Anti spam solutions

Chris F.A. Johnson c.f.a.johnson-bJEeYj9oJeDQT0dZR+AlfA at public.gmane.org
Wed Oct 8 05:06:16 UTC 2003 

On Wed, 8 Oct 2003, Fraser Campbell wrote:

> Hi,
>
> I had nothing much to say or ask when I started writing this email but now
> that I've thought about it ... do any of you have any experience with
> commercial anti-spam solutions?
>
> Of particular interest to me are Roaring Penguin's CanIt and
> Sophos/ActiveState's PureMessage?  To a lesser extent I am interested in
> commercial RBLs such as MAPS and their effectiveness versus the free RBLs (I
> use sbl.spamhaus.org, bl.spamcop.net and relays.ordb.org).
>
> *Any* other commercial or non-commercial solutions that you find effective I'd
> like to hear about.
>
> I ask about commercial solutions because they usually come with management
> interfaces that I do not have the time to write currently. AFAIK, pure open
> source tools like spamassassin do not have anything other than text config
> files and command line invocations.  Clients mostly seem to prefer GUIs.  I
> would love to hear about mangement interfaces for the open source tools that
> I might have missed.

     My spam filter is a bash script (sorry, no GUI, but one could be
     written) that checks the mail on a POP3 server, deletes those
     that it thinks are spam, and downloads the rest. I wrote it to
     deal with the SWEN/Gibe-F virus, of which I was getting close to
     2,000 per day (it's down to 500-600 now).

     Once it was in place, none of them got through. I have not had
     any false rejects, either.

     The script downloads several (a configurable number) of lines of
     the message as well as the header, and checks the whole thing
     against files containing regular expressions.

     It first checks the "allow" file[s], and if it matches anything
     in there, it downloads the message and passes it to procmail
     where aditional filtering can be done. If doesn't get the nod
     from the "allow" file, it checks the "deny" files.

     This is the "deny" file which stopped the SWEN barrage:

^FROM:.*\<MS\> [a-z][a-z]
^From:.*Microsoft.*
^From:.*Inet
^From:.*Internet
^From:.*Security Division
^Subject:.*New Internet Critical Pack
^To:.*client@
^Virus detected
^(To|Cc):.*Network Client
^(To|Cc):.*receiver
^(To|Cc):.*recipient
^(To|Cc):.*user
^(To|Cc):.*Client
^(To|Cc):.*Customer
^(To|Cc):.*Inet Receiver.*
^(TO|Cc):.*Internet
^Content-Type:.*name=.*(.scr|.exe|.pif|.com|.bat)
(Cumulative|Network|Critical).*Patch

     A maximum size can be placed on messages, but I don't use it.

     The script is at: <http://cfaj.freeshell.org/src/scripts/mfilter>

     It's not polished (a first draught), and it lacks domumentation.

-- 
	Chris F.A. Johnson
	=================================================================
	cfaj-uVmiyxGBW52XDw4h08c5KA at public.gmane.org                      http://cfaj.freeshell.org
--
The Toronto Linux Users Group.      Meetings: http://tlug.ss.org
TLUG requests: Linux topics, No HTML, wrap text below 80 columns
How to UNSUBSCRIBE: http://tlug.ss.org/subscribe.shtml

More information about the Legacy mailing list