on Wed, Dec 06, 2000 at 09:24:54AM -0800, Peter Jay Salzman ([EMAIL PROTECTED]) wrote: > dear all, > > this is a pretty complicated question... > > when i get spam, i like to send complaint letters to the people responsible > for the ip and/or zone that the spam came from. i also like to use > traceroute to send a complaint to the system upstream from them, since that > usually belongs to the same zone anyway. > > i usually send complaints to postmaster and security at each ip address > listed above. > > is there a way to "drop" an ip address into mutt, and have > > [EMAIL PROTECTED], [EMAIL PROTECTED] > > automagically appear in the To: header? > > i know this is complicated and would prolly require an external > script, but it would really make my life more convenient. > > of course, i would find the ip addresses in another virtual console; > all i want is to be able to send mutt these addresses and have mutt > automatically fill the To: header.
This is an external-script problem. Best handled by procmail or
something similar.
I'm actively researching this myself. I've got a good spam filtering
mechanism in place (Lars Wirzenius's 'spamfilter' Debian package), but
I'd like to automate the process of responding to site and ISP
administrators. I'm assuming you have resolved the issue of detecting
spam, it's the response part that you're interested in.
Rationale: I can filter spam. It's going to be far more interested in
doing what I can to help make spammers jobs more difficult by shutting
down accounts and/or blacklisting ISPs which sponsor significant spam
activity.
I've found some useful references, among them:
Tools and Techniques for Limiting Spam
http://www.spam.abuse.net/tools/index.html
For a *very* extensive procmail FAQ (100+ pages, printed 2-up!),
Jari Alto's Procmail Tips page:
http://mirror.ncsa.uiuc.edu/procmail/ssjaaa/pm-tips-body.html
Rahul Dhesi's tips on tracing real accounts:
http://www.spam.abuse.net/tools/flameblock.txt
Nancy McGough's Filtering Mail FAQ
http://www.ii.com/internet/faqs/launchers/mail/filtering-faq/
Catherine Hampton's Spam Bouncer
http://www.spambouncer.org/
Brett Glass, in a rare clear moment, on spam:
http://www.brettglass.com/spam/paper.html
There are also several resources listed at Freshmeat, in particular:
parp: http://freshmeat.net/projects/parp/
ricochet: http://freshmeat.net/projects/ricochet/
spam.pl: http://freshmeat.net/projects/spam.pl/
Spamkill: http://freshmeat.net/projects/spamkill/
The Veganizer: http://freshmeat.net/projects/theveganizer/
Vipul's Razor: http://freshmeat.net/projects/vipulsrazor/
I haven't tried these tools out, but the above seem from descriptions to
be close to what I'm looking for. Reviews/reports welcomed.
The solution I'm looking for ultimately will:
- Automate checking for listing on RBL (MAPS, ORBS) lists (this should
actually be part of the filtering process), and submitting relay IPs
to the ORBS list for testing. I've created a short script for the
latter.
- Automate/batch response to abuse@ and postmaster@ addresses of
spammer's host and upstream provider. Likewise, automate forwarding
of spam to spam-collection lists and centers. E.g.: my ISP has a
"spaminator" service which apparently matches spam based on content.
While I don't use or particularly trust the service, I might be able
to help others.
- Archive the abuse letter for processing including...
- Automate/batch processing of responses to abuse letters. MAPS
requires measures to contact ISPs associated with spam. Giving a
24-48 hour response interval, then forwarding data, might be a way
to get more spam houses onto the MAPS RBL. Format data
appropriately, with activity log, to MAPS.
- Automate testing for repeat spam from particular ISPs, hosts, or
nodes, using heuristics to determine whether or not this
host/network is principally good (much non-spam content, little
spam), bad (largely/all spam, little non-spam content), or mixed.
This can be used to adjust mail rules for default allow or default
deny policies for this particular domain.
'Nother words: try to get the spammers offline, share the data, and use
patterns of behavior to modify and update my own filters.
--
Karsten M. Self <kmself@ix.netcom.com> http://www.netcom.com/~kmself
Evangelist, Zelerate, Inc. http://www.zelerate.org
What part of "Gestalt" don't you understand? There is no K5 cabal
http://gestalt-system.sourceforge.net/ http://www.kuro5hin.org
pgpguRAE0KIuF.pgp
Description: PGP signature
