{Virus?} Automatic spam deletion service

John Rudd jrudd at UCSC.EDU
Fri Jun 11 21:53:42 IST 2004 

Heh.  I'm still rejecting zip files, so this got flagged as a virus.
(just though it was slightly ironic that a legit message from the
mailscanner list would get flagged by mailscanner as a virus).


Julian Field wrote:
>
> In response to a couple of requests, I thought I would post this to the
> list so it gets in the archives, and I don't end up repeating myself in
> future months.
>
> Here we have an automatic spam deletion service. When a user opts in, they
> can set a threshold score above which all spam to them will be deleted.
> Between our normal threshold (6) and the threshold they set, the spam is
> tagged but still delivered. This means they still get borderline spam if
> they choose to, but all the definite spam will be deleted before delivery.
>
> The front-end is a web interface in PHP which will require some
> modification for your own site, as it accesses a back-end SQL server (in
> our case Microsoft SQL Server 2000) to store the data. Use a .htaccess file
> to provide username/password authentication for it. The mkthresholddb
> script which builds the DB file (used by MailScanner) from the SQL server
> has a bit of clever code in it which you will need to change, as it is used
> to look up all the aliases which deliver to the person whose account is
> listed in the SQL table. So, for example, it is given "jkf" and will return
> all of
>          jkf at ecs.soton.ac.uk
>          sysjkf at ecs.soton.ac.uk
>          j.field at ecs.soton.ac.uk
>          j.k.field at ecs.soton.ac.uk
> and any other aliases which also resolve to just "jkf". This is all pulled
> from a NIS map where we store the information.
>
> But hopefully there is enough here that it will save you all most of the
> work required in setting up a service like this. It has been very well
> received by our users, particularly those who don't know much about mail
> filtering and so always have deleted their spam by hand even though its
> subject line is tagged to enable automatic filtering.
>
> End of sales pitch, now the guts.....
>
> In CustomConfig.pm, this line is added:
> require 'MailScanner/ECSthresholds.pm';
>
> Then in /opt/MailScanner/lib/MailScanner we put the "ECSthresholds.pm" file
> which is attached. This would go in /usr/lib/MailScanner/MailScanner on an
> RPM-based Linux system. My code is written for Solaris.
>
> There is then a cron job
> 3,18,33,48 * * * * /usr/local/sbin/mkthresholddb >/dev/null 2>&1
> which calls the "mkthresholddb" script which is attached. This creates the
> DB file used by MailScanner.
>
> To inspect the database table (you may also find this useful to work out
> the database table design), there is a tool "dumpthresholddb" which does
> exactly what its name suggests.
>
> The front end is implemented by the "index.php" file which is attached.
> This provides the web interface used by the users to configure their
> settings, in conjunction with a .htaccess file to provide the
> username/password authentication.
>
> The MailScanner configuration is handled by these lines in MailScanner.conf:
> Required SpamAssassin Score = 6
> High SpamAssassin Score = &ECSthreshold
> Spam Actions = deliver
> High Scoring Spam Actions = &ECSspamaction
> Spam Lists To Reach High Score = 1
>
> The only line that might cause you some thought is the last one. We want to
> delete any spam caught by a MailScanner "Spam List" (i.e. an RBL) to be
> deleted, if the user has opted into the auto-deletion system.
>
> The backend in our case is a Microsoft SQL Server 2000 database, accessed
> via the Sybase DBD drivers. But you could use any old SQL server, I'm sure
> Postgres or mySQL would work fine.
>
> Hopefully that is all enough to get you going.
>
> -------------------------- MailScanner list ----------------------
> To leave, send    leave mailscanner    to jiscmail at jiscmail.ac.uk
> Before posting, please see the Most Asked Questions at
> http://www.mailscanner.biz/maq/     and the archives at
> http://www.jiscmail.ac.uk/lists/mailscanner.html
>
>   ------------------------------------------------------------------------
> This is a message from the MailScanner E-Mail Virus Protection Service
> ----------------------------------------------------------------------
> The original e-mail attachment "auto-spam-deletion-service.zip"
> is on the list of unacceptable attachments for this site and has been
> replaced by this warning message.
>
> We were unable to keep a copy of the original attachment.
>
> At Fri Jun 11 06:46:57 2004 the virus scanner said:
>    Virus Issue (auto-spam-deletion-service.zip)
>
> --
> Postmaster
>
>   ------------------------------------------------------------------------
> --
> Julian Field
> www.MailScanner.info
> MailScanner thanks transtec Computers for their support
>
> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
>
> -------------------------- MailScanner list ----------------------
> To leave, send    leave mailscanner    to jiscmail at jiscmail.ac.uk
> Before posting, please see the Most Asked Questions at
> http://www.mailscanner.biz/maq/     and the archives at
> http://www.jiscmail.ac.uk/lists/mailscanner.html

-------------------------- MailScanner list ----------------------
To leave, send    leave mailscanner    to jiscmail at jiscmail.ac.uk
Before posting, please see the Most Asked Questions at
http://www.mailscanner.biz/maq/     and the archives at
http://www.jiscmail.ac.uk/lists/mailscanner.html

More information about the MailScanner mailing list