacklisted hosts accepted" /path/to/822xrblcheck MAPS-RSS \Maex -- SpaceNet AG| Joseph-Dollinger-Bogen 14 | Fon: +49 (89) 32356-0 Research & Development | D-80807 Muenchen| Fax: +49 (89) 32356-299 Stress is when you wake up screaming and you realize you haven't fallen asleep yet.
