Alpha of Milter-Spamtrap

Damian Mendoza damian at
Sat Dec 2 21:52:13 GMT 2006


It makes sense now.



-----Original Message-----
From: mailscanner-bounces at
[mailto:mailscanner-bounces at] On Behalf Of Dennis
Sent: Saturday, December 02, 2006 1:15 PM
To: MailScanner discussion
Subject: Re: Alpha of Milter-Spamtrap

It doesn't matter what domain it comes from, The blacklist is made up of

the IP address of the sending mail server (which cannot be spoofed for a

full TCP conversion needed to send mail) so the email would have to 
really come from their mail servers. Spoofing the from address is not an

issue. If a machine sends an email to one of the honeypot addresses then

the IP address is recorded of the sender. The sender would have to have 
and send to one of the honeypot addresses, so you should not give out 
the honeypot address to real people.
In addition, you can whitelist IP addresses or address ranges in CIDR 
format so even if they send to a honeypot email address they won't be 

To get the honeypot addresses distributed you can:
Post useless posts to a usenet group using the honeypot email addresses
Put the email address on a webpage in such a way as normal people 
viewing the page can't read it, but a Spam bots can
Find some emails that have a "remove" form and give the honeypot email 
address to be removed (even though it isn't subscribed)
And there are others ways as well

Damian Mendoza wrote:
> Hi,
> Sounds like a great approach, but how do you prevent aol, hotmail,
> geocities, yahoo mail, etc from getting into the backlist as spam
> as spam appears to come from these domains.
> Thanks,
> Damian
> -----Original Message-----
> From: mailscanner-bounces at
> [mailto:mailscanner-bounces at] On Behalf Of
> Willson
> Sent: Thursday, November 30, 2006 10:50 PM
> To: mailscanner at; spamtools at
> Subject: OT: Alpha of Milter-Spamtrap
> I put an alpha version of milter-spamtrap up on sourceforge.
> I will do more testing this weekend and upload a new version. If
> wants to download it and look it over that would be great.
> I am also looking for some input on something. Originally, I had
> you would have a choice as to only save the IP addresses in a file or 
> use the MySQL database or both. However, when I think back to when I
> my dedicated spamtrap I hit about 1 million entries in a relatively 
> short time. I think that is way too many for text files. I think I 
> should keep the text files only for debug purposes, I think it would
> un-workable to have it read in a million IP addresses from a text file

> on startup to do the blocking.
> Features:
>     - external editable text configuration file;
>     - whitelists by an IP address (CIDR notation)
>     - blocks servers that have previously sent Spam
>     - fast in-memory cache of blacklisted servers
>     - cache entries time-out after an hour so if they have been
> from
>       the database they will go away. If milter-spamtrap receives 
> another Spam
>       from the same server, it will find it in the database and place
> in the
>       cache for another hour (only works with MySQL database support)
>     - optional MySQL database of blacklisted servers
>     - optional saving of Spam headers and/or body to show what caused
> the
>       offending server to be placed on the blacklist
>     - optional cron job to convert database entries to a BIND DNSBL
> file
>       so you can share your blacklist with others
>     - ability to mark an IP address as 'inactive' but not lose the
> listing
>       so that a history can be maintained (only available when logging
> to a
>       MySQL database)
>     - ability to have one or more individual email addresses defined
> honeypots
>     - ability to have one or more whole domains defined as honeypots
>     - optional extensive debug logging
MailScanner mailing list
mailscanner at

Before posting, read

Support MailScanner development - buy the book off the website! 

More information about the MailScanner mailing list