Alpha of Milter-Spamtrap

Dennis Willson taz at taz-mania.com
Sun Dec 3 07:50:23 GMT 2006 

Probably should take this discussion off the MailScanner mailing list... 
This project is on sourceforge and has its own mailing list.
The project can be found at www.sourceforge.net/projects/milter-spamtrap 
if you want to join the mailing list. I don't want to over-extend 
Julian's tolerance for some off-topic discussions.

As far as marking.... You could turn off the rejection in the milter 
itself and only have it collect the IP addresses and have it build the 
DNSBL zone file for BIND then use that DNSBL in MailScanner and have it 
mark the Spam from sources detected by the SpamTrap.

I could also make an addition, I could write a MailScanner custom 
function that directly accesses the Milter-Spamtrap database directly to 
have immediate use of the blacklisted IP addresses found by 
Milter-Spamtrap. I'll add that to my to-do list. I am also considering 
making an add-on to Mailwatch that will allow maintenance of the 
Milter-Spamtrap configuration and IP database. 

Ken A wrote:
> Dennis Willson wrote:
>> It doesn't matter what domain it comes from, The blacklist is made up 
>> of the IP address of the sending mail server (which cannot be spoofed 
>> for a full TCP conversion needed to send mail) so the email would 
>> have to really come from their mail servers. Spoofing the from 
>> address is not an issue. If a machine sends an email to one of the 
>> honeypot addresses then the IP address is recorded of the sender. The 
>> sender would have to have and send to one of the honeypot addresses, 
>> so you should not give out the honeypot address to real people.
>> In addition, you can whitelist IP addresses or address ranges in CIDR 
>> format so even if they send to a honeypot email address they won't be 
>> blacklisted.
>>
>> To get the honeypot addresses distributed you can:
>> Post useless posts to a usenet group using the honeypot email addresses
>> Put the email address on a webpage in such a way as normal people 
>> viewing the page can't read it, but a Spam bots can
>> Find some emails that have a "remove" form and give the honeypot 
>> email address to be removed (even though it isn't subscribed)
>> And there are others ways as well
>>
>>
>>
>> Damian Mendoza wrote:
>>> Hi,
>>>
>>> Sounds like a great approach, but how do you prevent aol, hotmail,
>>> geocities, yahoo mail, etc from getting into the backlist as spam 
>>> sender
>>> as spam appears to come from these domains.
>>>
>>>
>>> Thanks,
>>>
>>> Damian
>>>
>>> -----Original Message-----
>>> From: mailscanner-bounces at lists.mailscanner.info
>>> [mailto:mailscanner-bounces at lists.mailscanner.info] On Behalf Of Dennis
>>> Willson
>>> Sent: Thursday, November 30, 2006 10:50 PM
>>> To: mailscanner at lists.mailscanner.info; spamtools at lists.abuse.net
>>> Subject: OT: Alpha of Milter-Spamtrap
>>>
>>> I put an alpha version of milter-spamtrap up on sourceforge.
>>> http://sourceforge.net/projects/milter-spamtrap
>>>
>>> I will do more testing this weekend and upload a new version. If 
>>> anyone wants to download it and look it over that would be great.
>>> I am also looking for some input on something. Originally, I had 
>>> thought
>>>
>>> you would have a choice as to only save the IP addresses in a file 
>>> or use the MySQL database or both. However, when I think back to 
>>> when I did
>>>
>>> my dedicated spamtrap I hit about 1 million entries in a relatively 
>>> short time. I think that is way too many for text files. I think I 
>>> should keep the text files only for debug purposes, I think it would 
>>> be un-workable to have it read in a million IP addresses from a text 
>>> file on startup to do the blocking.
>>>
>>> Features:
>>>     - external editable text configuration file;
>>>     - whitelists by an IP address (CIDR notation)
>>>     - blocks servers that have previously sent Spam
>
> Is there an option to tag instead of refuse mail? In keeping with 
> MailScanner and SA's architecture, it might be more O.T. if it did :-)
> Ken A
> Pacific.Net
>
>
>>>     - fast in-memory cache of blacklisted servers
>>>     - cache entries time-out after an hour so if they have been removed
>>> from
>>>       the database they will go away. If milter-spamtrap receives 
>>> another Spam
>>>       from the same server, it will find it in the database and 
>>> place it
>>>
>>> in the
>>>       cache for another hour (only works with MySQL database support)
>>>     - optional MySQL database of blacklisted servers
>>>     - optional saving of Spam headers and/or body to show what caused
>>> the
>>>       offending server to be placed on the blacklist
>>>     - optional cron job to convert database entries to a BIND DNSBL 
>>> zone
>>>
>>> file
>>>       so you can share your blacklist with others
>>>     - ability to mark an IP address as 'inactive' but not lose the
>>> listing
>>>       so that a history can be maintained (only available when logging
>>> to a
>>>       MySQL database)
>>>     - ability to have one or more individual email addresses defined 
>>> as honeypots
>>>     - ability to have one or more whole domains defined as honeypots
>>>     - optional extensive debug logging
>>>
>>>   
>

More information about the MailScanner mailing list