[Spambayes] Ann: A SpamBayes Teergruber (fights back against
spammers)
David McNab
david at rebirthing.co.nz
Sun Aug 17 15:45:00 EDT 2003
A couple of additional notes:
1) I haven't found a way to get hammiefilter.py to archive the messages
it filters (so that I can train spambayes via the web interface).
2) when forwarding non-spam messages to the mta, mtaproxy does not add
the spambayes headers
3) If you want to use the web interface for training, you need to run
the spambayes pop3server (with the smtp server settings empty, so as not
to run an smtp proxy). Then, you'll be able to train via the web
interface (which I find the most convenient).
4) Yes - I know - with this scheme, messages end up going through
spambayes twice - once through hammiefilter.py, and once via the pop3
proxy. But it gave me the fastest way to get things running easily.
Suggestions and ideas welcome.
Cheers
David
On Mon, 2003-08-18 at 02:33, David McNab wrote:
> Hi folks,
>
> I spent most of this fine Sunday hacking up a teergruber for SpamBayes.
>
> http://www.freenet.org.nz/python/mtaproxy
>
> Q. What's a 'teergrube'?
> A. A teergrube (german for 'tarpit') is a program which causes spammers'
> mail servers to grind to a virtual halt, by sending back incomplete SMTP
> response lines. If there are enough teergrubes around the world,
> spammers will go broke.
> see http://www.iks-jena.de/mitarb/lutz/usenet/teergrube.en.html
>
> my little script, mtaproxy.py, is intended to be launched in place of
> your usual MTA.
>
> mtaproxy.py is an SMTP server which listens on port 25, accepts incoming
> connections, talks SMTP to the MTA or MUA on the other end, receives the
> headers and data. It pipes the data through SpamBayes'
> 'hammiefilter.py', and extracts the 'X-Spambayes-Classification' header
> to see what SpamBayes thinks of it.
>
> If SpamBayes decides the message is spam, mtaproxy goes into a mode of
> drip-feeding SMTP responses back to the spammer's MTA. After a
> designated 'torture time' (set as a config option), mtaproxy finally
> sends back a 550 error code.
>
> Also, mtaproxy logs the complete spam message, prepended with headers
> containing the IP address of the spammer's MTA and the time of the
> incident (in GMT), plus the full message - which should be enough to
> support a complaint to the spammer's ISP should you so desire.
>
> On the other hand, if SpamBayes rules 'ham' or 'unsure', mtaproxy fires
> up your MTA in 'stdio mode' (ie, as if launched by inetd), and conducts
> an SMTP session to get the mail delivered normally.
>
> I've written mtaproxy to use Exim, since that's the MTA I use (debian).
> But if you use sendmail or another MTA, then you shouldn't have any
> trouble if you just configure mtaproxy with a command that launches your
> MTA in stdio-mode (ie receiving commands and sending responses via
> standard input and output streams, instead of via sockets).
>
> The script seems to be working fine for me - but I release it here with
> the usual alpha-code warnings - don't trust this until you've supervised
> it with console logging enabled.
>
> Enjoy!
>
>
> Cheers
> David
>
>
> _______________________________________________
> Spambayes mailing list
> Spambayes at python.org
> http://mail.python.org/mailman/listinfo/spambayes
--
Cheers
David
More information about the Spambayes
mailing list