[clug-talk] Help: Spam FIltering With Inflex

Gustin Johnson gustin at echostar.ca
Fri Sep 9 12:59:15 PDT 2005


I have moved away from content filtering.  The spammers just change the 
subjects
and the content.  Also CPU utulization grows non-linearly.  What we do now is
check source of the smtp connection, compare that ip against a couple of RBL
lists, then either reject the connection or continue with the transaction.

The upside is that I do not constantly need to tinker with our scripts, 
we see a
massive reduction in bandwidth utilization (the messages are rejected 
before any
data is transmitted), and the sender gets a bounceback that aids in the
correction of a false positive.  I know I am getting tired of email 
black holes
(the U of C was getting bad for this about 2 years ago).

I save content filtering for mail sorting once mail is accepted (sieve is
awesome btw).

There are of course other perspectives but this approach seems to me to 
strike a
reasonable balance between facilitating communication (which is what email is
supposed to used for) and removing unwanted messages.

If interested I can give you a list of currently used RBLs.

-- 
No trees were harmed in the transmission of this message, however a 
large number
of electrons were seriously inconvenienced.


Quoting Tek Budda <TekBudda at shaw.ca>:

> Tek Budda wrote:
>> Hope someone can help.
>>
>> We use a modified version of the inflex script for doing our mail 
>> filtering.  This was established by my old boss and was working very 
>> well.  But lately we have been getting a lot more spam and I want to 
>> be able to add items to it to stop the flow of crap coming into 
>> inboxes.
>>
>> Problem being is that my old boss forgot to show me how to add stuff 
>> to it.  I have tried googling a bit and have checked the project 
>> page, but I am just not sure if I am looking at the right thing.
>>
>> I am fine with this part:
>> # How do I add more file types to block?
>> Around line 306 of the /usr/local/inflex/inflex script. You will 
>> notice there are lines which look like (note, filename scanning 
>> starts at ~325):
>>
>>     ${cut} -d: -f2  ${tmpdir}/fileresults | ${grep} "MS-DOS 
>> executable"  >> ${typebadfileslog}
>>     ${cut} -d: -f2  ${tmpdir}/fileresults | ${grep} "PC bitmap data" 
>> gt;gt; ${typebadfileslog}
>>     ${cut} -d: -f2  ${tmpdir}/fileresults | ${grep} "AVI"  gt;gt; 
>> ${typebadfileslog}
>>
>> The file type descriptor (ie "AVI", "MPEG") is from the /etc/magic 
>> file. Just add another ${grep} line to the end of the current list, 
>> with the new /etc/magic tag type you're trying to block.
>> # Can I search for text strings in messages?
>>
>> This is what I am not sure about.  I am wanting to filter on the 
>> subject messages if at all possible because we are getting al lot of 
>> the same spams.
>> Around line 343 of the /usr/local/inflex/inflex script you'll see 
>> the entries required for scanning for text in your files. NOTE that 
>> I'm using grep -ri, this is for [R]ecursive and case[I]nsensitive 
>> scanning. You can change this as you wish.
>>
>>     #grep -ri "Kill the boss" ${tmpdir}/* gt;gt; ${textbadfileslog}
>>     grep -ri "> > > >" ${unpackdir}/* gt;gt; ${textbadfileslog}
>>
>> I will continue digging aorund and mulling through the script as 
>> well to find some hints, but if anyone has any ideas or suggestions 
>> please let me know.
>
> I may have found the answer to my own question but would still 
> welcome any comments or suggestions.
>
>
> _______________________________________________
> clug-talk mailing list
> clug-talk at clug.ca
> http://clug.ca/mailman/listinfo/clug-talk_clug.ca
> Mailing List Guidelines (http://clug.ca/ml_guidelines.php)
> **Please remove these lines when replying
>



---------------------------------------------------
This message was sent using Echostar Secure Webmail

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: PGP Digital Signature
Url : /pipermail/clug-talk_clug.ca/attachments/20050909/27538308/attachment.bin


More information about the clug-talk mailing list