Alpha of Milter-Spamtrap

Ken A ka at
Sun Dec 3 05:16:27 GMT 2006

Dennis Willson wrote:
> It doesn't matter what domain it comes from, The blacklist is made up of 
> the IP address of the sending mail server (which cannot be spoofed for a 
> full TCP conversion needed to send mail) so the email would have to 
> really come from their mail servers. Spoofing the from address is not an 
> issue. If a machine sends an email to one of the honeypot addresses then 
> the IP address is recorded of the sender. The sender would have to have 
> and send to one of the honeypot addresses, so you should not give out 
> the honeypot address to real people.
> In addition, you can whitelist IP addresses or address ranges in CIDR 
> format so even if they send to a honeypot email address they won't be 
> blacklisted.
> To get the honeypot addresses distributed you can:
> Post useless posts to a usenet group using the honeypot email addresses
> Put the email address on a webpage in such a way as normal people 
> viewing the page can't read it, but a Spam bots can
> Find some emails that have a "remove" form and give the honeypot email 
> address to be removed (even though it isn't subscribed)
> And there are others ways as well
> Damian Mendoza wrote:
>> Hi,
>> Sounds like a great approach, but how do you prevent aol, hotmail,
>> geocities, yahoo mail, etc from getting into the backlist as spam sender
>> as spam appears to come from these domains.
>> Thanks,
>> Damian
>> -----Original Message-----
>> From: mailscanner-bounces at
>> [mailto:mailscanner-bounces at] On Behalf Of Dennis
>> Willson
>> Sent: Thursday, November 30, 2006 10:50 PM
>> To: mailscanner at; spamtools at
>> Subject: OT: Alpha of Milter-Spamtrap
>> I put an alpha version of milter-spamtrap up on sourceforge.
>> I will do more testing this weekend and upload a new version. If 
>> anyone wants to download it and look it over that would be great.
>> I am also looking for some input on something. Originally, I had thought
>> you would have a choice as to only save the IP addresses in a file or 
>> use the MySQL database or both. However, when I think back to when I did
>> my dedicated spamtrap I hit about 1 million entries in a relatively 
>> short time. I think that is way too many for text files. I think I 
>> should keep the text files only for debug purposes, I think it would 
>> be un-workable to have it read in a million IP addresses from a text 
>> file on startup to do the blocking.
>> Features:
>>     - external editable text configuration file;
>>     - whitelists by an IP address (CIDR notation)
>>     - blocks servers that have previously sent Spam

Is there an option to tag instead of refuse mail? In keeping with 
MailScanner and SA's architecture, it might be more O.T. if it did :-)
Ken A

>>     - fast in-memory cache of blacklisted servers
>>     - cache entries time-out after an hour so if they have been removed
>> from
>>       the database they will go away. If milter-spamtrap receives 
>> another Spam
>>       from the same server, it will find it in the database and place it
>> in the
>>       cache for another hour (only works with MySQL database support)
>>     - optional MySQL database of blacklisted servers
>>     - optional saving of Spam headers and/or body to show what caused
>> the
>>       offending server to be placed on the blacklist
>>     - optional cron job to convert database entries to a BIND DNSBL zone
>> file
>>       so you can share your blacklist with others
>>     - ability to mark an IP address as 'inactive' but not lose the
>> listing
>>       so that a history can be maintained (only available when logging
>> to a
>>       MySQL database)
>>     - ability to have one or more individual email addresses defined 
>> as honeypots
>>     - ability to have one or more whole domains defined as honeypots
>>     - optional extensive debug logging

More information about the MailScanner mailing list