Re: Good SPAM filter for Outlook for use in a small non-profite ORG

["Mario A. Spinthiras" <mario () netway com cy>]

Devdas Bhagat wrote:
> On 24/09/06 16:50 +0300, Mario A. Spinthiras wrote:
>   
> > Is there a way to implement RBL within an email client ? If so you dont 
> >     
>
> SpamAssassin or equivalent.
>
>   
> > need much of the super duper applications written today to stop spam. 
> > RBL usually works perfectly on mail servers. I dont see how it couldnt 
> >     
>
> DNSBLs are supposed to be used on MX hosts. anything beyond that leads
> to accept, then bounce scenarios, or merely tagging as spam.
>
> Devdas Bhagat
>
> ---------------------------------------------------------------------------
> This list is sponsored by: Norwich University
>
> EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
> The NSA has designated Norwich University a center of Academic Excellence 
> in Information Security. Our program offers unparalleled Infosec management 
> education and the case study affords you unmatched consulting experience. 
> Using interactive e-Learning technology, you can earn this esteemed degree, 
> without disrupting your career or home life.
>
> http://www.msia.norwich.edu/secfocus
> ---------------------------------------------------------------------------
>
>
>   
Indeed i agree. Receiving and bouncing isnt necessarily a bad thing 
though. I agree its a waste of bandwidth since your already downloading 
the message. Today's world is full of high speed connections though so 
doesnt really matter. Plus taking into consideration the fact that if 
its a virus , an author will make the malicious code as small as 
possible in order for the end-user-stupid-user to download it nice and 
fast. That includes spam too. Spammers make the messages very crafty and 
simple.


I have been working on a basic code to slowly develop into something 
transparent for *nix users between the POP3 and the Email client. Code 
is as below. Just to make some minds think. Its far from finished but it 
will definitely inspire.

BEGIN CODE----------------------------------
#!/bin/sh
echo "[*] Spam Check Tool"
echo "[*] Mario A. Spinthiras (mario at netway dot com dot cy)"
echo ""
echo ""


if [ -z $1 ]; then
   echo "Not enough parameters."
   echo "Usage: $0 [host]";
   echo ""
   echo "Application Terminated!"
   exit;
fi

echo "[*] Initializing Application..."
YESRBL="0"
NORBL="0"
RBLNUM="0"
RBLHOST=$1
FINALNUM="0"
RBLS="in.dnsbl.org sbl.spamhaus.org whois.rfc-ignorant.org 
relays.ordb.org nonconfirm.mail-abuse.org dialups.mail-abuse.org 
dnsbl.njabl.org dnsbl.sorbs.net list.dsbl.org multihop.dsbl.org 
multihop.dsbl.org"
for i in $RBLS; do
RBLNUM=$(echo $RBLNUM + 1|bc -l)
done


echo "[*] RBL lists available: $RBLNUM"

echo "[*] Checking for mail servers."
OUTPUT=$(host -t MX $RBLHOST|awk '{ print $7 }'|sed -e 's/.$//g')


if [ -z "$OUTPUT" ]; then
   echo "[*] Could not retreive mail servers for the requested domain."
   echo "[*] Exiting."
   exit;
fi

for g in $OUTPUT; do
   FINALOUT="$g $FINALOUT"
done

echo "[*] Mail servers: $FINALOUT"
for i in $FINALOUT; do
FINALNUM=$(echo $FINALNUM + 1|bc -l)
done
echo "[*] Mail Servers to query: $FINALNUM"


echo "[*] Performing dns queries.."

for a in $FINALOUT; do
IPTEMP=""
IPTEMP=$(nslookup $a|grep Address|grep -v "#"|awk '{ print $2 }')
if [ -z "$IPTEMP" ]; then
echo "[*] Could not resolve mail server."
echo "[*] Exiting."
exit;
else
IPFINAL="$IPTEMP $IPFINAL"
IPTEMP=$(echo $IPTEMP|sed -e "s/^M//")

echo "[*] MX: $a is $IPTEMP"
IPFINAL=$(echo $IPFINAL|sed -e "s/^M//")
fi
done

echo "[*] Setting up RBL query..."
for t in $IPFINAL; do
PERFORM="$PERFORM $(echo $t|sed '/\n/!G;s/\(.\)\(.*\n\)/&\2\1/;//D;s/.//')"
done
echo "[*] Reverse Ready: $PERFORM"
echo "[*] Checking RBL lists..."

for v in $RBLS; do
for x in $PERFORM; do
QUERYRBL=""
QUERYRBL=$(nslookup $x.$v|grep Address|grep -v "#"|awk '{ print $2 }')
if [ -z "$QUERYRBL" ]; then
NORBL="$(echo "$NORBL +1"|bc -l)"
echo "[*] NO!: $v - ($(echo $x|sed 
'/\n/!G;s/\(.\)\(.*\n\)/&\2\1/;//D;s/.//'))"
else
YESRBL="$(echo "$YESRBL +1"|bc -l)"
YESHOST="$(echo $YESHOST $x|sed '/\n/!G;s/\(.\)\(.*\n\)/&\2\1/;//D;s/.//')"
echo "[*] YES!: $v - ($(echo $x|sed 
'/\n/!G;s/\(.\)\(.*\n\)/&\2\1/;//D;s/.//'))"
fi

done
done


echo "[*] Finished queries!"
echo "[*] Not Passed: $YESRBL"
echo "[*] Passed: $NORBL"

END CODE-----------------------------------------------




---------------------------------------------------------------------------
This list is sponsored by: Norwich University

EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The NSA has designated Norwich University a center of Academic Excellence 
in Information Security. Our program offers unparalleled Infosec management 
education and the case study affords you unmatched consulting experience. 
Using interactive e-Learning technology, you can earn this esteemed degree, 
without disrupting your career or home life.

http://www.msia.norwich.edu/secfocus
---------------------------------------------------------------------------