Spam spam spam spam spam

Spam spam spam spam spam

[Lars Magne Ingebrigtsen]

When I woke up today, I had 75 new mail messages.  Out of these, 72
were spam.  And all different.

It's getting pretty annoying.

Has anybody done any thinking about how to tie Gnus into the various
spam inhibitants that exist?  I could easily see doing splitting based
on ordb/Vipul's Razor/Spamassassin/etc, and having single-stroke
commands in Gnus for reporting spam to the proper instances.  Say, `y'
to send the spam for open relay checking, Razoring, assassination and
all the rest.

-- 
(domestic pets only, the antidote for overdose, milk.)
   larsi@gnus.org * Lars Magne Ingebrigtsen

Re: Spam spam spam spam spam

[Lars Magne Ingebrigtsen]

Lars Magne Ingebrigtsen <larsi@gnus.org> writes:

> Has anybody done any thinking about how to tie Gnus into the various
> spam inhibitants that exist?

Here are my thoughts.  :-)

1) A new splitting rule -- `spam'.  If the message is deemed to be
   spam, it returns "spam".

2) The splitting rule offers lots of (customizable) tests.  For
   instance:

   a) Vipul's Razor (which basically looks at the body and does a
   lookup to see whether somebody else has received the same spam
   before)

   b) ordb and friends (looks at "Received" headers to see whether the
   mail has gone through open relays)

   c) spamcop (basically sees whether somebody has reported that this
   user is a spammer)

   d) A white-list (sees whether you have flagged this as legitimate
   user)

So here would be spam testing rule:

(and (not white-list)
     (or (and ordb spamcom)
         vipul))
   
Both ordb and spamcop have quite a few false positives, but together,
they give pretty good results.  (I've been testing stuff like this
over at Gmane.)

There would be a few new summary mode commands.

1) `y' -- "report this as spam".  This would send the message to a
   user-defined list of spam gatherers, but would typically include
   Razor, ordb, spamcop and spamassassin.  In addition, it could use
   that package that sends a complaint to "postmaster@" all the bits
   in the Received lines.  It would be up to the user.

2) A command to enter into the white-list.  It should be a short
   keystroke -- `M-y', for instance.  This command would put the From
   address of the current message into the white-list, so that the
   spam filter wouldn't classify the next message from this person as
   spam.

People who are absolutely paranoid would just use

(not white-list)

as the spam predicate.  That is, everybody not on the white-list is
classified as spam.

I'm getting fed up with spam, and I think most of us are.  Let's fight
back. 

-- 
(domestic pets only, the antidote for overdose, milk.)
   larsi@gnus.org * Lars Magne Ingebrigtsen

Re: Spam spam spam spam spam

[Robin S. Socha]

* Lars Magne Ingebrigtsen <larsi@gnus.org> writes:

> When I woke up today, I had 75 new mail messages.  Out of these, 72
> were spam.  And all different.
> 
> It's getting pretty annoying.

You're a whiner, Lars. Eat this:

[vpopmail@mail1] grep pending robin-new-tmdalog.2002-03 | wc -l
    3364 

> Has anybody done any thinking about how to tie Gnus into the various
> spam inhibitants that exist?  I could easily see doing splitting based
> on ordb/Vipul's Razor/Spamassassin/etc, and having single-stroke
> commands in Gnus for reporting spam to the proper instances.  Say, `y'
> to send the spam for open relay checking, Razoring, assassination and
> all the rest.

I don't think that's Gnus' job. Really. This should be done on the
mailserver. I use TMDA by Jason R. Mastaler. And it just works. Like,
100%. Except for misconfigured lists. Those, I handle with gnus-junk.el,
but indeed, a report to Spamassassin would be good. But then again, this
can be preprocessed with things like
http://www.gbnet.net/~jrg/qmail/ifspamh

I've got some hints for Gnus and TMDA on
http://my.gnus.org/Members/robin/Doc/tmda/view.

No, I'm not being paid by Jason. His software is just, well, near to
godliness.

Re: Spam spam spam spam spam

[Lars Magne Ingebrigtsen]

"Robin S. Socha" <robin-dated-1017763154.be05b0@socha.net> writes:

> You're a whiner, Lars. Eat this:
>
> [vpopmail@mail1] grep pending robin-new-tmdalog.2002-03 | wc -l
>     3364 

And that's just in 8 hours?  :-)

> I don't think that's Gnus' job. Really. This should be done on the
> mailserver. I use TMDA by Jason R. Mastaler. And it just works. Like,
> 100%.

I'm reading mail from a pop server, so maintaining the white-list
isn't trivial for me.  Of course, I could just punch a few holes in a
few firewalls and have the mail delivered to my actual machine...
*pondering*

My objection to TDMA is basically this -- it requires that the sender
deals with the problem.  If somebody sends me a mail, I don't want
them to have to respond to some automatic message before being allowed
to actually communicate with me.  It seems unneighborly.  And spam
hasn't annoyed me to that point.  Yet.

-- 
(domestic pets only, the antidote for overdose, milk.)
   larsi@gnus.org * Lars Magne Ingebrigtsen

Re: Spam spam spam spam spam

[Lars Magne Ingebrigtsen]

"Robin S. Socha" <robin-dated-1017763154.be05b0@socha.net> writes:

> Except for misconfigured lists.

Mailing lists?  That's, like, so two months ago.  :-)

-- 
(domestic pets only, the antidote for overdose, milk.)
   larsi@gnus.org * Lars Magne Ingebrigtsen

Re: Spam spam spam spam spam

[Henrik Enberg]

Lars Magne Ingebrigtsen <larsi@gnus.org> writes:

> When I woke up today, I had 75 new mail messages.  Out of these, 72
> were spam.  And all different.
>
> It's getting pretty annoying.
>
> Has anybody done any thinking about how to tie Gnus into the various
> spam inhibitants that exist?  I could easily see doing splitting based
> on ordb/Vipul's Razor/Spamassassin/etc, and having single-stroke
> commands in Gnus for reporting spam to the proper instances.  Say, `y'
> to send the spam for open relay checking, Razoring, assassination and
> all the rest.

Well, I cufted up this function for reporting to razor via spamassassin
a few days ago, which I bound to $.  I have even been a good boy and
reported all my span since then.  Now that I look at it it occurs
to me that it should remove the various X-Gnus-* headers before
reporting. 

(defun gnus-spamassassin-report ()
  "Report message on current summary line to spamassassin."
  (interactive)
  (let* ((article (car (gnus-summary-work-articles 1)))
	 (buffer (save-excursion (nnheader-set-temp-buffer
				  " *spamassassin*")))
	 (header (gnus-summary-article-header article)))
    (if (not (vectorp header))
	(message "%s is not a real article." article)
      (when (y-or-n-p "Really report this message to spamassasin? ")
	(save-window-excursion
	  (let ((gnus-display-mime-function nil)
		(gnus-article-prepare-hook nil))
	    (gnus-summary-select-article t nil nil article)))
	(save-excursion
	  (set-buffer buffer)
	  (erase-buffer)
	  (insert-buffer-substring gnus-original-article-buffer)
	  (call-process-region (point-min) (point-max) "spamassassin"
			       nil nil nil "-r"))
	(message "Message reported.")))
    (gnus-kill-buffer buffer)
    (gnus-summary-position-point)
    (gnus-set-mode-line 'summary)))


-- 
I acted to show my love for Jodie Foster.

Re: Spam spam spam spam spam

[Henrik Enberg]

"Robin S. Socha" <robin-dated-1017763154.be05b0@socha.net> writes:

> I don't think that's Gnus' job. Really. This should be done on the
> mailserver. I use TMDA by Jason R. Mastaler. And it just works. 

But TMDA only works with djb's proprietary stuff, doesn't it?  And
since I started using spamassassin 2 months ago, only 1 spam has sneaked
past it.  And personally I don't much like the whitelist approach,
especially if combined with autobouncing, when it goes from annoying to
rude. 

-- 
I acted to show my love for Jodie Foster.

Re: Spam spam spam spam spam

[Lars Magne Ingebrigtsen]

Henrik Enberg <henrik@enberg.org> writes:

> Well, I cufted up this function for reporting to razor via spamassassin
> a few days ago, which I bound to $.

Cool.

[...]

> 	  (call-process-region (point-min) (point-max) "spamassassin"

I've been looking a bit at various bits and pieces to find out how
much can be done internally in Gnus, and how much can't be.

From reading the Razor docs, it seems that what the Razor server wants
is basically a sha1 digest.  And that's already been implemented in
elisp by Shuhei KOBAYASHI.  So spamassassin/Razor doesn't have to be
installed for Gnus to use it to report to Razor, I think.

What I haven't found in Emacs is a way to query DNS servers.  Many of
these spam filtering thingies use DNS as the medium for transferring
data.  The only thing I found is something in the URL libraries that
just calls nslookup externally.

Is there no DNS functionality in Emacs?  Anybody want to implement it?
:-)

(It's UDP, and `M-x apropos RET udp RET' gives me nothing.)

-- 
(domestic pets only, the antidote for overdose, milk.)
   larsi@gnus.org * Lars Magne Ingebrigtsen

Re: Spam spam spam spam spam

[Lars Magne Ingebrigtsen]

Lars Magne Ingebrigtsen <larsi@gnus.org> writes:

> The only thing I found is something in the URL libraries that just
> calls nslookup externally.

And dig.el, which calls dig externally.

-- 
(domestic pets only, the antidote for overdose, milk.)
   larsi@gnus.org * Lars Magne Ingebrigtsen

Re: Spam spam spam spam spam

[Robin S. Socha]

* Henrik Enberg <henrik@enberg.org> writes:
> "Robin S. Socha" <robin-dated-1017763154.be05b0@socha.net> writes:

>> I don't think that's Gnus' job. Really. This should be done on the
>> mailserver. I use TMDA by Jason R. Mastaler. And it just works. 
> 
> But TMDA only works with djb's proprietary stuff, doesn't it?  

http://software.libertine.org/tmda/requirements.html: Currently supported
MTAs include qmail, Postfix, Exim, and Sendmail.

> And since I started using spamassassin 2 months ago, only 1 spam has
> sneaked past it.  

@400000003ca5ec131bb139cc delivery 559537: deferral: spamc_returned_temporary_failure/

Luvery. And that's the stable version. Add to that a missing "'" in line
65. DJB's software may be proprietary (as opposed to what? the standard
RAS tool sendmail?), but at least it works.

I'm heavily underimpressed.

> And personally I don't much like the whitelist approach, especially if
> combined with autobouncing, when it goes from annoying to rude.

Henrik, you really want to check your facts first. Do you find anything
of this nature in http://software.libertine.org/tmda/features.html?  I
don't. And Josh Huber's code at http://my.gnus.org/Lisp/1014963375 will
certainly get you started as for whitelisting.

Ro"Cc:meandsuffer"bin

Re: Spam spam spam spam spam

[Lloyd Zusman]

Lars Magne Ingebrigtsen <larsi@gnus.org> writes:

> [ ... ]
>
> My objection to TDMA is basically this -- it requires that the sender
> deals with the problem.  If somebody sends me a mail, I don't want
> them to have to respond to some automatic message before being allowed
> to actually communicate with me.  It seems unneighborly.  And spam
> hasn't annoyed me to that point.  Yet.

I sympathize with you ... I have felt the same way for quite a while.
However, the spam problem is getting ever worse, and so now, I've sadly
changed my mind ... and TMDA looks pretty good to me.  Given the nature
of the email conventions on the net (which were never originally
intended to provide security against unsolicited mass-mailings), I
believe that there is NO algorithm that exists that can examine headers
and content and do an even barely passable job of filtering spam.

One of the philosophies behind TMDA (blacklist by default, whitelist
only as a result of some sort of authentication) seems to be a good
basis for some usable spam protection.  Yes, it requires senders to
authenticate themselves, but as time goes on, I think that people can
get used to that as the normal convention with email.  And it's rather
painless in TMDA: a single reply to a single authentication message does
the trick for any given sender.

And you can pre-whitelist a group of already-trusted senders.  When I
started using TMDA, I ran it in a sort of log-only mode for a while,
causing it to deliver all email as if TMDA wasn't there, but also to log
its idea of the message sender.  After examining the logs that
accumulated, I was able to come up with a set of senders that I could
pre-whitelist.  This set consisted of 90+ percent of the people who
should be on my whitelist.

I then set up the initial whitelist, and re-configured TMDA to start
working the way it's supposed to.  So far, I haven't heard any
complaints from the validly-whitelistable people I had missed, and I
actually have gotten some authentication messages back from people, who
haven't complained in the least.

I'm not saying that TMDA itself is the "be all and the end all" ...  it
still could use some tweaking, and perhaps there is other software that
uses the same philosophy, and which might be more desirable to use.

But I really believe that this philosophy (blacklist all but
authenticated senders) is the way to go these days, if you want to
have any measure of success in blocking spam.


-- 
 Lloyd Zusman
 ljz@asfast.com

Re: Spam spam spam spam spam

[Lars Magne Ingebrigtsen]

Lloyd Zusman <ljz@asfast.com> writes:

> Given the nature of the email conventions on the net (which were
> never originally intended to provide security against unsolicited
> mass-mailings), I believe that there is NO algorithm that exists
> that can examine headers and content and do an even barely passable
> job of filtering spam.

I think by using collaborative measures, you can probably come up with
something that will reduce the spam problem back to a bearable level.
Spamassassin/Razor/Spamcop looks like they're having a pretty good
success rate.

> One of the philosophies behind TMDA (blacklist by default, whitelist
> only as a result of some sort of authentication) seems to be a good
> basis for some usable spam protection.  Yes, it requires senders to
> authenticate themselves, but as time goes on, I think that people can
> get used to that as the normal convention with email.

I use this methodology on Gmane (for allowing posting through the
news-to-mail interface), but there the potential for annoyance is so
much higher.  If a spam message goes through there, it'll annoy
(potentially) thousands of people.  If a spam message goes through to
me, it'll annoy one single person.

> I then set up the initial whitelist, and re-configured TMDA to start
> working the way it's supposed to.  So far, I haven't heard any
> complaints from the validly-whitelistable people I had missed, and I
> actually have gotten some authentication messages back from people, who
> haven't complained in the least.

I've gone through the white-list process with a couple of people, and
I've been annoyed.  Not annoyed enough to say something (because I
sympathize), but annoyed nevertheless.

-- 
(domestic pets only, the antidote for overdose, milk.)
   larsi@gnus.org * Lars Magne Ingebrigtsen

Re: Spam spam spam spam spam

[Robin S. Socha]

* Lars Magne Ingebrigtsen <larsi@gnus.org> writes:
> "Robin S. Socha" <robin-dated-1017763154.be05b0@socha.net> writes:

>> You're a whiner, Lars. Eat this:
>>
>> [vpopmail@mail1] grep pending robin-new-tmdalog.2002-03 | wc -l
>>     3364 
> 
> And that's just in 8 hours?  :-)

Add that:

[vpopmail@mail1] grep pending robin-tmdalog.2002-0* | wc -l
   19574 

Obviously, I've been carpet-bombed.[1]

>> I don't think that's Gnus' job. Really. This should be done on the
>> mailserver. I use TMDA by Jason R. Mastaler. And it just works. Like,
>> 100%.
> 
> I'm reading mail from a pop server, so maintaining the white-list
> isn't trivial for me.  Of course, I could just punch a few holes in a
> few firewalls and have the mail delivered to my actual machine...
> *pondering*

Feel free to apply for a *FREE*!!!!!111 my.gnus.org account. TMDA
included and stuff, I think. 

> My objection to TDMA is basically this -- it requires that the sender
> deals with the problem.  If somebody sends me a mail, I don't want
> them to have to respond to some automatic message before being allowed
> to actually communicate with me.  It seems unneighborly.  

All cool people have this. DJB. Randall Schwartz. Me. Ummm... Odd man
out here.

> And spam hasn't annoyed me to that point.  Yet.

echo larsi@gnus.org >> .qmail-isspam 

Hrhrhrr... BTW, we've been doing some toying around. If you want some
new stuff announced, submit[2] it to http://news.my.gnus.org/

And if someone here knows Docbook really well, we'd appreciate help for
http://209.70.202.37/cgi-bin/cvsweb/gnus-faq/ 

Ummm... what was the Subject: again?

Footnotes: 
[1]  http://socha.net/1017003229/

[2]  http://news.my.gnus.org/addPostingForm

Re: Spam spam spam spam spam

[Lars Magne Ingebrigtsen]

"Robin S. Socha" <robin-dated-1017766931.a28983@socha.net> writes:

> Obviously, I've been carpet-bombed.[1]

But what happened?  How on earth did you get such a massive explosion
of spam?  Mine has been building up over a long, long time...  

> Feel free to apply for a *FREE*!!!!!111 my.gnus.org account. TMDA
> included and stuff, I think. 

:-)

-- 
(domestic pets only, the antidote for overdose, milk.)
   larsi@gnus.org * Lars Magne Ingebrigtsen

Re: Spam spam spam spam spam

[Henrik Enberg]

"Robin S. Socha" <robin-dated-1017766099.bda6b6@socha.net> writes:

> * Henrik Enberg <henrik@enberg.org> writes:
>> "Robin S. Socha" <robin-dated-1017763154.be05b0@socha.net> writes:
>
>>> I don't think that's Gnus' job. Really. This should be done on the
>>> mailserver. I use TMDA by Jason R. Mastaler. And it just works. 
>> 
>> But TMDA only works with djb's proprietary stuff, doesn't it?  
>
> http://software.libertine.org/tmda/requirements.html: Currently supported
> MTAs include qmail, Postfix, Exim, and Sendmail.

Ok, thats great.

>> And since I started using spamassassin 2 months ago, only 1 spam has
>> sneaked past it.  
>
> @400000003ca5ec131bb139cc delivery 559537: deferral: spamc_returned_temporary_failure/
>
> Luvery. And that's the stable version. Add to that a missing "'" in line
> 65. DJB's software may be proprietary (as opposed to what? the standard
> RAS tool sendmail?), but at least it works.

As opposed to say Exim or Postfix.

> I'm heavily underimpressed.
>
>> And personally I don't much like the whitelist approach, especially if
>> combined with autobouncing, when it goes from annoying to rude.
>
> Henrik, you really want to check your facts first. Do you find anything
> of this nature in http://software.libertine.org/tmda/features.html?  I
> don't. And Josh Huber's code at http://my.gnus.org/Lisp/1014963375 will
> certainly get you started as for whitelisting.

I didn't say that TMDA bounces stuff,  I said that it is rude to bounce
messages not in your whitelist.  And I find it pretty rude to require
confirmation aswell.  By doing that you're forcing _others_ to deal
with _your_ spam.

-- 
I acted to show my love for Jodie Foster.

Re: Spam spam spam spam spam

[Kai Großjohann]

Lars Magne Ingebrigtsen <larsi@gnus.org> writes:

> Is there no DNS functionality in Emacs?  Anybody want to implement it?
> :-)
>
> (It's UDP, and `M-x apropos RET udp RET' gives me nothing.)

The Emacs CVS has augmented network functionality which groks UDP, I
gather.

kai
-- 
Silence is foo!

Re: Spam spam spam spam spam

[Robin S. Socha]

* Henrik Enberg <henrik@enberg.org> writes:
> "Robin S. Socha" <robin-dated-1017766099.bda6b6@socha.net> writes:

[...]
>>> And personally I don't much like the whitelist approach, especially
>>> if combined with autobouncing, when it goes from annoying to rude.
>>
>> Henrik, you really want to check your facts first. Do you find anything
>> of this nature in http://software.libertine.org/tmda/features.html?  I
>> don't. And Josh Huber's code at http://my.gnus.org/Lisp/1014963375 will
>> certainly get you started as for whitelisting.
> 
> I didn't say that TMDA bounces stuff, I said that it is rude to bounce
> messages not in your whitelist.  And I find it pretty rude to require
> confirmation aswell.  By doing that you're forcing _others_ to deal
> with _your_ spam.

http://cvs.sourceforge.net/cgi-bin/viewcvs.cgi/tmda/tmda/contrib/collectaddys?rev=1.2&content-type=text/vnd.viewcvs-markup
in connection with http://my.gnus.org/Lisp/1014963375 should pretty much
catch every known user of yours. If someone you don't know wants to send
you mail - fine. A single confirmation message will do.

This should be taken to the TMDA list if anything.

Re: Spam spam spam spam spam

[Robin S. Socha]

* Lars Magne Ingebrigtsen <larsi@gnus.org> writes:
> "Robin S. Socha" <robin-dated-1017766931.a28983@socha.net> writes:

>> Obviously, I've been carpet-bombed.[1]
> 
> But what happened?  How on earth did you get such a massive explosion
> of spam?  Mine has been building up over a long, long time...  

Some kind person has subscribed me to many, many opt-in lists (or
whatever you call this shit a bunch of degenerated sheep shaggers made
up to annoy the hell out of me).

>> Feel free to apply for a *FREE*!!!!!111 my.gnus.org account. TMDA
>> included and stuff, I think. 
> 
> :-)

Eh. I'm not kidding. And our server rocks. I think.
http://mail.socha.net/special/about/

Re: Spam spam spam spam spam

[Lloyd Zusman]

Lars Magne Ingebrigtsen <larsi@gnus.org> writes:

> Lloyd Zusman <ljz@asfast.com> writes:
>
>> [ ... ]
>
> I think by using collaborative measures, you can probably come up with
> something that will reduce the spam problem back to a bearable level.
> Spamassassin/Razor/Spamcop looks like they're having a pretty good
> success rate.

I'll try those again.  I had problems in the past, but that was a while
ago, and now appears the problems are being solved.  Since you say that
they're working well, it would be nice if I could use them in lieu of
TMDA.


>> One of the philosophies behind TMDA (blacklist by default, whitelist
>> only as a result of some sort of authentication) seems to be a good
>> basis for some usable spam protection.  [ ... ]
>
> I use this methodology on Gmane (for allowing posting through the
> news-to-mail interface), but there the potential for annoyance is so
> much higher.  If a spam message goes through there, it'll annoy
> (potentially) thousands of people.  If a spam message goes through to
> me, it'll annoy one single person.

Well, for an individual, the annoyance factor for all the senders might
indeed be higher than that of the single recipient ... but my situation
is a little different: I run a small ISP with a number of users, and so
the recipient annoyance factor is higher, per unit email delivery to
recipients on my site.


> I've gone through the white-list process with a couple of people, and
> I've been annoyed.  Not annoyed enough to say something (because I
> sympathize), but annoyed nevertheless.

I'm annoyed also with this whitelisting ... but like you, not annoyed
enough to complain, because I do sympathize.  I think that this small
level of annoyance is a worthwhile price to pay for major spam
reduction.

But as you mentioned above, SpamAssassin/Razor/Spamcop seem to be
working well these days, and so I'm going to revisit these solutions
before completely embracing TMDA.


-- 
 Lloyd Zusman
 ljz@asfast.com

Re: Spam spam spam spam spam

[Lars Magne Ingebrigtsen]

"Robin S. Socha" <robin-dated-1017770142.530f6d@socha.net> writes:

> This should be taken to the TMDA list if anything.

Well, we were discussing spam filtering in Gnus.  :-)

-- 
(domestic pets only, the antidote for overdose, milk.)
   larsi@gnus.org * Lars Magne Ingebrigtsen

Re: Spam spam spam spam spam

[Lars Magne Ingebrigtsen]

Kai.Grossjohann@CS.Uni-Dortmund.DE (Kai Großjohann) writes:

> The Emacs CVS has augmented network functionality which groks UDP, I
> gather.

Cool.  Is there DNS stuff already in there as well?

-- 
(domestic pets only, the antidote for overdose, milk.)
   larsi@gnus.org * Lars Magne Ingebrigtsen

Re: Spam spam spam spam spam

[Harry Putnam]

Lars Magne Ingebrigtsen <larsi@gnus.org> writes:

> "Robin S. Socha" <robin-dated-1017770142.530f6d@socha.net> writes:
>
>> This should be taken to the TMDA list if anything.
>
> Well, we were discussing spam filtering in Gnus.  :-)

Somebody kick Robin in the shin, make him shut up...

Lars,  This is great stuff your're thinking about.  Your first and
second  post in this thread looks like a helluva good start in the
right direction.  With the simple key strokes and hooking into a
couple of those anti spam things.

Not all of us users are as (ahem) `sophisticated' as Robin :-).

I have 12 spam filter recipes in procmail that catch most stuff and
have been refined over mnths (but very casually).  It really is quite
an undertaking.  Complicated by list memberships etc.  

I think many of us would prefer this kind of functionality in gnus
rather than being pointed at dozens of applications or changes in
basic MTA. (qmail zealots suck - long live sendmail - long live exim)
           (Take that you knave (Robin).... he he)

(Asbesteos Long Johns duly trotted out)

I especially liked the add to white list thing.  A good way to easily
counter false hits.  With a setup like you described, I suspect it
would be only a matter of a few days before a user had a really good
and effective spam trap system in place.  All done with a  few key
strokes in gnus.  yes... yessss  Go Lars go!

Re: Spam spam spam spam spam

[Lars Magne Ingebrigtsen]

Kai.Grossjohann@CS.Uni-Dortmund.DE (Kai Großjohann) writes:

> The Emacs CVS has augmented network functionality which groks UDP, I
> gather.

It does indeed, so I'm now going to start experimenting with talking
DNS via `make-network-process'.

-- 
(domestic pets only, the antidote for overdose, milk.)
   larsi@gnus.org * Lars Magne Ingebrigtsen

Re: Spam spam spam spam spam

[Jason R. Mastaler]

Henrik Enberg <henrik@enberg.org> writes:

> I said that it is rude to bounce messages not in your whitelist.

TMDA doesn't bounce unconfirmed messages, it stores them in a local
directory until they get confirmed.  Think of the confirmation notice
as similar to a mailing list confirmation request.

> And I find it pretty rude to require confirmation aswell.

And do you also think it's rude for a mailing list manager to require
confirmation that your subscription request is legitimate?  It's the
same with TMDA.  Confirm your address the first time, and you're done.

In practice though, very few folks actually have to end up confirming
their mail to me.  Either they are already in my whitelist, or they
are replying to a 'dated' address (such as the one I'm posting with).

> By doing that you're forcing _others_ to deal with _your_ spam.

Possibly, but I don't think having to reply to a single confirmation
request is a big deal - especially since it's for a good cause <wink>.

-- 
(http://tmda.sourceforge.net/)

Re: Spam spam spam spam spam

[Lars Magne Ingebrigtsen]

"Jason R. Mastaler" <jason-dated-1018208281.2e26d9@mastaler.com> writes:

> Possibly, but I don't think having to reply to a single confirmation
> request is a big deal - especially since it's for a good cause <wink>.

I think TMDA is a perfectly good alternative, but I don't think it's
for everybody.

Anyway, I've now implemented DNS lookups natively.  (You need CVS
Emacs.)  People with Emacsen that doesn't have that will probably have
to substitute with some external program, which will probably be
somewhat slow...

-- 
(domestic pets only, the antidote for overdose, milk.)
   larsi@gnus.org * Lars Magne Ingebrigtsen

Re: Spam spam spam spam spam

[Jason R. Mastaler]

Lars Magne Ingebrigtsen <larsi@gnus.org> writes:

> I think TMDA is a perfectly good alternative, but I don't think it's
> for everybody.

Very true.  I wrote TMDA for the same reason - because what was out
there wasn't for me.  Not effective enough, too time consuming, risk
of false positives too high.

Given that the UCE problem isn't going away any time soon, it's nice
that we now have lots of alternative countermeasures to choose from.

Cheers.

-- 
(http://tmda.sourceforge.net/)

Re: Spam spam spam spam spam

[Daniel Pittman]

[-- Attachment #1: Type: text/plain, Size: 1966 bytes --]

On Sat, 30 Mar 2002, Lars Magne Ingebrigtsen wrote:
> When I woke up today, I had 75 new mail messages.  Out of these, 72
> were spam.  And all different.

Yay, SPAM.

> It's getting pretty annoying.

*nod*  It did for me. Then I found something to do about it. ;)

<http://spamassassin.taint.org/>

> Has anybody done any thinking about how to tie Gnus into the various
> spam inhibitants that exist?  

Yup. 

> I could easily see doing splitting based on ordb/Vipul's
> Razor/Spamassassin/etc, 

SpamAssassin has been the best tool for that sort of thing that I have
met so far. It's based on a heuristic system -- assign points for a
match in ORBZ, Razor, et al.

Given the number of inaccurate reports or deliberate poisonings of ORBZ
and Razor, and the occasional response like "oh, yes, it is an incorrect
listing. Wait a week and it will expire naturally" from SpamCop...

...having something that treats them as a hint, not an accurate binary
yes/no, would be good.

> and having single-stroke commands in Gnus for reporting spam to the
> proper instances.

I have some fairly hackish code that did that for SpamAssassin. 

> Say, `y' to send the spam for open relay checking, Razoring,
> assassination and all the rest.

If you want to write this, the following things would be great:

* pipe message through a clean-up filter.
* send to one or more addresses as a 'bounce' (filtered message as is.)
* send to one or more addresses as an rfc822 attachment.
* pipe message through one or more reporting filters.
* optionally delete the message.
* optionally move the message to a different folder (and backend).

That way I could meet the various submission requirements around the
place. :)


Anyway, I had not gotten the round tuits needed to bring the code up to
date from when it only did a forward-attached to SpamCop. Here it is.
I have signed my papers and everything so feel free to use this as a
basis for something more sensible.

        Daniel


[-- Attachment #2: Type: application/x-emacs-lisp, Size: 2374 bytes --]

[-- Attachment #3: Type: text/plain, Size: 192 bytes --]


-- 
Ask not what you can do for your country, ask what your country 
did to you. The only reason you're still alive is because someone 
has decided to let you live.
        -- KMFDF, _Dogma_

Re: Spam spam spam spam spam

[Paul Jarc]

Lars Magne Ingebrigtsen <larsi@gnus.org> wrote:
> I'm now going to start experimenting with talking DNS via
> `make-network-process'.

While compiling dns-write in file /home/prj/src/cvs/gnus/lisp/dns.el:
  ** Probable `"' without `\' in doc string of dns-write
While compiling the end of the data:
  ** the function make-network-process is not known to be defined.


paul

Re: Spam spam spam spam spam

[Lars Magne Ingebrigtsen]

prj@po.cwru.edu (Paul Jarc) writes:

> While compiling the end of the data:
>   ** the function make-network-process is not known to be defined.

It's in Emacs 21.2 CVS.

-- 
(domestic pets only, the antidote for overdose, milk.)
   larsi@gnus.org * Lars Magne Ingebrigtsen

Re: Spam spam spam spam spam

[Paul Jarc]

Lars Magne Ingebrigtsen <larsi@gnus.org> wrote:
> prj@po.cwru.edu (Paul Jarc) writes:
>> While compiling the end of the data:
>>   ** the function make-network-process is not known to be defined.
>
> It's in Emacs 21.2 CVS.

Yes, but should it be fbound in lpath.el to silence the warning?


paul

Re: Spam spam spam spam spam

[Lars Magne Ingebrigtsen]

prj@po.cwru.edu (Paul Jarc) writes:

> Yes, but should it be fbound in lpath.el to silence the warning?

Yup.  I've now done so.

-- 
(domestic pets only, the antidote for overdose, milk.)
   larsi@gnus.org * Lars Magne Ingebrigtsen

Re: Spam spam spam spam spam

[Mark Milhollan]

Lars Magne Ingebrigtsen <larsi@gnus.org> writes:

>Anyway, I've now implemented DNS lookups natively.  (You need CVS
>Emacs.)  

I won't ask about EDNS0 or fall back to TCP (especially if the result via
UDP is truncated) or DNSSEC, since they are unlikely to be necessary for
DNSBL purposes (so far).

>People with Emacsen that doesn't have that will probably have
>to substitute with some external program, which will probably be
>somewhat slow...

The rblcheck program, if available, would be the nominal alternative ...

,----[ C-u M-! rblcheck -h RET ]
| rblcheck 1.5
| Copyright (C) 1997, 1998, 1999, 2000, 2001 Edward S. Marshall
| Usage: ./rblcheck [-qtlcvh?] [-s <service>] <address> [ <address> ... ]
| 
|     -q           Quiet mode; no output
|     -t           Print a TXT record, if any
|     -m           Stop checking after first address match in any list
|     -l           List default RBL services to check
|     -c           Clear the current list of RBL services
|     -s <service> Add a new service to the RBL services list
|     -h, -?       Display this help message
|     -v           Display version information
|     <address>    An IP address to look up; specify `-' to read multiple
|                  addresses from standard input.
`----

,----[ C-u M-! rblcheck -m -c -s relays.osirusoft.com 127.0.0.1 RET ]
| 127.0.0.1 not RBL filtered by relays.osirusoft.com
`----

,----[ C-u M-! rblcheck -m -c -s relays.osirusoft.com 127.0.0.2 RET ]
| 127.0.0.2 RBL filtered by relays.osirusoft.com
`----

Other alternative programs would be host, dig or nslookup, all of which
require address octet reversal ...

,----[ C-u M-! host -t any 1.0.0.127.relays.osirusoft.com RET ]
| 1.0.0.127.relays.osirusoft.com does not exist (Authoritative answer)
`----

,----[ C-u M-! host -t any 2.0.0.127.relays.osirusoft.com RET ]
| 2.0.0.127.relays.osirusoft.com	A	127.0.0.4
| 2.0.0.127.relays.osirusoft.com	A	127.0.0.2
| 2.0.0.127.relays.osirusoft.com	A	127.0.0.6
`----

,----[ C-u M-! dig 1.0.0.127.relays.osirusoft.com any +pfmin RET ]
| ;; res options: init recurs defnam dnsrch
| ;; got answer:
| ;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 57324
| ;; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
| ;; QUERY SECTION:
| ;;	1.0.0.127.relays.osirusoft.com, type = ANY, class = IN
`----

,----[ C-u M-! dig 2.0.0.127.relays.osirusoft.com any +pfmin RET ]
| ;; res options: init recurs defnam dnsrch
| ;; got answer:
| ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 37513
| ;; QUERY: 1, ANSWER: 3, AUTHORITY: 0, ADDITIONAL: 0
| ;; QUERY SECTION:
| ;;	2.0.0.127.relays.osirusoft.com, type = ANY, class = IN
| 
| ;; ANSWER SECTION:
| 2.0.0.127.relays.osirusoft.com.  11h37m50s IN A  127.0.0.4
| 2.0.0.127.relays.osirusoft.com.  11h37m50s IN A  127.0.0.2
| 2.0.0.127.relays.osirusoft.com.  11h37m50s IN A  127.0.0.6
`----

,----[ C-u M-! nslookup -q=any 1.0.0.127.relays.osirusoft.com RET ]
| *** localhost can't find 1.0.0.127.relays.osirusoft.com: Unspecified error
| Server:  localhost
| Address:  127.0.0.1
`----

,----[ C-u M-! nslookup -q=any 2.0.0.127.relays.osirusoft.com RET ]
| Server:  localhost
| Address:  127.0.0.1
| 
| Non-authoritative answer:
| 2.0.0.127.relays.osirusoft.com	internet address = 127.0.0.4
| 2.0.0.127.relays.osirusoft.com	internet address = 127.0.0.2
| 2.0.0.127.relays.osirusoft.com	internet address = 127.0.0.6
`----


/mark

Re: Spam spam spam spam spam

[Lars Magne Ingebrigtsen]

Now, about the white-list thing -- there should also be a black-list
thing as well, I guess.  "Classify all mail from this From address as
spam."  `C-u M-y', perhaps.

What should the format of the black-and-white-lists be?  It could
just be a one-address-per-line thing, but perhaps it would be nice to
allow regexps?  Or perhaps a GLOB thing would be better?

larsi@gnus.org
larsi@gnus\.org
.*@gnus\.org
*@gnus.org

I think it's easier for people to edit GLOBs than to edit the
regexps, and I don't think people really need regexps here...

So `M-y' will enter address in the current From line into the
white-list.  `0 M-y' will let you edit it first.  Urr...  Then what
about the black-list, then?

-- 
(domestic pets only, the antidote for overdose, milk.)
   larsi@gnus.org * Lars Magne Ingebrigtsen

Re: Spam spam spam spam spam

[Fabien Penso]

Lars on Sat, 30 Mar 2002 16:33:31 +0100 wrote:

 > When I woke up today, I had 75 new mail messages.  Out of these, 72
 > were spam.  And all different.

 > It's getting pretty annoying.

 > Has anybody done any thinking about how to tie Gnus into the various
 > spam inhibitants that exist?  I could easily see doing splitting based
 > on ordb/Vipul's Razor/Spamassassin/etc, and having single-stroke
 > commands in Gnus for reporting spam to the proper instances.  Say, `y'
 > to send the spam for open relay checking, Razoring, assassination and
 > all the rest.

I have done something so I don't receive them both, so don't my
friends. Take a look at :

http://perso.linuxfr.org/penso/lisp/nospam.el
http://perso.linuxfr.org/penso/spam.html
http://perso.linuxfr.org/nospam/

Basicly I have a list of person which are allowed to add domain/email,
etc to a blacklist. You do forward the spam and you sign the message,
then it adds the from: header to a file which is available on the
net. Then you just have to use procmail, postfix access table, etc,
which a shell script so you do reject thoses.

Works pretty well. I do use spamassassin too, and the few left which
still goes to me are blacklisted right away, I just hit F1 or F2 :)

Hope it helps.

-- 
Fabien Penso <penso@linuxfr.org> | LinuxFr a toujours besoin de :
http://perso.LinuxFr.org/penso/  | http://linuxFr.org/dons/

Re: Spam spam spam spam spam

[Lars Magne Ingebrigtsen]

Fabien Penso <penso@linuxfr.org> writes:

> I have done something so I don't receive them both, so don't my
> friends. Take a look at :
>
> http://perso.linuxfr.org/penso/lisp/nospam.el
> http://perso.linuxfr.org/penso/spam.html
> http://perso.linuxfr.org/nospam/
>
> Basicly I have a list of person which are allowed to add domain/email,
> etc to a blacklist.

Interesting.  It's kind of like what spamcop does, but on a smaller
scale.  The problem is (when you take this to a larger scale) that
you have to trust the people who are doing the blacklisting.  If
anybody can do that, then (after a short while) no mail will be
delivered at all.  :-)

Anyway, I just realized that totally relying on
`make-network-process' isn't necessary at all -- DNS can be done
perfectly well via TCP as well.  So I've now made `dns-query' use
`open-network-stream' if `make-network-process' doesn't exist.

-- 
(domestic pets only, the antidote for overdose, milk.)
   larsi@gnus.org * Lars Magne Ingebrigtsen

Re: Spam spam spam spam spam

[Fabien Penso]

Lars on Sun, 31 Mar 2002 17:50:35 +0200 wrote:

 >> http://perso.linuxfr.org/penso/lisp/nospam.el
 >> http://perso.linuxfr.org/penso/spam.html
 >> http://perso.linuxfr.org/nospam/
 >> 
 >> Basicly I have a list of person which are allowed to add domain/email,
 >> etc to a blacklist.

 > Interesting.  It's kind of like what spamcop does, but on a smaller
 > scale.  The problem is (when you take this to a larger scale) that
 > you have to trust the people who are doing the blacklisting.  If
 > anybody can do that, then (after a short while) no mail will be
 > delivered at all.  :-)

Well I do manually add people which are allowed to (well, gnupg key_id
in fact) in the config file of the Perl proggy which I use for that.

I agree it works only with a small amount of people. For now I do trust
the ones which I give access to. But when you do add a spam (domain or
user@domain.com or IP for rbl) it sends an empty message on a list where
anyone can subscribe, with a short subject like :

[domain:microsoft.com:add] from fabien penso <penso@linuxfr.org>

So anyone can see what happens, and eventually remove the command with
something like : [domain:microsoft.com:del] in the subject. So anyone
can see what happens, and allowed people can send command. For now it
works great.

-- 
Fabien Penso <penso@linuxfr.org> | LinuxFr a toujours besoin de :
http://perso.LinuxFr.org/penso/  | http://linuxFr.org/dons/

Re: Spam spam spam spam spam

[Romain FRANCOISE]

Lars Magne Ingebrigtsen writes:

> Now, about the white-list thing -- there should also be a black-list
> thing as well, I guess.  "Classify all mail from this From address as
> spam."  `C-u M-y', perhaps.

Unless I'm much mistaken, this can already be done using scoring. Simply
use a simple function to add the From header from the spam you received
to a file using the score-file syntax, and source this file in
all.SCORE. Then all the messages you receive from this address are
scored down.

It does not mark it specifically as spam, but I've found that it's
enough to be used in a daily basis without too much hassle.

Just my 2 cents,

Romain.

-- 
Romain FRANCOISE <romain@orebokech.com>
it's a miracle! -- http://www.orebokech.com/

Re: Spam spam spam spam spam

[Russ Allbery]

Lars Magne Ingebrigtsen <larsi@gnus.org> writes:

> Anyway, I just realized that totally relying on
> `make-network-process' isn't necessary at all -- DNS can be done
> perfectly well via TCP as well.  So I've now made `dns-query' use
> `open-network-stream' if `make-network-process' doesn't exist.

Just be warned that this won't work with some DNS servers, since the DNS
protocol requires that you try UDP first and only fall back to TCP if the
server returns a truncated response.  Some DNS servers that already know
that their entire response database fits into UDP packets will therefore
choose not to listen or respond to TCP connections at all (since DNS over
TCP is a widely used attack target for bugs in BIND).

Might be worth a note in the manual about that.

-- 
Russ Allbery (rra@stanford.edu)             <http://www.eyrie.org/~eagle/>

Re: Spam spam spam spam spam

[Russ Allbery]

Lars Magne Ingebrigtsen <larsi@gnus.org> writes:

> Now, about the white-list thing -- there should also be a black-list
> thing as well, I guess.  "Classify all mail from this From address as
> spam."  `C-u M-y', perhaps.

> What should the format of the black-and-white-lists be?  It could
> just be a one-address-per-line thing, but perhaps it would be nice to
> allow regexps?  Or perhaps a GLOB thing would be better?

> larsi@gnus.org
> larsi@gnus\.org
> .*@gnus\.org
> *@gnus.org

> I think it's easier for people to edit GLOBs than to edit the
> regexps, and I don't think people really need regexps here...

It would be great to somehow plug in the same logic that scoring has so
that we can use all of the same options that we can with score file
entries.  If you think glob would be particularly useful, it could be
added as a scoring type too.  :)

Incidentally, while this isn't a good heuristic for everyone, for those of
us who don't speak any Asian language and don't live in Asia, the
following is remarkably good.  All by itself, it catches something like
90% of all of my spam.  (Asian language spam has increased drastically in
the past year or so.)

 '(nnmail-split-abbrev-alist

[...]

         (cons 'content-spam
               (concat "big5\\|gb2312\\|ks_c_.*\\|shift_jis"
                       "\\|default_charset"))
         (cons 'subject-spam
               (concat ".*=\\?\\(big5\\|gb2312\\|ks_c_\\|shift_jis"
                       "\\|euc[-_]kr\\).*"
                       "\\|.*[¹²°¶÷¾].*"))

I then check content-spam against the Content-Type header and subject-spam
against the Subject header.  The last bit of subject-spam catches a lot of
spam with unencoded Asian languages in the subject header by looking for
characters that are fairly unlikely to be in the Subject for ISO 8859-1 or
-15 languages, but again isn't going to be applicable to everyone.

Not sure if something like this would be worth offering as an option or
example.  It's wholly inappropriate for people who correspond in Asian
languages, or in any language that uses those code points which may
include any UTF-8 encoding, but for those of us who only correspond in
English or western European languages it's staggeringly effective.

Obviously, this is the sort of check that you want to put after you
already split out your mailing list traffic, so as to not get false
positives on mail to public mailing lists from people who just want to
spell their name correctly.

-- 
Russ Allbery (rra@stanford.edu)             <http://www.eyrie.org/~eagle/>

Re: Spam spam spam spam spam

[Lars Magne Ingebrigtsen]

Russ Allbery <rra@stanford.edu> writes:

> Just be warned that this won't work with some DNS servers, since the DNS
> protocol requires that you try UDP first and only fall back to TCP if the
> server returns a truncated response.

Ah, right.

Well, this will only be a problem on Emacs 21.1 and earlier.  XEmacs
does UDP in `open-network-stream'...

-- 
(domestic pets only, the antidote for overdose, milk.)
   larsi@gnus.org * Lars Magne Ingebrigtsen

Re: Spam spam spam spam spam

[Stainless Steel Rat]

* Lars Magne Ingebrigtsen <larsi@gnus.org>  on Sat, 30 Mar 2002
| My objection to TDMA is basically this -- it requires that the sender
| deals with the problem.  If somebody sends me a mail, I don't want
| them to have to respond to some automatic message before being allowed
| to actually communicate with me.  It seems unneighborly.  And spam
| hasn't annoyed me to that point.  Yet.

Ditto.

I use a combination of things.  It has worked quite well without
inconveniencing legitimate senders.

First line of defense is spamcop.  Yes, it is a pay service, but it isn't
expensive and it -works-, and it makes it easy to send complaints to the
right people or simply ignore the spam.  All non-list mail I receive gets
routed through spamcop via procmail with a rule that looks like this:

,-----
| :0
| * !^X-SpamCop-REPORTSPAM.*
| * !^X-SpamCop-Checked:.*
| * !^Return-Path: <owner-ding@hpc.uh.edu>
| ! samurairat@spamcop.net
`-----

Only reason I do that is because I get a lot of list mail and running it
all through spamcopy would be slow, not neighborly, and would probably
block a lot of otherwise legitimate stuff.

Second line is DCC invoked on every message via fetchmail, formail, and
dccproc:

,-----
| mda "/usr/bin/formail -b | /usr/local/bin/dccproc >>/var/spool/mail/ratinox"
`-----

And Gnus traps spam based on the X-DCC-*-Metrics headers that dccproc
generates.


Very little spam manages to get through all of that.
-- 
Rat <ratinox@peorth.gweep.net>    \ When not in use, Happy Fun Ball should be
Minion of Nathan - Nathan says Hi! \ returned to its special container and
PGP Key: at a key server near you!  \ kept under refrigeration.
       That and five bucks will get you a small coffee at Starbucks.

Re: Spam spam spam spam spam

[Lloyd Zusman]

"Jason R. Mastaler" <jason-dated-1018226307.34c310@mastaler.com> writes:

> Lars Magne Ingebrigtsen <larsi@gnus.org> writes:
>
>> I think TMDA is a perfectly good alternative, but I don't think it's
>> for everybody.
>
> Very true.  I wrote TMDA for the same reason - because what was out
> there wasn't for me.  Not effective enough, too time consuming, risk
> of false positives too high.
>
> Given that the UCE problem isn't going away any time soon, it's nice
> that we now have lots of alternative countermeasures to choose from.
>
> Cheers.

Agreed.  And now, I'm using two of these countermeasures
simultaneously:  SpamAssassin and TMDA.

I first pipe everything through SpamAssassin in order to use its
heuristics to filter out obvious spam ... and no false postives yet,
either.  Then, anything that passes gets sent through TMDA.  Only the
senders of those emails which are not matched on my whitelist get sent
the confirmation requests.  So far, this seems like the best of both
worlds (not surprising, since I'm using both worlds!).  And I can very
easily reconfigure TMDA to skip the confirmation requests, in which case
I'd just manually enable or disable access from the few messages that
don't pass my whitelist checking.

And back on topic for this forum: the way that Gnus can be used here
would be for me to disable TMDA confirmation, and cause the "pending"
messages from TMDA to be put into their own group under Gnus.  Then, a
few new keybindings would let me whitelist any senders from whom I want
to keep getting email.  This group would have a reasonable expiration
time, so that these pending's don't pile up.

Once I get this working, I'll post the elisp here.

-- 
 Lloyd Zusman
 ljz@asfast.com

Re: Spam spam spam spam spam

[NAGY Andras]

On Sat, 30 Mar 2002, at 16:59, Lars Magne Ingebrigtsen <larsi@gnus.org> wrote:

>    d) A white-list (sees whether you have flagged this as legitimate
>    user)

You might want to use BBDB here; have a look at
http://my.gnus.org/Lisp/1012588625 .




Andras

Re: Spam spam spam spam spam

[NAGY Andras]

On Sat, 30 Mar 2002, at 17:56, Lloyd Zusman <ljz@asfast.com> wrote:

> One of the philosophies behind TMDA (blacklist by default, whitelist
> only as a result of some sort of authentication) seems to be a good
> basis for some usable spam protection.  Yes, it requires senders to
> authenticate themselves, but as time goes on, I think that people can
> get used to that as the normal convention with email.

I think spam robots can get used to this as well.



Andras

Re: Spam spam spam spam spam

[Lloyd Zusman]

NAGY Andras <nagya@inf.elte.hu> writes:

> On Sat, 30 Mar 2002, at 17:56, Lloyd Zusman <ljz@asfast.com> wrote:
>
>> One of the philosophies behind TMDA (blacklist by default, whitelist
>> only as a result of some sort of authentication) seems to be a good
>> basis for some usable spam protection.  Yes, it requires senders to
>> authenticate themselves, but as time goes on, I think that people can
>> get used to that as the normal convention with email.
>
> I think spam robots can get used to this as well.

Most spammers don't put valid return addresses on their emails, and the
don't want to expend the resources to monitor feedback.  Therefore, the
authentication requests will not go out to valid addresses ...  hence,
no authentication and the spam messages get permanently ignored.


> Andras

-- 
 Lloyd Zusman
 ljz@asfast.com

Re: Spam spam spam spam spam

[Paul Jarc]

Russ Allbery <rra@stanford.edu> wrote:
> Lars Magne Ingebrigtsen <larsi@gnus.org> writes:
>> Anyway, I just realized that totally relying on
>> `make-network-process' isn't necessary at all -- DNS can be done
>> perfectly well via TCP as well.
>
> Just be warned that this won't work with some DNS servers, since the DNS
> protocol requires that you try UDP first and only fall back to TCP if the
> server returns a truncated response.  Some DNS servers that already know
> that their entire response database fits into UDP packets will therefore
> choose not to listen or respond to TCP connections at all (since DNS over
> TCP is a widely used attack target for bugs in BIND).

But Gnus will be talking to a resolver, not to an authoritative data
server.  Resolvers don't know what the data that passes through them
will look like, so they'd better support TCP.  I don't know of any
that don't.


paul

Re: Spam spam spam spam spam

[Chris Shenton]

Lars Magne Ingebrigtsen <larsi@gnus.org> writes:

> Has anybody done any thinking about how to tie Gnus into the various
> spam inhibitants that exist?  I could easily see doing splitting based
> on ordb/Vipul's Razor/Spamassassin/etc, and having single-stroke
> commands in Gnus for reporting spam to the proper instances.  Say, `y'
> to send the spam for open relay checking, Razoring, assassination and
> all the rest.

This may not be the optimal way to do it, but I did a little write
up of how I integrate qmail, DCC, and gnus:

http://chris.shenton.org/sysadm/antispam/dcc-qmail-gnus.html

When some spam leaks through, I just use Gnus to pipe it to

  dccproc -t many

which marks it on the DCC servers as known-spam, so other DCC users
will have it filtered. A single keystroke would be even better.

Re: Spam spam spam spam spam

[Lars Magne Ingebrigtsen]

prj@po.cwru.edu (Paul Jarc) writes:

> But Gnus will be talking to a resolver, not to an authoritative data
> server.

No, Gnus talks directly with a DNS server.

-- 
(domestic pets only, the antidote for overdose, milk.)
   larsi@gnus.org * Lars Magne Ingebrigtsen

Re: Spam spam spam spam spam

[Paul Jarc]

Lars Magne Ingebrigtsen <larsi@gnus.org> wrote:
> prj@po.cwru.edu (Paul Jarc) writes:
>> But Gnus will be talking to a resolver, not to an authoritative data
>> server.
>
> No, Gnus talks directly with a DNS server.

"DNS server" is a very vague term.  Gnus is talking to a server whose
address is listed in /etc/resolv.conf, right?  Then Gnus is acting as
a stub resolver, talking to a server which is a recursive or
forwarding resolver.  That server might *also* be an authoritative
data server, but since it's at leasst a resolver, it should definitely
offer TCP service.


paul

Re: Spam spam spam spam spam

[Michel Schinz]

Russ Allbery <rra@stanford.edu> writes:

[...]

> Incidentally, while this isn't a good heuristic for everyone, for
> those of us who don't speak any Asian language and don't live in
> Asia, the following is remarkably good. All by itself, it catches
> something like 90% of all of my spam. (Asian language spam has
> increased drastically in the past year or so.)

That sounds great. I personally use the following technique, which is
also simple and which, until last week, caught something like 95% of
the spam. The idea is simple: most spammers (until last week at
least :-) don't bother putting your e-mail address in the "To:" (or
"Cc:", or whatever) field. They just use a unique message for
everybody. So, *after filtering all mailing-lists* (that's important,
since mailing-lists also don't put your address in the headers), I
flag all mail which is not explicitly sent to me as spam. My .gnus
file contains the following:

----------------------------------------------------------------------
;; Regexp matching all my e-mail addresses
(defconst my-email (regexp-opt '([...] all my e-mail addresses)
			       t))

;; Regexp matching a "Delivered-To:" header, apparently automatically
;; added by my mail server.
(defconst delivered-to-re
  (concat "^Delivered-To:\\s +" my-email))

(defun no-spam-p (arg)
  (save-excursion
    (goto-char (point-min))
    (or (re-search-forward no-spam-re nil t)
	(condition-case nil
	    (progn
	      (while (and (re-search-forward my-email)
			  (progn (beginning-of-line)
				 (looking-at delivered-to-re)))
		(goto-char (match-end 0)))
	      t)
	  (error nil)))))

(setq nnmail-split-rule
      `([...] filters for *all* mailing-lists
	("mail.misc" ,(function no-spam-p))
	("mail.spam" "")))
----------------------------------------------------------------------

Michel.

Re: Spam spam spam spam spam

[Ted Zlatanov]

Lars Magne Ingebrigtsen <larsi@gnus.org> writes:

> 1) A new splitting rule -- `spam'.
...
> There would be a few new summary mode commands.
> 1) `y' -- "report this as spam".
...
> 2) A command to enter into the white-list.

I think those are wonderful suggestions.  Also, perhaps, a 'spam' mark
could be useful, so messages can be optionally flagged with it and
then the user can decide what he wants to do (delete, put in a folder,
etc.) after the splitting is done.

Is there anyone who will implement these, or will Lars do it?  I'd
like to get this functionality in place soon, and I can contribute if
needed.

Thanks
Ted

Re: Spam spam spam spam spam

[Lars Magne Ingebrigtsen]

Ted Zlatanov <teodor.zlatanov@divine.com> writes:

> Is there anyone who will implement these, or will Lars do it?  I'd
> like to get this functionality in place soon, and I can contribute if
> needed.

Please go ahead.  :-)

The spam.el file contains rudimentary whitelist/blacklist support,
and you can build on that.

-- 
(domestic pets only, the antidote for overdose, milk.)
   larsi@gnus.org * Lars Magne Ingebrigtsen

Re: Spam spam spam spam spam

[Ted Zlatanov]

[-- Attachment #1: Type: text/plain, Size: 1402 bytes --]

Lars Magne Ingebrigtsen <larsi@gnus.org> writes:

> Ted Zlatanov <teodor.zlatanov@divine.com> writes:
>
>> Is there anyone who will implement these, or will Lars do it?  I'd
>> like to get this functionality in place soon, and I can contribute if
>> needed.
>
> Please go ahead.  :-)
>
> The spam.el file contains rudimentary whitelist/blacklist support,
> and you can build on that.

What features are missing that you wanted to add?

Did you want to finish the work?  It looks like spam.el is
semi-complete already.  I don't mind picking up - it's always fun to
polish my Lisp.  Just let me know what features/functions you wanted.

What did you think about the "spam" mark?  I've added it to
gnus-sum.el; patch attached.  I picked the "H" character for the
company that brought us the original word, since "S" was taken.  I can
see it being applied by score or by a splitting-time function.  I also
added a gnus-summary-mark-as-spam function, which could be augmented
to also report the spam to user-defined destinations.

I don't think a user would always want spam going to the same folder,
as a score would force them to do.  That's why the spam mark makes
sense.  You can apply it to an article; it will be treated as a
gnus-killed-mark in most ways.  But you can limit the summary to spam
only, whereas otherwise you're stuck with differently scored, but
otherwise alike articles.

Thanks
Ted


[-- Attachment #2: gnus-spam-mark addition patch --]
[-- Type: text/plain, Size: 2494 bytes --]

--- gnus-sum.el	Tue Apr  2 16:57:30 2002
+++ gnus-sum-tzz.el	Tue Apr  2 16:28:46 2002
@@ -420,6 +420,11 @@
   :group 'gnus-summary-marks
   :type 'character)
 
+(defcustom gnus-spam-mark ?H
+  "*Mark used for spam articles."
+  :group 'gnus-summary-marks
+  :type 'character)
+
 (defcustom gnus-souped-mark ?F
   "*Mark used for souped articles."
   :group 'gnus-summary-marks
@@ -536,7 +541,7 @@
   :type 'boolean)
 
 (defcustom gnus-auto-expirable-marks
-  (list gnus-killed-mark gnus-del-mark gnus-catchup-mark
+  (list gnus-spam-mark gnus-killed-mark gnus-del-mark gnus-catchup-mark
 	gnus-low-score-mark gnus-ancient-mark gnus-read-mark
 	gnus-souped-mark gnus-duplicate-mark)
   "*The list of marks converted into expiration if a group is auto-expirable."
@@ -2326,15 +2331,10 @@
 (defvar gnus-summary-tool-bar-map nil)
 
 ;; Emacs 21 tool bar.  Should be no-op otherwise.
-;; NB: A new function tool-bar-local-item-from-menu is added in Emacs
-;; 21.2.50+.  Considering many users use Emacs 21, use
-;; tool-bar-add-item-from-menu here.
 (defun gnus-summary-make-tool-bar ()
-  (if (and
-       (condition-case nil (require 'tool-bar) (error nil))
-       (fboundp 'tool-bar-add-item-from-menu)
-       (default-value 'tool-bar-mode)
-       (not gnus-summary-tool-bar-map))
+  (if (and (fboundp 'tool-bar-add-item-from-menu)
+	   (default-value 'tool-bar-mode)
+	   (not gnus-summary-tool-bar-map))
       (setq gnus-summary-tool-bar-map
 	    (let ((tool-bar-map (make-sparse-keymap))
 		  (load-path (mm-image-load-path)))
@@ -7248,7 +7248,7 @@
      ;; Concat all the marks that say that an article is read and have
      ;; those removed.
      (list gnus-del-mark gnus-read-mark gnus-ancient-mark
-	   gnus-killed-mark gnus-kill-file-mark
+	   gnus-killed-mark gnus-spam-mark gnus-kill-file-mark
 	   gnus-low-score-mark gnus-expirable-mark
 	   gnus-canceled-mark gnus-catchup-mark gnus-sparse-mark
 	   gnus-duplicate-mark gnus-souped-mark)
@@ -9133,6 +9133,13 @@
 the actual number of articles marked is returned."
   (interactive "p")
   (gnus-summary-mark-forward n gnus-expirable-mark))
+
+(defun gnus-summary-mark-as-spam (n)
+  "Mark N articles forward as spam.
+If N is negative, mark backward instead.  The difference between N and
+the actual number of articles marked is returned."
+  (interactive "p")
+  (gnus-summary-mark-forward n gnus-spam-mark))
 
 (defun gnus-summary-mark-article-as-replied (article)
   "Mark ARTICLE as replied to and update the summary line.

Re: Spam spam spam spam spam

[Russ Allbery]

Michel Schinz <Michel.Schinz@epfl.ch> writes:

> That sounds great. I personally use the following technique, which is
> also simple and which, until last week, caught something like 95% of
> the spam. The idea is simple: most spammers (until last week at
> least :-) don't bother putting your e-mail address in the "To:" (or
> "Cc:", or whatever) field.

Yeah, that used to catch essentially all of mine, but unfortunately it's
now down to only catching about 50%.  Spammers are getting smarter.

-- 
Russ Allbery (rra@stanford.edu)             <http://www.eyrie.org/~eagle/>

Re: Spam spam spam spam spam

[Frank Schmitt]

Russ Allbery <rra@stanford.edu> writes:

>>That sounds great. I personally use the following technique, which is
>>also simple and which, until last week, caught something like 95% of
>>the spam. The idea is simple: most spammers (until last week at
>>least :-) don't bother putting your e-mail address in the "To:" (or
>>"Cc:", or whatever) field.
>
>Yeah, that used to catch essentially all of mine, but unfortunately it's
>now down to only catching about 50%.  Spammers are getting smarter.

I still catch 90% percent with the technique described above plus those
rules:

;;I don't speak Asian languages, so I can only gues  that the mails with
;;those encodings are really spam :-)
("Spam" "^Content-Type:.*\\(ks_c_5601-1987\\|EUC-KR\\|iso-2022-jp\\).*")

;;some common spam subjects plus Asia-Spam encodings
("Spam" "^Subject:.*\\(This really work\\|XINGA\\|ADV:\\|XXX\\|\=\?ks_c_5601-1987\?\\|\=\?euc-kr\?\\).*")

;;MUAs spammers often use:
("Spam" "^X-Mailer:\\(\ mailer\\|.*BulkMailer.*\\|.*MIME::Lite.*\\|.*CyberCreek Avalanche.*\\|.*http\:\/\/GetResponse\.com.*\\)$")
	     
;;some spammers who send spam to me which I don't catch with the other rules
("Spam" "^From:.*\\(verizon\.net\\|prontomail\.com\\|money\\).*")

-- 
One Ring to rule them all, One Ring to find them,
One Ring to bring them all and in the darkness bind them
In the Land of Mordor where the Shadows lie.
19. Dezember 2001

Re: Spam spam spam spam spam

[news]

Lloyd Zusman <ljz@asfast.com> writes:

> "Jason R. Mastaler" <jason-dated-1018226307.34c310@mastaler.com> writes:
>
>> Lars Magne Ingebrigtsen <larsi@gnus.org> writes:
>>
>>> I think TMDA is a perfectly good alternative, but I don't think it's
>>> for everybody.
>>
>> Very true.  I wrote TMDA for the same reason - because what was out
>> there wasn't for me.  Not effective enough, too time consuming, risk
>> of false positives too high.
>>
>> Given that the UCE problem isn't going away any time soon, it's nice
>> that we now have lots of alternative countermeasures to choose from.
>>
>> Cheers.
>
> Agreed.  And now, I'm using two of these countermeasures
> simultaneously:  SpamAssassin and TMDA.

Thanks to prompting from this thread, I found SpamAssassin can
also be used on the mail server with sendmail + spamass-milter,
written by Georg Greve.  I'm running it now, with results
superior to the dnsbl checks I had been running.  

Chris

Re: Spam spam spam spam spam

[Ted Zlatanov]

[-- Attachment #1: Type: text/plain, Size: 2556 bytes --]

On Tue, 02 Apr 2002, teodor.zlatanov@divine.com wrote:
> Lars Magne Ingebrigtsen <larsi@gnus.org> writes:
> 
>> The spam.el file contains rudimentary whitelist/blacklist support,
>> and you can build on that.
> 
> What features are missing that you wanted to add?
> 
> Did you want to finish the work?  It looks like spam.el is
> semi-complete already.  I don't mind picking up - it's always fun to
> polish my Lisp.  Just let me know what features/functions you
> wanted.

> What did you think about the "spam" mark?  I've added it to
> gnus-sum.el; patch attached.  I picked the "H" character for the
> company that brought us the original word, since "S" was taken.  I
> can see it being applied by score or by a splitting-time function.
> I also added a gnus-summary-mark-as-spam function, which could be
> augmented to also report the spam to user-defined destinations.

I haven't heard about the patch I submitted to add a "spam" mark.
Will that be committed by anyone, or is there a problem with the
patch?  

Also, I wanted to know what features were missing from spam.el that I
should add.  I know one eventual goal was to use it for splitting spam
in nnml-split-fancy with spam-address-whitelisted-p, and it seems like
it's already there.  What else?  Hooks for spamcop, TMDA, etc?

The spam-check-blackholes code will break on a full IPv6 address, is
there existing Emacs functionality to match those?  I didn't want to
write out the full IPv6 spec, it's pretty nasty.  Do we even care - do
those blackhole servers support IPv6 addresses?

I'm attaching a simple patch for a new function, spam-enter-blacklist,
which just invokes spam-enter-whitelist with the BLACKLIST parameter
t.  I think users will find it convenient.  The patch also fixes the
docstring for the blacklist file var, and adds more information to
both the whitelist and the blacklist file vars.

I'd like to add a gnus-summary-mark-as-spam-hooks hooks list to the
gnus-summary-mark-as-spam function, and then the user can invoke the
spam-enter-blacklist functions on a message as it is being marked as
spam.  That makes sense to me (mark as spam -> trigger add to
blacklist).  Does that sound reasonable?  Marking as spam with the
universal prefix might invoke the gnus-summary-mark-as-nonspam
function and the corresponding gnus-summary-mark-as-nonspam-hooks
hooks list.  This might require extra care, because we don't
necessarily want to add the same header always.  So there might be
"blacklist this sender", "blacklist this message-ID", and so on
functions.

Thanks
Ted


[-- Warning: decoded text below may be mangled, UTF-8 assumed --]
[-- Attachment #2: spam.patch --]
[-- Type: text/x-patch, Size: 1311 bytes --]

--- spam.el	Fri Apr  5 14:14:27 2002
+++ tzz-spam.el	Fri Apr  5 14:21:45 2002
@@ -61,16 +61,16 @@
   "When spam files are kept.")
 
 (defvar spam-whitelist (expand-file-name "whitelist" spam-directory)
-  "The location of the whitelist.")
+  "The location of the whitelist file.  One address (string or regular expression) per line.")
 					 
 (defvar spam-blacklist (expand-file-name "blacklist" spam-directory)
-  "The location of the whitelist.")
+  "The location of the blacklist file.  One address (string or regular expression) per line.")
 
 (defvar spam-whitelist-cache nil)
 (defvar spam-blacklist-cache nil)
 
 (defun spam-enter-whitelist (address &optional blacklist)
-  "Enter ADDRESS into the whitelist."
+  "Enter ADDRESS into the whitelist, or the blacklist with the optional parameter BLACKLIST."
   (interactive "sAddress: ")
   (let ((file (if blacklist spam-blacklist spam-whitelist)))
     (unless (file-exists-p (file-name-directory file))
@@ -83,6 +83,11 @@
 	(insert "\n"))
       (insert address "\n")
       (save-buffer))))
+
+(defun spam-enter-blacklist (address)
+  "Enter ADDRESS into the blacklist."
+  (interactive "sAddress: ")
+  (spam-enter-whitelist address t))
 
 (defun spam-parse-whitelist (&optional blacklist)
   (let ((file (if blacklist spam-blacklist spam-whitelist))

Re: Spam spam spam spam spam

[Ted Zlatanov]

On Mon, 01 Apr 2002, nagya@inf.elte.hu wrote:
> On Sat, 30 Mar 2002, at 16:59, Lars Magne Ingebrigtsen
> <larsi@gnus.org> wrote:
> 
>>    d) A white-list (sees whether you have flagged this as
>>    legitimate user)
> 
> You might want to use BBDB here; have a look at
> http://my.gnus.org/Lisp/1012588625 .

That was my first thought too, but we shouldn't expect users to use
BBDB just so they can fight spam.

Also, a separate white/black list (1 entry per line) file is easier to
import from other sources, and easier to export.  Maybe there should
be an optional hook on spam-address-whitelisted-p that checks the BBDB
as well, for those who want that?  The spam-enter-whitelist function
can also be given a hook to add data to the BBDB instead of a file.

Maybe there should be spam-whitelists-sources and
spam-blacklists-sources lists, with "filename" (or 'file), 'bbdb, and
nil as possible values?

What would be a good BBDB field name, "spam-whitelist"?  I can't
imagine anyone using the BBDB for blacklisting.

Thanks
Ted

Re: Spam spam spam spam spam

[Kai Großjohann]

Ted Zlatanov <teodor.zlatanov@divine.com> writes:

> What would be a good BBDB field name, "spam-whitelist"?  I can't
> imagine anyone using the BBDB for blacklisting.

Presumably, _all_ entries in the BBDB are very white candidates.
Maybe it is enough to tell Gnus that everybody in BBDB is white?

kai
-- 
Silence is foo!

Re: Spam spam spam spam spam

[Jon Ericson]

Ted Zlatanov <teodor.zlatanov@divine.com> writes:

> What would be a good BBDB field name, "spam-whitelist"? 

Um...  It seems to me that if someone is in the BBDB, they would, by
default, be on the whitelist.  Besides, I already use the
`gnus-private' field to split mail.

> I can't imagine anyone using the BBDB for blacklisting.

I can.  (As a matter of fact, I use the BBDB to split uninteresting
messages to lower priority mail groups.)

Jon
-- 
  Two are better than one, because they have a good return for their
  work: If one falls down, his friend can help him up... Though one
  may be overpowered, two can defend themselves. A cord of three
  strands is not quickly broken. -- Ecclesiastes 4:9,12 (NIV)

Re: Spam spam spam spam spam

[Derrell.Lipman]

Kai.Grossjohann@CS.Uni-Dortmund.DE (Kai Großjohann) writes:

> Ted Zlatanov <teodor.zlatanov@divine.com> writes:
>
>> What would be a good BBDB field name, "spam-whitelist"?  I can't
>> imagine anyone using the BBDB for blacklisting.
>
> Presumably, _all_ entries in the BBDB are very white candidates.
> Maybe it is enough to tell Gnus that everybody in BBDB is white?

That doesn't work when BBDB entries are made automatically when messages are
received.  I like having the automagic entries; the downside is that my BBDB
contains everyone I've ever received spam from.  Definitely *not* all white.

Derrell

Re: Spam spam spam spam spam

[Ted Zlatanov]

On Fri, 05 Apr 2002, Jon.Ericson@jpl.nasa.gov wrote:
> Ted Zlatanov <teodor.zlatanov@divine.com> writes:
> 
>> What would be a good BBDB field name, "spam-whitelist"? 
> 
> Um...  It seems to me that if someone is in the BBDB, they would, by
> default, be on the whitelist.  Besides, I already use the
> `gnus-private' field to split mail.

Someone mentioned the auto-notice ability, which I also use.  Maybe
this could be selectable ('bbdb or 'bbdb-whitelist-field).

>> I can't imagine anyone using the BBDB for blacklisting.
> 
> I can.  (As a matter of fact, I use the BBDB to split uninteresting
> messages to lower priority mail groups.)

So maybe a spam-blacklist field would be useful?  I always think of
the BBDB as a place for interesting addresses, but you are right to
want sorting the other way.

Ted

Re: Spam spam spam spam spam

[Toby Speight]

0> In article <3cy9srwc.fsf@random.localnet.UnwiredUniverse.com>,
0> Derrell Lipman <URL:mailto:Derrell.Lipman@UnwiredUniverse.com> ("Derrell") wrote:

Derrell> Kai.Grossjohann@CS.Uni-Dortmund.DE (Kai Großjohann) writes:

>> Presumably, _all_ entries in the BBDB are very white candidates.
>> Maybe it is enough to tell Gnus that everybody in BBDB is white?

Derrell> That doesn't work when BBDB entries are made automatically
Derrell> when messages are received.  I like having the automagic
Derrell> entries; the downside is that my BBDB contains everyone I've
Derrell> ever received spam from.  Definitely *not* all white.

I avoid this by splitting (probable) spam into a separate group that I
check once a week or so, which has (gnus-auto-select-first nil) in its
group parameters, so I never make BBDB entries for spam.  Additionally,
one could make a buffer-local of bbdb/news-auto-create-p for the group.

Re: Spam spam spam spam spam

[John H Palmieri]

Speaking of spam, when I'm at work, I can run spamassassin and
everything is pretty much okay.  At home, though, I get all of my mail
from a pop server.  That is, my home machine receives no mail, so I
can forward incoming mail through procmail until I'm blue in the face,
but of course it has no effect.  What can I do to filter spam (or tag
spam) with this setup?

-- 
J. H. Palmieri, Dept of Mathematics, Univ of Washington

We've been having problems with our mail server.
If you don't receive this message, please let me know.

Re: Spam spam spam spam spam

[Nevin Kapur]

John H Palmieri <palmieri@math.washington.edu> writes:

> Speaking of spam, when I'm at work, I can run spamassassin and
> everything is pretty much okay.  At home, though, I get all of my mail
> from a pop server.  That is, my home machine receives no mail, so I
> can forward incoming mail through procmail until I'm blue in the face,
> but of course it has no effect.  What can I do to filter spam (or tag
> spam) with this setup?

You could use fetchmail to get your mail and then point your mail
reader to the local files it (and subsequently procmail) deliver to.

-- 
:: Nevin ::

Re: Spam spam spam spam spam

[Stainless Steel Rat]

* John H Palmieri <palmieri@math.washington.edu>  on Sat, 13 Apr 2002
| but of course it has no effect.  What can I do to filter spam (or tag
| spam) with this setup?

Use fetchmail and run everything through a custom mda, like this:

  mda "/usr/bin/formail -b | /usr/local/bin/dccproc >>/var/spool/mail/ratinox"

I use DCC, but you can use anything that operates as a filter this way.
-- 
Rat <ratinox@peorth.gweep.net>    \ Happy Fun Ball may stick to certain types
Minion of Nathan - Nathan says Hi! \ of skin.
PGP Key: at a key server near you!  \ 
       That and five bucks will get you a small coffee at Starbucks.

Re: Spam spam spam spam spam

[Bill White]

On Sat Apr 13 2002 at 17:49, John H Palmieri <palmieri@math.washington.edu> said:

> Speaking of spam, when I'm at work, I can run spamassassin and
> everything is pretty much okay.  At home, though, I get all of my
> mail from a pop server.  That is, my home machine receives no mail,
> so I can forward incoming mail through procmail until I'm blue in
> the face, but of course it has no effect.  What can I do to filter
> spam (or tag spam) with this setup?

I run spamassassin as the next-to-last step of my nnmail-split-fancy,
after messages have been matched against my whitelisted email
addresses and headers.

One caveat: call-process-region doesn't seem to play nicely with 8-bit
characters in some circumstances.  With this setup I get the ol' \201
in front of each one sometimes (and I haven't debugged it yet).  Any
advice for that?

----------------------------------------------------------------------
(setq nnmail-split-methods 'nnmail-split-fancy)

(if (string= "billwlx" (getenv "HOSTNAME"))
    (setq spamassassin-script "/home/usr0/billw/bin/spamassassin/spamassassin"
	  spamassassin-rules "/home/usr0/billw/bin/spamassassin/rules")
  (setq spamassassin-script "/home/billw/bin/SpamAssassin/spamassassin"
	spamassassin-rules "/home/billw/bin/SpamAssassin/rules"))

(defun spamassassin-on-message ()
  ;; use " *nnmail incoming*" while splitting crash-box
    (if (get-buffer " *nnmail incoming*")
	(set-buffer " *nnmail incoming*")
  ;; use gnus-original-article-buffer while respooling & tracing
      (set-buffer gnus-original-article-buffer))
    (call-process-region (point-min) (point-max) 
			 spamassassin-script
			 t t t
			 "-P" "-c" spamassassin-rules)
    (goto-char (point-min))
    (when (re-search-forward "^X-Spam-Status: Yes" nil t)
      "spamassassin"))

(setq nnmail-split-fancy
      '(|
	("to" ".*billw@wri\\.com" "spamtrap")
	(from ".*Dan Largent.*" "personal")
	(from ".*Michelle Largent.*" "personal")
	("Subject" ".*Voice mail waiting for x.*" "voice-mail")
[...]
	("sender" "owner-ding@hpc\\.uh\\.edu"
	 (: (lambda nil (format-time-string "gnus.%Y.%m"))))
	(any "owner-wri-\\b\\(\\w+\\)" "wri.\\1")
  	(: spamassassin-on-message)
	(: (lambda nil (format-time-string "mail.misc.%Y.%m")))))
----------------------------------------------------------------------

Hope this helps.

Cheers -

bw
-- 
Bill White . billw@wolfram.com . http://members.wri.com/billw
"No ma'am, we're musicians."

Re: Spam spam spam spam spam

[Harry Putnam]

John H Palmieri <palmieri@math.washington.edu> writes:

> Speaking of spam, when I'm at work, I can run spamassassin and
> everything is pretty much okay.  At home, though, I get all of my mail
> from a pop server.  That is, my home machine receives no mail, so I
> can forward incoming mail through procmail until I'm blue in the face,
> but of course it has no effect.  What can I do to filter spam (or tag
> spam) with this setup?

A different approach than those posted might be to investigate
alternative pop servers.  Mine allows a fairly complex filter setup
right at the source.  (Newsguy).  I can set as many filters as I like
that simply delete unwanted stuff or forward it to an address of my
choice.

It has web pages where this is done.

Re: Spam spam spam spam spam

[Lars Magne Ingebrigtsen]

Daniel Pittman <daniel@rimspace.net> writes:

>> Say, `y' to send the spam for open relay checking, Razoring,
>> assassination and all the rest.
>
> If you want to write this, the following things would be great:
>
> * pipe message through a clean-up filter.
> * send to one or more addresses as a 'bounce' (filtered message as is.)
> * send to one or more addresses as an rfc822 attachment.
> * pipe message through one or more reporting filters.
> * optionally delete the message.
> * optionally move the message to a different folder (and backend).

I wonder whether somebody has written an external program that does
this?  And whether it's included in Debian?  Then we won't have to
write this ourselves...

> Anyway, I had not gotten the round tuits needed to bring the code up to
> date from when it only did a forward-attached to SpamCop. Here it is.
> I have signed my papers and everything so feel free to use this as a
> basis for something more sensible.
>
>         Daniel
>
> (defvar spamcop::report-address "quick.XXXXXXXXXXXXXXXX@spam.spamcop.net"
>   "The address that SpamCop reports should be sent to.")

[code elided]

Nice.  If an external program doesn't exist, does somebody want to
take a whack at perhaps putting this in a more generalized overview,
and hook it into spam.el?

-- 
(domestic pets only, the antidote for overdose, milk.)
   larsi@gnus.org * Lars Magne Ingebrigtsen

Re: Spam spam spam spam spam

[Lars Magne Ingebrigtsen]

Mark Milhollan <mlm@attglobal.net> writes:

>>Anyway, I've now implemented DNS lookups natively.  (You need CVS
>>Emacs.)  
>
> I won't ask about EDNS0

What's that, then?

> or fall back to TCP (especially if the result via
> UDP is truncated)

I do that.  Well, I don't check whether UDP is truncated, though.  I
think. 

> or DNSSEC, since they are unlikely to be necessary for DNSBL
> purposes (so far).

Yup.

-- 
(domestic pets only, the antidote for overdose, milk.)
   larsi@gnus.org * Lars Magne Ingebrigtsen

Re: Spam spam spam spam spam

[Simon Josefsson]

Mark Milhollan <mlm@attglobal.net> writes:

> Lars Magne Ingebrigtsen <larsi@gnus.org> writes:
>
>>Anyway, I've now implemented DNS lookups natively.  (You need CVS
>>Emacs.)  
>
> I won't ask about EDNS0 or fall back to TCP (especially if the result via
> UDP is truncated) or DNSSEC, since they are unlikely to be necessary for
> DNSBL purposes (so far).

spam.el can use dig.el too, now, so all of that should be possible.