Updated June 16, 1998
If you have a version before the current version number or more than a month older than this date, please update. If you are running in COMPLAIN mode, you should update weekly.
Please also read "What's New" for new version information. New users should run with SPAMREPLY and BLOCKREPLY set to SILENT for a week or so until they are sure the program is installed correctly and isn't catching legitimate email. Beta version users should check the Beta Version comments at the top of the Spam Bouncer program file when installing a new beta version.
Copyright (C) 1996-1998 by Catherine A. Hampton. If you abide by the Free Software Foundation's COPYING principles with this document and the spam software and forms, you're home free, but don't try to copyright it yourself or sell this information.
6/16/98 |
With help from some of you, I finally tracked down a problem a few users were having with the new "legitlists" filter. I THINK it is fixed now. :/ There have been a bunch of "housekeeping" edits to the Spam Bouncer, including an update to the Linkus filter, since they were finally disconnected by Netcom after a court threw out their lawsuit against Netcom. :) | |
|---|---|---|
6/08/98 |
Two bugs fixed, one minor, one major. The major one was a bug in the new "legitlists" filter, which caused filtered mail to get headers filed in the BULKFOLDER and message bodies wherever they happened to fall. I apologize -- a pesky flag got put in that shouldn't have been. It is fixed. The minor one was an unneeded local lock file, which produced "extraneous local lockfile" error messages in the log. Those messages don't mean anything important, but errors like this are annoying, so I fixed it. :) | |
6/05/98 |
There's a new feature -- a new configuration file called "legitlists", which contains the names of legitimate email lists. Email from these lists is put into the BULKFOLDER and not filtered further. This file is fully configurable -- you just add the email addresses of any legitimate opt-in mailing lists you are on. :) The Spam Bouncer has been modified to skip Pattern Matching filtering only (not domain filtering or any header-based filtering) for email messages of over 30K in length. This is because Procmail's scoring technique, when combined with a full body text search of email, is much more processor intensive than other forms of filtering. (That means -- it hogs the computer and slows it down for everyone else.) When you have lots of Spam Bouncer users on one server (as happens at my ISP), when a LARGE email (spam or not) hits, it can cause trouble. Lots of new spam sites and refinements to old ones have been added, as well. :) | |
5/20/98 |
Added a whole bunch of new spam sites, updated other spam sites, and did the usual boring maintenance that keeps this filter one step ahead of at least most of the spammers. | |
5/12/98 |
Fixed a bug on some systems which caused the Pattern Matching filter to fail. Upgrade if Pattern Matching is catching things it shouldn't. :) | |
5/11/98 |
Version 1.00h has now been released! This version contains a number of new features:
Headers in the new version will look a bit different. The first header the Spam Bouncer will add is still an X-Spambouncer: header with the version number and release date of the version you are using. The Spam Bouncer will then add an X-SBRule: header for each recipe/rule which an email matches. (Not all of these rules indicate that the message is spam or probable spam.) Finally, the Spam Bouncer will add an X-SBClass: header which classifies the email based on its analysis. Those classifications are "OK", for personal email which did not trigger any filters indicating it was spam, "Bulk" for legitimate bulk email, "Admin" for legitimate postmaster and other administrative email, "Blocked" for probable spam, and "Spam" for email which the Spam Bouncer is certain is spam. None of these changes should require you to change your own Procmail scripts to sort this email, though. The current beta version is identical to the production version til I recover. :) | |
5/05/98 |
This version includes updates to several major spam sites, including David Schulhof (who is definitely still spamming, and who now has new IP blocks from AGIS and @HOME in addition to his Sprint netblocks), and various other "housekeeping" modifications. The beta version's special features still have not changed from 4/26. :) | |
4/28/98 |
I finished up adding all the new search strings and recipes needed to clear out the backlog in the "Updates" folder. This means that there are a couple more new spam site recipes, and a bunch of edits and improvements to the recipes which catch stuff sent by spam mail programs and through certain frequently-abused relays. The beta version's special features have not changed from 4/26. :) | |
4/27/98 |
I added recipes for several new spam domains, and also refined the Pattern Matching filter and added recipes to catch email from commonly-used insecure mail relays and large domains which spammers send forged spam from. (Compuserve and MSN, in particular.) I didn't mess with the beta version -- just updated it like the production version. The changes listed below seemed to be enough for now... ;> | |
4/26/98 |
I cleaned out a huge number of old spam recipes in both the production and beta versions, which has resulted in both shrinking by about 70K in size. :) I've also updated several recipes, most notably the recipe for Dana Jones, the "Golf Ball" spammer, and Harris Marketing. (Harris Marketing is spamming through their new netblock with Sprint.) :( I have also restructured the program to autocomplain only about known spam sites which are repeatedly spamming. It is too much work to keep up with where the small fry are (spammers move around a lot, not surprisingly), and so it seemed best to focus on the repeat spammers. Spam from small fry is still filtered out, and bounce messages are still sent, but the Spam Bouncer will not try to autocomplain about it. Per a suggestion by one of the system administrators at my ISP, Best Internet, I am recommending that people start using their NOBOUNCE files as a "whitelist", and list the addresses of everyone they regularly get email from in NOBOUNCE, regardless of whether their mail would get bounced or not. The reason is that, by doing this, you significantly reduce the amount of processing needed for this email. That both speeds up email delivery, and reduces load on your server. Since the Spam Bouncer is a complex program and puts significant load on servers (especially servers which are already overloaded), this is a good way to be a "good citizen" and benefit yourself as well. DO NOT, however, put your own email address in the NOBOUNCE file, since a significant number of spammers (especially porno spammers) have started using mail-merge programs which merge your own email address into the From: lines of their spam. The big news, however, is with the new beta version. The beta version has been updated as follows:
I've been running the Beta version for about a week on two of my own accounts, and have killed every bug I've been able to find, but as usual, please keep a close eye on things if you are using the beta version, and email bug reports to <spamtrap@ariel.vip.best.com>. :) |
The Spam Bouncer is a set of procmail recipes, or email filters, which search for email which meets one or more of the following conditions:
The Spam Bouncer sorts suspected spam into two categories -- mail from known spam sources which is definitely spam, and other mail which is probably spam, but might also be legitimate. It then tags this email with appropriate headers giving the spam classification, and responds according to the parameters you have set.
Depending on how you set it up, it will:
If you get mail from friends who have accounts at a site listed in the filter, you can put their names and email addresses in a text file and set the NOBOUNCE variable to point to it. If you want to receive mail from a site I have listed as a spam site, you can add the entire site name to the nobounce file. The Spam Bouncer will check this file before filtering your email and will skip any email from a person or site listed in the nobounce file.
The Spam Bouncer itself must run on a Unix server which has Procmail installed, so only users who have access to a Unix shell account with Procmail installed can use it. This means that AOL users, Netcom Netcruiser/Netcomplete users, and others who have only PPP accounts will have to find some other means of filtering spam. Sorry!
It is possible, however, for people who use Eudora, Pegasus Mail, and other POP clients to use the Spam Bouncer on their Unix shell accounts to filter their mail, and then use their favorite POP mail client to retrieve their filtered mail from the server. If their POP client programs can filter mail by headers, they can filter and delete known spam and probable spam directly into appropriate folders via the Spam Bouncer's headers.
This means that anyone running any kind of computer, operating system, and software can use the Spam Bouncer, provided they have and use a Unix shell account, and (if they want to use a POP mail program) have software capable of filtering their mail based on user-configurable headers.
If you are totally confused by now, PLEASE find a friend who understands what this means before you try to install the Spam Bouncer. While I have made this as user-friendly as I could, using the Spam Bouncer requires a certain level of knowledge about computers and the internet. It is not for computer or internet novices.
Because someone who evidently likes the Spam Bouncer listed it for me in Yahoo and other search engines <wry grin>, I need to include the following disclaimers and warnings.
First, this is free software. No warranty is provided or implied -- users use the Spam Bouncer at their own risk.
I wrote the Spam Bouncer originally to filter my own mail, when spam started drowning out the real mail. I originally posted these filters to my web site so that users at my ISP, Best Internet, and a few other experienced users could help me test them. I recommend that Procmail neophytes get help from an experienced Procmail user on their system to install the Spam Bouncer, and run it in default "Silent Mode" until they are more confident of their skills.
The Spam Bouncer was developed on a Pentium-based server running FreeBSD, and running Procmail 3.11pre7. That's a beta version of Procmail. The latest production version is 3.10, and that is what is running at many sites. Several users have successfully run the Spam Bouncer with Procmail 3.10 on various systems, but there is no guarantee it will work. Please be careful, and keep a close eye on your account for a few hours after installing to be sure it works properly.
In addition to the Pentium-based FreeBSD system where I develop the Spam Bouncer, I have tested the earlier versions of it on SGI systems running Irix 5.3 and 6.2, and it worked properly. I have not tested any version since 0.95a beta on Irix, or any version on any other system or under any other flavor of Unix. A number of users have reported running it successfully under SunOS, Solaris, Linux, and other versions of Unix, but it may not run on all such systems, or run properly "out of the box", without some changes.
To use these filters, you will need to have procmail installed on your system, and have set it up for your account. This does not mean you must read mail on your unix account -- if you have a shell account, these filters can be configured to filter mail and then deliver it to your POP mail box. If you don't know what kind of account you have, you probably shouldn't be using these filters until you learn something about Unix and shell accounts.
Since the way Procmail should be installed is different on
different systems, if you do not already have Procmail installed,
you will need to ask your system administrator or people on your
local internet service provider for help. Those who have never
used Procmail and want to get started with a simple Procmail
setup can jump to
Getting Started With Procmail,
a tutorial with clear instructions about what information you will need
to get from your system administrator to set up Procmail properly on your
account, and a basic .procmailrc configuration file which
should work well on most systems.
If you are an experienced Procmail user, please make sure that your
.procmailrc file is configured to filter out your mailing
lists before filtering for spam. The Spam Bouncer tries to identify
list mail and skip it, but some mailing lists do not use standard
list "Precedence:" headers or headers recognisable by Procmail as
coming from a daemon or list program. So please be sure you filter
out your lists first, especially if you are running with SPAMREPLY
set to BOUNCE or COMPLAIN!
In any event, you should always run in SILENT mode for a few days, until you are sure you have your mailing lists filtered out properly and that the filter is working properly on your account.
If you did not use procmail.rc from Getting Started With
Procmail, here's a recipe to filter out list mail and other mail from
automatic mailer programs, or mailer daemons, as they are usually
called on Unix machines. Put it in your .procmailrc
file before the INCLUDERC statement that calls the
Spam Bouncer.
# Filter out Mailing List Mail
:0:
* ^TO(listmom-talk@skylist.com|\
orthodoxy@lists.best.com|\
procmail@Informatik.RWTH-Aachen.DE)
$BULKFOLDER
You should substitute all mailing list addresses for mailing lists you receive for the list I gave -- you and I don't read mail from the same lists, at least as far as I know! :)
After you have installed Procmail for your system, you can install the Spam Bouncer. You will need to download the Spam Bouncer program files to your Unix account first. You can do this one of two ways -- by downloading them from the links below to your personal computer, or by ftp'ing them. The advantage to ftp is that it ensures that the file format will be right. Often, when you retrieve a text file using a WWW browser and then save it to your hard disk, the browser reformats the file. This type of reformatting can break Procmail configuration files like the Spam Bouncer.
Lynx users should note that lynx reformats text files when downloading them via a normal link access command, which will break the Spam Bouncer and most other Procmail scripts. If you're a lynx user, please remember to use the "D" command to download the Spam Bouncer files instead of just accessing the link, or (even better) ftp the files from the links in the FTP column instead of trying to retrieve them from the http:// links in the WWW/HTTP column.
| Via FTP | Via WWW/HTTP | |
|---|---|---|
To ftp the Spam Bouncer, you must do this:
Here are FTP download URLs for the convenience of Lynx users or users of other browsers who are having trouble with file corruption when downloading the Spam Bouncer from the http: urls to the right. Please use these only if the other links don't work.
|
|
To download the Spam Bouncer via your WWW browser, select one of the links below -- the first if downloading to your PC and the second if to a Unix workstation or your shell account.
If you are updating a current copy of the Spam Bouncer, you can download individual files below.
|
Now, if you saved the Spam Bouncer files on your local PC, you will need to ftp or upload them to your unix shell account. They should be put in their own directory.
To unarchive the ZIP format archive, type "unzip spambnc.zip"
and press <Enter>. (Your Unix machine may respond with an "unzip: command
not found" error message. If it does, you may not have the Unix program unzip,
and should retrieve the tar.Z archive.)
To unarchive the tar.Z file, type
"uncompress spambnc.tar.Z", press <Enter>, and then
type "tar -xvf spambnc.tar" and press <Enter>
to extract the individual files.
The first three files in the Spam Bouncer distribution,
sb.rc, sb-old.rc and sb-new.rc,
contain alternate versions of the actual Procmail scripts for the
Spam Bouncer. The first version is the current production
version of the Spam Bouncer, the second is the previous production
release of the Spam Bouncer, and the third is the current
somewhat stable beta version. Inexperienced users or users
who don't want problems should not use the beta version, and
all beta version users need to follow any warnings/instructions
listed among the comments at the top of the Beta Version
script file.
The "freemail" file contains a sample text file which you may install and then set your FREEMAIL variable to point to. You do not need to install this file unless you want to customize the list of free email sites -- the Spam Bouncer will use its own internal list if it can't find the text file.
The "legitlists" file contains a text file with the names of legitimate email lists (the opt-in variety), which you may modify to make sure your mailing lists aren't getting trapped by the Spam Bouncer. Just put each mailing list address on a separate line, just as you would with the NOBOUNCE file.
The other three files contain standardized
autoresponder messages for the program. You may customize
these to your taste. I do recommend that you leave the
references to sb@ariel.vip.best.com in any edited version of
the file spam, though, so that people know how to
contact me if their mail is getting bounced because of a problem
with the filter itself, or how it is installed. That way, I
can contact you (hopefully), and prevent further damage.
If you customize the autoresponder messages, you probably want to keep them reasonably polite. There's no point flaming some poor innocent bystander because you're p*ssed at Connectup, Emaildirect.net, or some spamming fool with a throwaway account. :)
The best way to use the Spam Bouncer is to save the files in a location to which everyone on your system has read access. If you aren't sure how to do this, ask you system administrator or an experienced user on your system. If you install the filter this way, a user can create a symbolic link to the shared Spam Bouncer directory in his home directory. This means you or one person can keep the filter up to date for everyone, sparing a lot of people a lot of extra work.
If a particular user wants to modify the filter, he can simply create a private directory, copy the necessary files to it, and make whatever changes he wants. If he does the last, of course, he is responsible for updating his copy of the filter manually.
After setting up the Spam Bouncer directory, you should set or modify the following variables in your .procmailrc file:
DEFAULT={NO DEFAULT}
FORMAIL={NO DEFAULT}
SBDIR={NO DEFAULT}
ADMINFOLDER=$DEFAULT
ALTFROM=$LOGNAME@$HOST
BLOCKFOLDER=$DEFAULT
BLOCKREPLY=SILENT
BULKFOLDER=$DEFAULT
BYPASSWD=syzygy
FREEMAIL=INTERNAL
GLOBALNOBOUNCE=NONE
NOBOUNCE=$HOME/nobounce
NOLOOP=$ALTFROM
PATTERNMATCHING=SILENT
RM=rm
SENDMAIL=/usr/sbin/sendmail
SPAMREPLY=SILENT
SPAMFOLDER=$DEFAULT
The variables are shown with the default values which the Spam Bouncer will assign if they are not already set in your .procmailrc file. These defaults will prevent problems, but also will cause the Spam Bouncer not to do very much. So you want to set the correct variables for your system and account.
Please note that those variables in red have no defaults and MUST BE SET or the Spam Bouncer will simply pass all your mail on to you unfiltered!
Here's what each variable is for:
SILENT, which simply files the mail in
the BLOCKFOLDER, and NOTIFY, which sends a
notice and copy of his email back to the sender with instructions on
how to bypass the Spam Blocker if his email is not spam.freemail file,
a text file of domains offering free email accounts commonly used or
forged by spammers. The domains should be listed singly, with one
appearing on each text line, and with no blank lines in the file. Be
sure you do not create an empty FREEMAIL file, either.nobounce file,
a text file of email addresses and domains whose email you want the Spam
Bouncer to skip filtering and deliver directly to you. Set this to point
to the directory and filename where you keep that file. I name mine
"nobounce" and keep it in my home directory, and this is where the
Spam Bouncer looks if you don't set this variable. goodguy@spamsite.com
niceguy@roguesite.net
NONE, which skips pattern matching entirely;
SILENT, which simply files the mail in
the BLOCKFOLDER; and NOTIFY, which sends a
notice to the sender that his email was blocked, and explains how
to bypass spam filtering if his email was legitimate.rm program -- the program which deletes
files. You need to set this only if rm is not in your path (the
list of directories which your system will search for a program)
or if you have an alias set up for rm on your account. If you aren't
having trouble with the Spam Bouncer leaving temporary files on your
system, you can leave this alone./usr/sbin/sendmail, which will work on some systems, but
not all. On almost all systems which use sendmail, however, this variable
is set correctly as a global default by the system administrators. It
does not hurt to check and be sure, though. If SENDMAIL is not set
correctly, the Spam Bouncer will be unable to send any autoreplies.SILENT, which simply files the mail in
the SPAMFOLDER; BOUNCE, which sends a
simulated MAILER-DAEMON bounce message to the spammer in hopes that
he will think your address is no good and remove it from his list; COMPLAIN, which sends a
complaint and copy of the spam to the spammer's postmaster, and in
most cases also the upstream ISPs; and BOTH,
which (not surprisingly) both sends a bounce and complains.After setting the variables in your .procmailrc, add this line to your .procmailrc file at the point where you want to filter your mail for spam:
INCLUDERC=$SBDIR/sb.rc
This line should appear after recipes for mail you don't
want to filter for spam and before recipes for mail
you do want to filter for spam. Users of procmail.rc
will have the correct lines in the correct location already, and will
just need to uncomment whichever one they want to use.
Users who get their mail using Eudora, Pegasus Mail, or another POP mail client which can filter mail by headers will need to set up their filters to look for the following headings:
You can find out about available upgrades one of two ways -- by checking this page, and by subscribing to the Spam Bouncer Upgrades mailing list. This list is a low-volume, announcements-only list, so it won't overburden your incoming email box. :) (The list averages about three messages a week.) Contact me at <ariel@tempest.boxmail.com> for information on how to subscribe.
Upgrading is easy. You just check the "What's New" notice to see if there are any new variables you should set or features you should be aware of, and then ftp the new version (or grab it with your WWW browser) and copy it over the old version. That's all there is to it.
The Spam Bouncer should be upgraded regularly -- weekly if you are using it with SPAMREPLY set to COMPLAIN and monthly otherwise. There are several reasons for this.
First, spammers move around a lot. Prolific spammers tend to get disconnected quite a bit, even by spam-friendly providers, because they cause their providers so much trouble. This means that the complaint addresses in the Spam Bouncer's complaint lists must be updated constantly or complaints will go to the wrong place. I do my part by updating the addresses, but that helps only if you do yours by keeping your copy of the Spam Bouncer up to date.
Providers get annoyed when they get complaints about a problem they've already fixed, or at least done everything they can to fix. Once they've kicked a spammer off their system, there is very little else they can do, and sending complaints to them just wastes their time and resources.
So, if you can't upgrade frequently or don't want to bother updating all the time, please set SPAMREPLY and BLOCKREPLY to SILENT. That way you'll still get the benefits of the filter, but you won't risk causing trouble for an ISP that has already kicked its spammers off.
Second, today's rogue ISP may be tomorrow's good guys. An example of that is erols.com, which a year ago was the source of a huge amount of spam and which today is one of the leaders in the fight against it. (Erols also has one of the most entertaining "abuse@" people in the business -- Afterburner.) I regularly review the sites on the blocked list and retire those who have adopted and enforced solid no-spamming policies. That reduces the size of the filter and the resources it takes while keeping it as efficient as possible.
So, please keep up to date! :)
If you are having trouble with the Spam Bouncer, first please make sure you:
The Spam Bouncer is set up to avoid replying to bounced messages and autoreplies to its own bounces, but some spammers set their adminstrative accounts to autoreply to spam complaints and misconfigure their autoresponders to remove the "X-Loop" header, which should NEVER be removed by any autoreply script. In general, it is not a good idea to autoreply to mail from administrative accounts at all, so the Spam Bouncer is set up to filter it out first.
Unfortunately, there are some spammers who spam from root accounts and admin accounts. If you get this type of spam, please notify me at <spamtrap@ariel.vip.best.com> so that I can warn people and modify the Spam Bouncer to catch these guys appropriately.
Report any problems to the author at ariel@tempest.boxmail.com.
First, I would like to thank Stephen van den Berg, the creator of procmail, for his wonderful tool. It is truly the friend of those who hate email spam and want it out of their lives. (It is also the friend of anyone who gets a lot of email.)
I would also like to thank the readers of the Procmail Mailing List for answering lots of often elementary questions, especially at the beginning, as I learned the program. I highly recommend the list for people who use the Spam Bouncer. You can subscribe at procmail-request@Informatik.RWTH-Aachen.DE.
These filters are the result of a couple of years of work and learning about Procmail. I hope the results will be as useful to others as they have been to me.
Getting Started with Procmail | Home Page | Send me email
©1996-1998 by Catherine A. Hampton <ariel@tempest.boxmail.com>. All rights reserved.