Updated January 20, 2001
If you have a version before the current version number or more than a month older than this date, please update. If you are running in COMPLAIN mode, you should update weekly.
Please also read "What's New" for new version information. New users should run with SPAMREPLY and BLOCKREPLY set to SILENT for a week or so until they are sure the program is installed correctly and isn't catching legitimate email. Beta version users should check the Beta Version comments at the top of the Spam Bouncer program file when installing a new beta version.
Copyright (C) 1996-2001 by Catherine A. Hampton. If you abide by the Free Software Foundation's COPYING principles with this document and the spam software and forms, you're home free, but don't try to copyright it yourself or sell this information.
1/20/01 |
Various domains added to "Haven Domains" list, and an embarrassing Y2K+1 bug fixed. :> The "bug" in question had no effect on the operation of the Spam Bouncer, but it occasioned quite a bit of comment. Thanks for your patience. |
|
|---|---|---|
1/18/01 |
In addition to the usual housekeeping, the annoying and persistent Spam Phone # bug has been exterminated/squashed/exiled. Finally! Thanks for your patience. |
|
11/15/00 |
In addition to the usual housekeeping, I fixed two bugs. The first was an IP address belonging to messagereach.com, a longtime spam-for-hire outfit, erroneously assigned to the recipe for another spam-for-hire outfit, m0.net. If you operate the SpamBouncer in COMPLAIN mode, please update immediately! The second bug was with two phone numbers, which had unescaped parentheses in the recipe and caused an error message in your log. Other than voiding that recipe, no harm was done by this bug. Again, if you run in COMPLAIN mode, you need to update immediately. If you do not, I still recommend updating to get the benefits of updates. Thanks! |
|
11/02/00 |
Yet another bug fixed in the production version that caused it to abort after filtering only the known spam sites in some circumstances. Please upgrade -- this should fix your problems. :) |
|
10/29/00 |
A typo was fixed in the production version that caused a recipe to fail and give a number of error messages. It did not affect the beta version at all. |
|
10/28/00 |
In addition to the usual housekeeping updates, this release includes the following:
In addition, the beta version of the program underwent considerable rewriting and reorganiation. Instead of all filters being contained in one file, different filters and types of filter are now in separate files referenced by the main filter, sb-new.rc. If you use the beta version, you should download the entire TAR or ZIP file. If you can't easily process an archive, let me know and we'll work on getting the files to you individually and uncompressed. |
|
10/20/00 |
This release was entirely a housekeeping release, but a huge one with a ton of new material and a number of new spam sites added. Please update -- your inbox will appreciate it. :) Several of you have expressed interest in helping with development of the SpamBouncer to make it a more widely useful tool and easier to maintain. Please email me to remind me who you are (except Steve Sobol, who has reminded me frequently) :>. If you are an experienced Procmail user who understands the structure of the recipes in the SpamBouncer, a good PERL script writer, or are good at any programming or scripting language that makes extensive use of regular expressions, and would like to help, please contact me. |
|
9/01/00 |
Sorry about the delay updating. Life got busy. :) The current update was mostly housekeeping and bug fixes, but you will want to update because there were a lot of them. |
The Spam Bouncer is a set of procmail recipes, or instructions, which search the headers and text of your incoming email to see if it meets one or more of the following conditions:
The Spam Bouncer sorts suspected spam into two categories -- mail from known spam sources which is definitely spam, and other mail which is probably spam, but might also be legitimate. It then tags this email with appropriate headers giving the spam classification, and responds according to the parameters you have set.
Depending on how you set it up, it will:
If you get mail from friends who have accounts at a site listed in the filter, you can put their names and email addresses in a text file and set the NOBOUNCE variable to point to it. If you want to receive mail from a site I have listed as a spam site, you can add the entire site name to the NOBOUNCE file. The Spam Bouncer will check this file before filtering your email and will skip any email from a person or site listed in the NOBOUNCE file.
Please note that you can put entire domain names, not just email
addresses, in NOBOUNCE. For example, if you want to accept all
email from concentric.net without
checking for spam, just put concentric.net
in your NOBOUNCE file, with no username@
section. This will cause the Spam Bouncer to skip all email from
anyone at Concentric. (I do not recommend doing this except for
small domains which you =KNOW= will not be sources of spam, though.)
The Spam Bouncer itself must run on a Unix server which has Procmail installed, so only users who have access to a Unix shell account with Procmail installed can use it. This means that AOL users, Mindspring Internet users, Netcom Netcruiser/Netcomplete users, Compuserve users, and others who do not have a Unix shell account as part of their service will have to find some other means of filtering spam. Sorry!
It is possible, however, for people who use Eudora, Pegasus Mail, and other POP clients to use the Spam Bouncer on their Unix shell accounts to filter their email, and then use their favorite POP mail client to retrieve their filtered mail from the server. If their POP client programs can filter mail by headers, they can filter and delete known spam and probable spam directly into appropriate folders via the Spam Bouncer's headers.
This means that anyone running any kind of computer, operating system, and software can use the Spam Bouncer, provided they have and use a Unix shell account, and (if they want to use a POP mail program) have software capable of filtering their mail based on user-configurable headers.
If you are totally confused by now, PLEASE find a friend who understands what this means before you try to install the Spam Bouncer. While I have made this as user-friendly as I could, using the Spam Bouncer requires a certain level of knowledge about computers and the internet. It is not for computer or internet novices.
Because someone who evidently likes the Spam Bouncer listed it for me in Yahoo and other search engines <wry grin>, I need to include the following disclaimers and warnings.
First, this is free software. No warranty is provided or implied -- users use the Spam Bouncer at their own risk.
I wrote the Spam Bouncer originally to filter my own mail, when spam started drowning out the real mail. I originally posted these filters to my web site so that users at my old ISP, Best Internet, and a few other experienced users could help me test them. I recommend that Procmail neophytes get help from an experienced Procmail user on their system to install the Spam Bouncer, and run it in default "Silent Mode" until they are more confident of their skills.
The Spam Bouncer was developed on a Pentium-based server running FreeBSD, and running Procmail 3.11pre7. That's a beta version of Procmail. The latest production version is 3.10. Many users have successfully run the Spam Bouncer with Procmail 3.10 on various systems, and I know of no failures of the program because of incompatibilities with Procmail 3.10.
In addition to the Pentium-based FreeBSD system where I developed the Spam Bouncer originally, I tested the earlier versions of it on SGI systems running Irix 5.3 and 6.2, and am currently using it on a Pentium-based system running Linux 2.0.33. I know of no problems running on these systems. A number of users have also run the problem under various flavors of SunOS, Solaris, HPUX, and other versions of Unix with no trouble.
I have not personally tested any version of the Spam Bouncer since 0.95a beta (two years out of date now) on Irix, or any version on any system or under any other flavor of Unix except FreeBSD and Linux, however, and it may not run properly even on systems running these types of Unix if the configuration is somehow different from what I've tested on.
So please be careful, and keep a close eye on your account for a few days after installing to be sure it works properly.
To use these filters, you will need to have procmail installed on your system, and have set it up for your account. This does not mean you must read mail on your unix account -- if you have a shell account, these filters can be configured to filter mail and then deliver it to your POP mail box. If you don't know what kind of account you have, you probably shouldn't be using these filters until you learn something about Unix and shell accounts.
Since the way Procmail should be installed is different on
different systems, if you do not already have Procmail installed,
you will need to ask your system administrator or people on your
local internet service provider for help. Those who have never
used Procmail and want to get started with a simple Procmail
setup can jump to
Getting Started With Procmail,
a tutorial with clear instructions about what information you will need
to get from your system administrator to set up Procmail properly on your
account, and a basic .procmailrc configuration file which
should work well on most systems.
If you are an experienced Procmail user, please make sure that your
.procmailrc file is configured to filter out your mailing
lists before filtering for spam. The Spam Bouncer tries to identify
list mail and skip it, but some mailing lists do not use standard
list "Precedence:" headers or headers recognisable by Procmail as
coming from a daemon or list program. So please be sure you filter
out your lists first, especially if you are running with SPAMREPLY
set to BOUNCE or COMPLAIN!
In any event, you should always run in SILENT mode for a few days, until you are sure you have your mailing lists filtered out properly and that the filter is working properly on your account.
If you did not use procmail.rc from Getting Started With
Procmail, here's a recipe to filter out list mail and other mail from
automatic mailer programs, or mailer daemons, as they are usually
called on Unix machines. Put it in your .procmailrc
file before the INCLUDERC statement that calls the
Spam Bouncer.
# Filter out Mailing List Mail
:0:
* ^TO(listmom-talk@skylist.com|\
orthodoxy@lists.best.com|\
procmail@Informatik.RWTH-Aachen.DE)
$BULKFOLDER
You should substitute all mailing list addresses for mailing lists you receive for the list I gave -- you and I don't read mail from the same lists, at least as far as I know! :)
After you have installed Procmail for your system, you can install the Spam Bouncer. You will need to download the Spam Bouncer program files to your Unix account first. You can do this one of two ways -- by downloading them from the links below to your personal computer, or by ftp'ing them. The advantage to ftp is that it ensures that the file format will be right. Often, when you retrieve a text file using a WWW browser and then save it to your hard disk, the browser reformats the file. This type of reformatting can break Procmail configuration files like the Spam Bouncer.
Lynx users should note that lynx reformats text files when downloading them via a normal link access command, which will break the Spam Bouncer and most other Procmail scripts. If you're a lynx user, please remember to use the "D" command to download the Spam Bouncer files instead of just accessing the link, or (even better) ftp the files from the links in the FTP column instead of trying to retrieve them from the http:// links in the WWW/HTTP column.
| Via FTP | Via WWW/HTTP | |
|---|---|---|
To ftp the Spam Bouncer, you must do this:
Here are FTP download URLs for the convenience of Lynx users or users of other browsers who are having trouble with file corruption when downloading the Spam Bouncer from the http: urls to the right. Please use these only if the other links don't work.
|
|
To download the Spam Bouncer via your WWW browser, select one of the links below -- the first if downloading to your PC and the second if to a Unix workstation or your shell account.
If you are updating a current copy of the Spam Bouncer, you can download the update below.
|
Now, if you saved the Spam Bouncer files on your local PC, you will need to ftp or upload them to your unix shell account. They should be put in their own directory.
To unarchive the ZIP format archive, type "unzip spambnc.zip"
and press <Enter>. (Your Unix machine may respond with an "unzip: command
not found" error message. If it does, you may not have the Unix program unzip,
and should retrieve the tar.Z archive.)
To unarchive the tar.Z file, type
"uncompress spambnc.tar.Z", press <Enter>, and then
type "tar -xvf spambnc.tar" and press <Enter>
to extract the individual files.
The first three files in the Spam Bouncer distribution,
sb.rc, sb-old.rc and sb-new.rc,
contain alternate versions of the actual Procmail scripts for the
Spam Bouncer. The first version is the current production
version of the Spam Bouncer, the second is the previous production
release of the Spam Bouncer, and the third is the current
somewhat stable beta version. Inexperienced users or users
who don't want problems should not use the beta version, and
all beta version users need to follow any warnings/instructions
listed among the comments at the top of the Beta Version
script file.
The "freemail" file contains a sample text file which you may install and then set your FREEMAIL variable to point to. You do not need to install this file unless you want to customize the list of free email sites -- the Spam Bouncer will use its own internal list if it can't find the text file.
The "legitlists" file contains a text file with the names of legitimate email lists (the opt-in variety), which you may modify to make sure your mailing lists aren't getting trapped by the Spam Bouncer. Just put each mailing list address on a separate line, just as you would with the NOBOUNCE file.
The other three files contain standardized
autoresponder messages for the program. You may customize
these to your taste. I do recommend that you leave the
references to sb@ariel.vip.best.com in any edited version of
the file spam, though, so that people know how to
contact me if their mail is getting bounced because of a problem
with the filter itself, or how it is installed. That way, I
can contact you (hopefully), and prevent further damage.
If you customize the autoresponder messages, you probably want to keep them reasonably polite. There's no point flaming some poor innocent bystander because you're p*ssed at Connectup, Emaildirect.net, or some spamming fool with a throwaway account. :)
The best way to use the Spam Bouncer is to save the files in a location to which everyone on your system has read access. If you aren't sure how to do this, ask you system administrator or an experienced user on your system. If you install the filter this way, a user can create a symbolic link to the shared Spam Bouncer directory in his home directory. This means you or one person can keep the filter up to date for everyone, sparing a lot of people a lot of extra work.
If a particular user wants to modify the filter, he can simply create a private directory, copy the necessary files to it, and make whatever changes he wants. If he does the last, of course, he is responsible for updating his copy of the filter manually.
After setting up the Spam Bouncer directory, you should set or modify the following variables in your .procmailrc file:
DEFAULT={NO DEFAULT}
FORMAIL={NO DEFAULT}
SBDIR={NO DEFAULT}
ADMINFOLDER=${DEFAULT}
ALTFROM=${LOGNAME}@${HOST}
BLOCKFOLDER=${DEFAULT}
BLOCKREPLY=SILENT
BULKFOLDER=${DEFAULT}
BYPASSWD=syzygy
CHINESE=no
DATE=date
DEBUG=no
DULCHECK=no
FREEMAIL=INTERNAL
GARBLEDCHARSET=yes
GLOBALNOBOUNCE=NONE
GREP=fgrep
KOREAN=no
LEAN=yes
LEGITLISTS=NONE
MYEMAIL=$HOME/.myemail
NOBOUNCE=${HOME}/.nobounce
NOLOOP=${ALTFROM}
NSLOOKUP=nslookup
ORBSCHECK=no
PATTERNMATCHING=SILENT
RBLCHECK=yes
RM=rm
RSSCHECK=no
RM=rm
SENDMAIL=/usr/sbin/sendmail
SPAMREPLY=SILENT
SPAMFOLDER=${DEFAULT}
TEST=test
THISISP=${HOST}
TURKISH=no
The variables are shown with the default values which the Spam Bouncer
will assign if they are not already set in your .procmailrc file.
These defaults will prevent problems, but also will cause the Spam Bouncer not
to do very much. So you want to set the correct variables for your system
and account.
Please note that those variables in red have no defaults and MUST BE SET or the Spam Bouncer will simply pass all your mail on to you unfiltered!
Here's what each variable is for:
SILENT, which simply files the mail in
the BLOCKFOLDER, and NOTIFY, which sends a
notice and copy of his email back to the sender with instructions on
how to bypass the Spam Bouncer if his email is not spam.date program. This is set to "date"
by default, since date is usually in a directory which
is in your default system path. (The system path is a list of directories
your Unix shell searches when you tell it to run a program and don't tell
it specifically where to look.)date program and that should fix the problem.freemail file,
a text file of domains offering free email accounts commonly used or
forged by spammers. The domains should be listed singly, with one
appearing on each text line, and with no blank lines in the file. Be
sure you do not create an empty FREEMAIL file, either.grep, a set of programs which searches
files on Unix systems for specified strings of characters. This is set
by default to "fgrep", a fast version of grep which is usually found
in a normal system programs directory on Unix machines. Most versions
of fgrep work properly with the Spam Bouncer.grep programs
other than fgrep. Usually egrep will work,
or agrep if that does not. chitchat@borg.besties.com
dylan-fanatics@lists.musicman.net
NOBOUNCE file,
a text file of email addresses and domains whose email you want the Spam
Bouncer to skip filtering and deliver directly to you. Set this to point
to the directory and filename where you keep that file. I name mine
".nobounce" and keep it in my home directory, and this is where the
Spam Bouncer looks if you don't set this variable. goodguy@spamsite.com
niceguy@roguesite.net
nslookup program. You need to set this
only if nslookup is not in your path (the list of directories which your
system will search for a program) or if you have an alias set up for
nslookup on your account. If you aren't having trouble getting
RBLCHECK and DULCHECK to work on your system, you can leave this
alone.NONE, which skips pattern matching entirely;
SILENT, which simply files the mail in
the BLOCKFOLDER; and NOTIFY, which sends a
notice to the sender that his email was blocked, and explains how
to bypass spam filtering if his email was legitimate.rm program -- the program which deletes
files. You need to set this only if rm is not in your path (the
list of directories which your system will search for a program)
or if you have an alias set up for rm on your account. If you aren't
having trouble with the Spam Bouncer leaving temporary files on your
system, you can leave this alone./usr/sbin/sendmail, which will work on some systems, but
not all. On almost all systems which use sendmail, however, this variable
is set correctly as a global default by the system administrators. It
does not hurt to check and be sure, though. If SENDMAIL is not set
correctly, the Spam Bouncer will be unable to send any autoreplies.SILENT, which simply files the mail in
the SPAMFOLDER; BOUNCE, which sends a
simulated MAILER-DAEMON bounce message to the spammer in hopes that
he will think your address is no good and remove it from his list;
COMPLAIN, which sends a
complaint and copy of the spam to the spammer's postmaster for spammers
which the Spam Bouncer knows about and has this information, and in
most cases also the upstream ISPs; and BOTH,
which (not surprisingly) both sends a bounce and complains.test program, a small program which looks
for a file or directory and reports whether it exists or not. This is set
to "test" by default, since this program is normally found on the system
path.test program.
After setting the variables in your .procmailrc, add this line to your
.procmailrc file at the point where you want to filter your mail for
spam:
INCLUDERC=${SBDIR}/sb.rc
This line should appear after recipes for mail you don't
want to filter for spam and before recipes for mail
you do want to filter for spam. Users of procmail.rc
will have the correct lines in the correct location already, and will
just need to uncomment whichever one they want to use.
Users who get their mail using Eudora, Pegasus Mail, or another POP mail client which can filter mail by headers will need to set up their filters to look for the following headings:
Upgrading is easy. You just check the "What's New" notice to see if there are any new variables you should set or features you should be aware of, and then ftp the new version (or grab it with your WWW browser) and copy it over the old version. If you prefer, you can subscribe to the SpamBouncer Updates mailing list to get automatic notifications of updates via email. The mailing list is described in the next section.
That's all there is to it.
The Spam Bouncer should be upgraded regularly -- weekly if you are using it with SPAMREPLY set to COMPLAIN and monthly otherwise. Spammers move around a lot. Prolific spammers tend to get disconnected quite a bit, even by spam-friendly providers, because they cause their providers so much trouble. This means that the complaint addresses in the Spam Bouncer's complaint lists must be updated constantly or complaints will go to the wrong place.
Providers get annoyed when they get complaints about a problem they've already fixed, or at least done everything they can to fix. Once they've kicked a spammer off their system, there is very little else they can do, and sending complaints to them just wastes their time and resources.
I do my part by updating the addresses, but that helps only if you do yours by keeping your copy of the Spam Bouncer up to date.
So, if you can't upgrade frequently or don't want to bother updating all the time, please set SPAMREPLY and BLOCKREPLY to SILENT. That way you'll still get the benefits of the filter, but you won't risk causing trouble for an ISP that has already kicked its spammers off.
In addition, today's rogue ISP may be tomorrow's good guys. An example of that is erols.com, which a few years ago was the source of a huge amount of spam and which today is one of the leaders in the fight against it. (Erols also has one of the most entertaining "abuse@" people in the business -- Afterburner.) I regularly review the sites on the blocked list and retire those who have adopted and enforced solid no-spamming policies. That reduces the size of the filter and the resources it takes while keeping it as efficient as possible.
So, please keep up to date! :)
If you are having trouble with the Spam Bouncer, first please make sure you:
The Spam Bouncer is set up to avoid replying to bounced messages and autoreplies to its own bounces, but some spammers set their adminstrative accounts to autoreply to spam complaints and misconfigure their autoresponders to remove the "X-Loop" header, which should NEVER be removed by any autoreply script. In general, it is not a good idea to autoreply to mail from administrative accounts at all, so the Spam Bouncer is set up to filter it out first.
Please report spam which the Spam Bouncer does not catch to <spamtrap@spambouncer.org> so that I can modify the Spam Bouncer to catch it. Many spammers have gotten wise to me -- I'm on their remove lists even if they won't put you or others there. <wry grin> So I depend on my users to keep me up-to-date on what kind of spam is out there.
Report any problems to the author at spamtrap@spambouncer.org, and she'll get to work on fixing them ASAP.
Updates to the SpamBouncer are announced via the SpamBouncer Updates mailing list, in addition to this Web page. The list is a low-volume announcements-only list that gets less than one email per week. I keep it this way so that people who hate getting spammed :) can subscribe without being overwhelmed with email. (If you want to discuss spam and how to fight it, I recommend the SPAM-L mailing list, described in the following section.)
The SpamBouncer Updates list runs on a Majordomo list server, a widely used mailing list management program. If you are unfamiliar with Majordomo, the instructions below should explain how to subscribe to and unsubscribe from the SpamBouncer Updates list. For more information on Majordomo and how to use it, refer to Majordomo Mailing List User Commands at the University of Rochester. For more information on Majordomo itself and how it works, refer to the Majordomo FAQ.
I must approve all subscriptions to the mailing list, so I suggest you send me email letting me know who you are and why you are subscribing before you subscribe to the list. :) (Where possible, I would prefer to keep spammers off of it.)
subscribe <your email address>
end
This will tell the Majordomo list server that you want to subscribe to the SpamBouncer Updates mailing list.
The list server will then send you two messages: a notice to the email address from which your subscription was sent and a confirmation message to the email address that you asked to have subscribed to the list. The notice explains that the subscription must be confirmed from the address that was subscribed to the list. The confirmation message asks you to copy a line of text from it, paste that line of text in a new email, and send the email back to the list server. The message will read like this:
Someone (possibly you) has requested that your email address be added to or deleted from the mailing list "spambouncer-updates@aziz.devnull.net".
If you really want this action to be taken, please send the following commands (exactly as shown) back to "Majordomo@aziz.devnull.net":
auth 3de6896e subscribe spambouncer-updates someone@example.com
If you do not want this action to be taken, simply ignore this message and the request will be disregarded.
The text you need to copy is the line beginning withauth. The jumble of letters and numbers afterauthis called a token, and will be different for each person. Because it is different for each person, if you send back the exact token, the mailing list knows you really asked to subscribe. That prevents others from subscribing you to the mailing list without your permission.
auth and
containing the token from the message the Majordomo list server sends to you into
a new email, and send the new email back to
updates-request@lists.spambouncer.org. | ! CAUTION! |
|
|---|
If you followed these instructions correctly, the Majordomo list server will send you two more messages. The first is a short, machine-generated message showing that your subscribe command worked. The second is a message welcoming you to the SpamBouncer Upgrades list.
Send email to updates-request@lists.spambouncer.org, with any subject line you like (the list server will ignore it), and the following text in the message body:
unsubscribe <your email address>
end
This will tell the Majordomo list server that you want to unsubscribe from the SpamBouncer Updates mailing list. Majordomo will send you a message confirming that you have unsubscribed from the list. If you no longer have access to your old address, send me email and I will unsubscribe your old address manually.
To switch your subscription to a new email address, you must unsubscribe your old address and subscribe the new one, following the instructions above.
First, I would like to thank Stephen van den Berg, the creator of procmail, for his wonderful tool. It is truly the friend of those who hate email spam and want it out of their lives. (It is also the friend of anyone who gets a lot of email.)
I would also like to thank the readers of the Procmail Mailing List for answering lots of often elementary questions, especially at the beginning, as I learned the program. I highly recommend the list for people who use the Spam Bouncer. You can subscribe at procmail-request@Informatik.RWTH-Aachen.DE.
Finally, I'd like to thank one of the best sets of users anyone ever had -- you guys do a superb job keeping me up to date on what spammers are doing. I couldn't do it without you, seriously.
These filters are the result of several years of work and learning about Procmail. I hope the results will be as useful to others as they have been to me.
SpamBouncer Home Page | Getting Started with Procmail | My Home Page
©1996-2001 by Catherine A. Hampton <ariel@tempest.boxmail.com>. All rights reserved.