........................................................... PREFACE for spammerjammer 1.2 Several people on USENET have complained because "spammers" (obnoxious twits) have begun to use our nice quiet and useful e-mail to USENET netnews gateway. Rather than shut down for the sake of a few bad apples I wrote this "twit filter" to insert between mail and news to filter out e-mail from known spammers from being forwarded into USENET newsgroups. Obviously this software cannot prevent the spammer from posting under future aliases (ie. if they change ISPs or just forge e-mail return addresses). But if you can find a few "signature" lines in each "spam" that always occur you can filter out based on those spam signatures in addition quite effectively. The alpha software is available as a gzipped tar file via URLs: ftp://ftp.cs.yale.edu/pub/long/src/network/security/spammerjammer-1.2.tar.gz http://www.cs.yale.edu/pub/long/src/network/security/spammerjammer-1.2.tar.gz ........................................................... README for spammerjammer 1.2 spammerjammer is a "SPAM" mail blocker implemented as a "pipe filter" usually run from the sendmail "aliases" file as part of a "pipeline" just before e-mail messages are to be piped into and processed by a program. The most likely scenario is that spammerjammer will be the pipe component just before the mail2news gateway program. spammerjammer filters out what it considers to be "SPAM" email from reaching the next program in a pipeline by using a "killfile" list -- this is a stop list of lines to try to match in piped in messages. The "killfile" is a text file (usually /usr/local/lib/news/killfile) which consists of complete lines (which may be lines found in the header or body of SPAM messages) to match. A sample killfile might look like: From: twit@nit.wit.com From: Sender: idiot@spammers.com Sender: Subject: Make $$$ Fast NNTP-Posting-Host: 192.168.255.10 spammerjammer would match and filter out a message based on any of the above three lines. It downcases (just for comparision) and compresses white space in both the killfile lines and the lines in the message being scanned. Note that if you are using spammerjammer in the aliases file as a pipe filter in front of mail2news that sometimes the From: and Sender: headers go into spammerjammer looking different than how they appear when posted (apparently mail2news or inews is stripping the angle braces) -- so I put in both forms of e-mail address (as it appears in the posting and with angle braces around it) in order to match. spammerjammer 1.2 is alpha code. No guaruntees or liability assumed. It has only been tested under SunOS 4.1.* and Solaris 2.*. Send bug reports to me ( Morrow.Long@Yale.EDU ). Let me know what you think... spammerjammer can be installed anywhere in the filesystem, though the directory /usr/local/etc/ is suggested. If you install the file containing the list of to kill messages on as a file named anything other than /usr/local/lib/news/killfile you need to set DGLOBAL_KILLFILE to the filename. Here are the defaults you may want to change: #define DGLOBAL_KILLFILE "/usr/local/lib/news/killfile" Examples: To compile : cc -DGLOBAL_KILLFILE=\"/etc/killfile\" \ -o spammerjammer spammerjammer.c TODO for the future: * Needs documentation! * Check return codes from all library and system calls! * Run lint on it! * If the "killfile" file becomes very long it would probably be useful to speed up matching by creating a dbm hash table file for quick lookup. * Add more logging, bouncebacks to senders. - H. Morrow Long Morrow.Long@Yale.EDU Wed May 1 15:04:02 EDT 1996 1.1 Tue Jul 9 13:57:34 EDT 1996 1.2 ...........................................................