Bill -
Thanks for the excellent run-down on this.
One thing, though. It seems to me as a Java programmer that I could put
together a mailet that contained much more sophisticated analysis than just
a reverse-dns lookup. If I were to write a mailet that could reliably
figure out spam based on more than just the sending host then it seems like
there should be a way to allow replication of this knowledge to other
instances of James as well.
Not that I have time to develop this, but it seems like an opportunity to
develop something more robust then rbl. If you can get the open source
community to work on developing/improving the mailets that analyze incoming
messages, then who knows where it may lead...
I'm thinking in general here. If there were a Java interface that people
could write to and a way to plug these things (maybe call them 'business
rules' or 'spam rules') into James, I'd bet you'd find a lot of people
sharing code and ideas. They could be called 'real-time blackout rules'
(rbr) instead. Instead of pulling back lists of hosts you could pull back
encoded business rules (or even just class files).
If this seems crazy, then don't mind me - it's late and my mind is going
weird places. :)
thanks again,
K.
bill parducci To: James Users List <[EMAIL
PROTECTED]>
<[EMAIL PROTECTED]> cc: (bcc: Kevin
Bedell/Systems/USHO/SunLife)
02/24/2003 11:02 PM Subject: Re: Spam Honeypot
Please respond to "James
Users List"
blacklisting. per james' config.xml:
<mailet match="InSpammerBlacklist=blackholes.mail-abuse.org" class
="ToProcessor">
<processor> spam </processor>
<notice> Rejected - see http://www.mail-abuse.org/rbl/ </notice>
</mailet>
<mailet match="InSpammerBlacklist=dialups.mail-abuse.org" class
="ToProcessor">
<processor> spam </processor>
<notice> Dialup - see http://www.mail-abuse.org/dul/ </notice>
</mailet>
<mailet match="InSpammerBlacklist=relays.mail-abuse.org" class
="ToProcessor">
<processor> spam </processor>
<notice> Open spam relay - see http://www.mail-abuse.org/rss/ </notice>
</mailet>
basically what happens is when a note comes into [james in this case] the
ip address of the sender is stuck in a 'reverse' dns query and sent to the
sites configured above. if a name match comes back, the requested site
considers the address to be that of a spammer. james then dumps the message
and tells the user that they have been rejected as a result of being a
'known spammer' and being told he makes the claim. (since i don't use this
feature on james currently, i assume that the way james handles this is via
a returned note--sendmail issues a reject at the smtp level)
overall it is pretty darn clever as it gets around all sorts of ugly
authentication and database query issues by using a well known query
mechanism. there are many rbl sites that can be queried, some free, some
fee based. they range from simple open relay testers to sites that perform
some pretty aggessive testing to sites that do some really dumb (in my
opinion) automated tests.
b
p.s. i sense a FAQ request coming on... :o)
[EMAIL PROTECTED] wrote:
>
> whole rbl thing?
>
>
>
>
>
>
> bill parducci To: James Users List
<[EMAIL PROTECTED]>
> <[EMAIL PROTECTED]> cc: (bcc: Kevin
Bedell/Systems/USHO/SunLife)
> 02/24/2003 10:38 PM Subject: Re: Spam
Honeypot
> Please respond to "James
> Users List"
>
>
>
>
>
>
> yep, which is kinda how the whole rbl thing works (via dns lookups)...
>
> b
>
> [EMAIL PROTECTED] wrote:
>
>>If it were possible to create addresses that were known to receive only
>>spam, then you could set up these servers in a bunch of domains and have
>>them all update a central database with info on they capture.
>>
>>Then you could build into James (or any server I guess) the ability to
>
> tap
>
>>this central database to dynamically update it's own spam filters.
>>
>>
>>
>>
>>
>>
>
>
>
>> "Tom Pridham" To:
>
> <[EMAIL PROTECTED]>
>
>> <[EMAIL PROTECTED]> cc: (bcc: Kevin
>
> Bedell/Systems/USHO/SunLife)
>
>> 02/23/2003 09:42 PM Subject: Spam Honeypot
>
>
>> Please respond to "James
>
>
>> Users List"
>
>
>
>
>>
>>
>>
>>Greetings All,
>>
>>As an avid JAMES user I have decided to take up a new battle....the war
>
> on
>
>>spam. So here is my plan, I have acquired the domain DeletedSpam.com and
>>plan on deploying a JAMES "Honeypot" server with the relay open. I will
>>track all statistics on how much spam I delete each day, where the spam
>>originated etc.
>>
>>Is there already code in a mailet somewhere to do the following:
>>--analyze an email marked as spam to pull out data elements (i.e. Subject
>>title, from address, and all of the "To" addresses
>>
>>I plan on making a one page website that displays in real-time all of the
>>relevant stats on the deleted spam.
>>
>>If anyone can direct me a starting point to create a plug-in for JAMES to
>>analyze the inbound emails prior to sending them to null, I would greatly
>>appreciate it.
>>
>>The reason for this crazy project is: I am the CIO of a legitimate email
>>marketing company and the spammers are really giving "email marketing" a
>>bad
>>name. Plus I want to have some fun sending spam to the bit bucket.
>>
>>Am I crazy? I welcome advice, suggestions etc.
>>
>>Thanks,
>>Tom Pridham
>>
>>
>>---------------------------------------------------------------------
>>To unsubscribe, e-mail: [EMAIL PROTECTED]
>>For additional commands, e-mail: [EMAIL PROTECTED]
>>
>>
>>
>>
>>
>>
>
>
---------------------------------------------------------------------------
>
>>This e-mail message (including attachments, if any) is intended for the
>
> use
>
>>of the individual or entity to which it is addressed and may contain
>>information that is privileged, proprietary , confidential and exempt
>
> from
>
>>disclosure. If you are not the intended recipient, you are notified that
>>any dissemination, distribution or copying of this communication is
>>strictly prohibited. If you have received this communication in error,
>>please notify the sender and erase this e-mail message immediately.
>>
>
>
---------------------------------------------------------------------------
>
>>
>>
>>
>>---------------------------------------------------------------------
>>To unsubscribe, e-mail: [EMAIL PROTECTED]
>>For additional commands, e-mail: [EMAIL PROTECTED]
>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
>
>
>
>
>
>
---------------------------------------------------------------------------
> This e-mail message (including attachments, if any) is intended for the
use
> of the individual or entity to which it is addressed and may contain
> information that is privileged, proprietary , confidential and exempt
from
> disclosure. If you are not the intended recipient, you are notified that
> any dissemination, distribution or copying of this communication is
> strictly prohibited. If you have received this communication in error,
> please notify the sender and erase this e-mail message immediately.
>
---------------------------------------------------------------------------
>
>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
---------------------------------------------------------------------------
This e-mail message (including attachments, if any) is intended for the use
of the individual or entity to which it is addressed and may contain
information that is privileged, proprietary , confidential and exempt from
disclosure. If you are not the intended recipient, you are notified that
any dissemination, distribution or copying of this communication is
strictly prohibited. If you have received this communication in error,
please notify the sender and erase this e-mail message immediately.
---------------------------------------------------------------------------
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
