War on SPAM Mail - page 1

February 5th 2002, updated February 12th 2002

Victoria Chan

UCE (Unsolicited Commercial Email). Everyone gets them, and it is very difficult to be rid of them. It is just like "middle age spread". We play a Cat & Mouse game, tightening up mail servers by disallowing known Open Relaying Mail Servers from transferring their Junk Mail Payload onto our mail servers.

Likewise, we get tonnes of Spam Mail from nameless individuals through their ISP. We cannot block the ISP's domain, but the now defunct @home network has approached the brink of Denial of Service, as it is a spammer's haven. There is no one minding the store @home. Spammers often exploit free email services provided by Yahoo, Excite, MSN and many more, by signing up new accounts to operate their Spam Mail game. To trap these individuals, we need to compile an updated list of known spammers. After a few weeks or months, these individuals will move on, opening up yet another new account. We need to stay one step ahead of them (or is it behind).

Stopping spam is best done at the Mail Server level, rather than at the mail client. Our mail server is qmail and uses tools such as ORBZ and SPAMCOP, to weed out the majority of spam. ORBZ keeps track of Open Relays, and SPAMCOP keeps track of known Spammers' Email server. This is not complete by any stretch. To trap out the remainder of Spam Mail, we use "badmailfrom" to trap known Spammers, by "spammer@domain.com" or the whole domain "@domain.com". I have compiled 34,176 records in badmailfrom to date, and counting. The bulk of the records comes from http://basic.wirehub.nl/spamlist.txt, which is updated live, by those nice folks in Netherlands. This is grabbed by my mail server, over a fairly slow link, using lynx and parsed through a tiny perl script, which strips out comments and illegal characters. These illegal characters could halt all SMTP traffic. This Perl script puts the @ in front of the domains; the way badmailform likes it, done in the wee hours of the morning. This parsed list is merged with a fairly static list from http://mail.ls.net/sender.php, and then merged with our own list. Our internal list is compiled from our "MAILER-DAEMON bounce-bounced" logs. We are also accepting submissions at spamcontrol@kendryl.net. Do not forward your spam. Just put spamcontrol in the Subject and put in either @domain.com or spammer@domain.com in the message body. You can send spamcontrol multiple entries, one entry per line, nothing else.

Now we are lurching towards 99.95%. We are posting our badmailfrom list to public domain, for anyone who wants to use our badmailfrom list. Just use the following Shell Script, called badmailfrom.cron:


cp /var/qmail/control/badmailfrom /var/qmail/control/badmailfrom.yesterday

/usr/local/bin/lynx -source http://www.kendryl.net/badmailfrom > /var/qmail/control/badmailfrom.tmp

mv /var/qmail/control/badmailfrom.tmp /var/qmail/control/badmailfrom

chmod a+rw /var/qmail/control/badmailfrom*

Use it at your own risk. There are no guarantees with it. Do not forget to chmod 744 the above script. You need lynx installed in your system, of course. No further formatting is needed, as this is our running copy. If you already have your own badmailfrom list, the above script will walk all over yours. I suggest making a backup of your old badmailfrom, and send it to spamcontrol@kendryl.net using the format above. Please do not send attachments

You will also need to cron a recurring job everyday between the hours of 0215hrs and 0600hrs PDT/PST. This will ensure that you get the freshest copy. I have seen potential problems with badmailfrom. All SMTP traffic will halt if there is a comment or a singular @ burried within it. If this happens, try editing badmailfrom (if you can find it). If you cannot, try deleting it and go back to the previous days. This has happened to us a few time over the last few days, when we were tweaking our perl script. It is poetic justice when web-bots harvest all those emails in our badmailfrom. Many thanks to Johan's qmail page for giving me this idea.

Die Spam Die! Spam Mail that is.

sniff . . . sniff . . . what do I smell from the kitchen? Yum! Fried Spam!



Next Page

To contact us:

Phone: +1(604)671-5123

Fax: +1(604)552-8573

Port Coquitlam, B.C.