[phpBB Debug] PHP Notice: in file [ROOT]/includes/session.php on line 2208: Array to string conversion
[phpBB Debug] PHP Notice: in file [ROOT]/includes/session.php on line 2208: Array to string conversion
[phpBB Debug] PHP Notice: in file [ROOT]/includes/session.php on line 2208: Array to string conversion
[phpBB Debug] PHP Notice: in file [ROOT]/includes/session.php on line 2208: Array to string conversion
[phpBB Debug] PHP Notice: in file [ROOT]/includes/session.php on line 2208: Array to string conversion
[phpBB Debug] PHP Notice: in file [ROOT]/includes/session.php on line 2208: Array to string conversion
[phpBB Debug] PHP Notice: in file [ROOT]/includes/session.php on line 2208: Array to string conversion
[phpBB Debug] PHP Notice: in file [ROOT]/includes/session.php on line 2208: Array to string conversion
[phpBB Debug] PHP Notice: in file [ROOT]/includes/session.php on line 2208: Array to string conversion
[phpBB Debug] PHP Notice: in file [ROOT]/includes/session.php on line 2208: Array to string conversion
[phpBB Debug] PHP Notice: in file [ROOT]/includes/session.php on line 2208: Array to string conversion
[phpBB Debug] PHP Notice: in file [ROOT]/includes/session.php on line 2208: Array to string conversion
[phpBB Debug] PHP Notice: in file [ROOT]/includes/session.php on line 2208: Array to string conversion
[phpBB Debug] PHP Notice: in file [ROOT]/includes/session.php on line 2208: Array to string conversion
[phpBB Debug] PHP Notice: in file [ROOT]/includes/session.php on line 2208: Array to string conversion
[phpBB Debug] PHP Notice: in file [ROOT]/includes/session.php on line 2208: Array to string conversion
[phpBB Debug] PHP Notice: in file [ROOT]/includes/session.php on line 2208: Array to string conversion
[phpBB Debug] PHP Notice: in file [ROOT]/includes/session.php on line 2208: Array to string conversion
[phpBB Debug] PHP Notice: in file [ROOT]/includes/session.php on line 2208: Array to string conversion
[phpBB Debug] PHP Notice: in file [ROOT]/includes/session.php on line 2208: Array to string conversion
[phpBB Debug] PHP Notice: in file [ROOT]/includes/session.php on line 2208: Array to string conversion
[phpBB Debug] PHP Warning: in file [ROOT]/includes/functions.php on line 4688: Cannot modify header information - headers already sent by (output started at [ROOT]/includes/functions.php:3823)
[phpBB Debug] PHP Warning: in file [ROOT]/includes/functions.php on line 4690: Cannot modify header information - headers already sent by (output started at [ROOT]/includes/functions.php:3823)
[phpBB Debug] PHP Warning: in file [ROOT]/includes/functions.php on line 4691: Cannot modify header information - headers already sent by (output started at [ROOT]/includes/functions.php:3823)
[phpBB Debug] PHP Warning: in file [ROOT]/includes/functions.php on line 4692: Cannot modify header information - headers already sent by (output started at [ROOT]/includes/functions.php:3823)
Poco Forums • View topic - How to tackle SPAM

How to tackle SPAM

Discussion on Bayesian and standard junk mail filters

Moderators: Eric, Tomas, robin, Michael

How to tackle SPAM

Postby Maximus » Wed Jun 08, 2005 7:32 am

I have been getting a lot of junk mails lately. Whilst my hosting provider has a spam filter, Poco junk mail filtering does the rest of the job.

I use "black lists" of words within subjects and within the message body.
Most of the emails contain one or several URLs that the spammers want me to click on (usually to sell Viagra, loans, luxury goods of any kind, etc.)

Currently, I can add the URL (i.e. the root part of it) to the "message body" black list within Poco's junk mail filter and assign at the maximum 9 points to it.

Proposal 1:
I would appreciate, if Pocomail contained a feature to automatically mark any email containing such a URL as junk, i.e. assign 1000 points to it. The root URL is the single most effective way identifying a spam mail.

URL in the email: h**p://www.yourdocs24.info/vp/
==>Root URL as added to my "message body" black list: yourdocs24.info

Proposal 2:
Just another thought: What about, if Pocosystem offered a service containing a black list of URLs reported by the users?
Whenever we would open Pocomail, the current URL black list gets downloaded.
Whenever one of the users receives spam emails with a new root URL, he/she could report it to Poco's public URL black list.
I admit there should be some sort of a process on how to remove a mistakenly added URL from the black list, e.g. a user adds microsoft.com to the public blacklist, because he/she does not like the company :-)

Now, it's your turn: What do you think about this :?:

~ Moved to Junk Mail filtering ... Eric ~
Maximus
Resident Poster
 
Posts: 169
Joined: Fri Aug 13, 2004 8:03 pm
Location: Zürich, Switzerland

Postby Michael » Wed Jun 08, 2005 3:59 pm

Regarding proposal #1, you can do this now via a creative use of an incoming message filter. To do so create a filter with the following conditions:

Search: Message Body
For: http://
AND
Search: Message Body
For: %file%:"GoodURLs.txt"
Match only if not found
Perform: Increase junk score (enter value in box below this).

Duplicate this filter and change condition 1 to:

Search: Message Body
For: <a href=

Notes:
  1. This technique allows you to keep a list of "good urls" in a file called "GoodURLs.txt". Store this file in your main Poco directory.
  2. This may prove slow as the entire message body will be searched twice for each message. This could possibly be made faster via a script that only checks each message once. I haven't tested this to see if the script method would be faster or not.
Michael
Moderator
 
Posts: 866
Joined: Mon Jul 26, 2004 12:14 pm
Location: Victoria BC, Canada

Postby Michael » Thu Jun 09, 2005 2:30 am

Note, to add a condition which disables the above filter for messages from people you know simply add the following condition to the filter (joined with an "AND" operator):

Search: From
For: Known senders <%addressbooks%>
Match only if not found.
Michael
Moderator
 
Posts: 866
Joined: Mon Jul 26, 2004 12:14 pm
Location: Victoria BC, Canada

Postby Maximus » Thu Jun 09, 2005 4:07 am

Thanks Michael

In the meantime I have noted that I can add a number higher than +9 to a term in the message body black list, even though the junkbody.txt file starts out by saying
>Score should be from -20 to +9 for best results

So, if Poco finds a spam root url within the message body, I add +1000 points to it.

Still, I'll be trying your solution, especially since this could help me to recognize emails sent by friends, e.g. they forward me a spam mail (containing a URL), in order to warn me or anything

Adi
Maximus
Resident Poster
 
Posts: 169
Joined: Fri Aug 13, 2004 8:03 pm
Location: Zürich, Switzerland

Postby SFCurley » Thu Jun 09, 2005 7:15 am

As is often the case, I am humbled by the simplicity and elegance of another's approach. (I did have a real reason for doing the script originally, but have re-thought it based on Michael's approach.) Thanks, Michael.
SFCurley
 

Spam dealing

Postby Orion » Mon Jun 13, 2005 12:59 am

Just a comment to your suggestion no. 2, to keep a blacklist of URLs from the users.

Though a good idea the problem will always be that some URLs could end up in the blacklist that you, I or others do not think belongs there. Same problem can be said about blacklisting domains or email addresses "generally" since an email can be "stolen" for purposes of spam.

Tricky thing. I personally gave up on Barca's built-in antispam and now use K9 together with the DNSBL script.

Orion
Orion
Poco Tourist
 
Posts: 30
Joined: Thu Mar 10, 2005 9:47 pm

Postby Maximus » Thu Jun 16, 2005 8:55 pm

DNSBL script... just downloaded it... seems to be a great thing!

Thanks
Adi
Maximus
Resident Poster
 
Posts: 169
Joined: Fri Aug 13, 2004 8:03 pm
Location: Zürich, Switzerland

Postby FieldDir121 » Wed Jun 29, 2005 4:16 pm

Search: Message Header
For: %file%:"JunkURLS.txt"
Perform: Delete

Michael,

This sounds like it might be what I am looking for. I have a list of addresses:
[4.27.92.5]
[68.97.3.4]
etc.

I am currently using filters, but each filter can only hold 6 addresses so I end up having over a hundred filters. I would rather have the addresses in a file. Actually only the header line starting out with "Received" needs to be checked.

I would also like a way to add addresses from specific messages to the file, in numerical order, without having to do it manually.

Scott
FieldDir121
Resident Poster
 
Posts: 149
Joined: Mon Aug 02, 2004 5:18 pm

Postby Michael » Wed Jun 29, 2005 5:16 pm

FieldDir121 wrote:Search: Message Header
For: %file%:"JunkURLS.txt"
Perform: Delete

Michael,

This sounds like it might be what I am looking for. I have a list of addresses:
[4.27.92.5]
[68.97.3.4]
etc.

I am currently using filters, but each filter can only hold 6 addresses so I end up having over a hundred filters. I would rather have the addresses in a file. Actually only the header line starting out with "Received" needs to be checked.


Yes, the technique I specified should work for this. I would change the file name to something more appropriate. Also, I thought there was a filter specification that could be used to look at specific headers within a message, I can't remember the syntax for this nor can I find it in my resources. If someone knows the syntax please post it and I'll update the unofficial FAQ.

FieldDir121 wrote:I would also like a way to add addresses from specific messages to the file, in numerical order, without having to do it manually.

Scott


I think you would need a script to do this. Adding them in ascending order would add a complication to the script but it could be done.
Michael
Moderator
 
Posts: 866
Joined: Mon Jul 26, 2004 12:14 pm
Location: Victoria BC, Canada

Postby FieldDir121 » Wed Jun 29, 2005 5:34 pm

Michael,

Thinking further a script might make more sense. If the addresses are in numerical order then once the address is passed higher order addresses do not need to be checked. Not that it really matters.

I thought I had over one hundred. I actually have more than 400 filters, most with six entries each, and there is barely any noticeable delay in processing incoming messages.

One advantage to manually adding addresses is that if I notice a set such as these:
[192.168.1.55]
[192.168.1.34]
[192.168.1.72]
[192.168.1.10]

I would eliminate all but one and use this:
[192.168.1.

An automatic insertion would not be able to make that association.

Scott
FieldDir121
Resident Poster
 
Posts: 149
Joined: Mon Aug 02, 2004 5:18 pm

Postby Michael » Thu Jun 30, 2005 2:54 am

I doubt that you'd notice much difference in performance between a script and filter for scanning the incoming messages, in fact the filter may be faster as scripts need to run through the interpretter.

The script I was talking about would be for updating the list of addresses. It would be possible for the script to detect the condition where you might want to collapse strings of entries into a single one. You could set some criteria for this and either have warnings (to take manual action), prompts ("There are 4 addresses beginning with [192.168.1., do you want to collapse these into a single entry?") or automatic action.

You would run the script against selected messages and it would retrieve the addresses from the script and prompt for them. The script could either return all addresses in the message or the originating address.
Michael
Moderator
 
Posts: 866
Joined: Mon Jul 26, 2004 12:14 pm
Location: Victoria BC, Canada

Postby FieldDir121 » Thu Jun 30, 2005 4:55 am

>> The script could either return all addresses in the message or the >> originating address.

Michael,

Only the originating address seems to be enclosed by square brackets. That is the only one I include.

I will give the filter/file a test when I get a chance.

Thanks.

Scott
FieldDir121
Resident Poster
 
Posts: 149
Joined: Mon Aug 02, 2004 5:18 pm

Postby FieldDir121 » Tue Jul 05, 2005 9:08 am

Michael,

I created a filter:

SEARCH Message Headers FOR %file%:"SpamAdrs.txt" THEN PERFORM move message to a special mail box. When I Run on Selected nothing happens.

Is my syntax correct?

Scott
FieldDir121
Resident Poster
 
Posts: 149
Joined: Mon Aug 02, 2004 5:18 pm

Postby Michael » Tue Jul 05, 2005 1:41 pm

FieldDir121 wrote:Michael,

I created a filter:

SEARCH Message Headers FOR %file%:"SpamAdrs.txt" THEN PERFORM move message to a special mail box. When I Run on Selected nothing happens.

Is my syntax correct?

Scott


Scott, the syntax you've used looks correct, I'll run a few tests and post the results here.

Later...
I was able to get this to work. It took some playing with the file (it did not appear to work when the entry was the first one in the file but after adding and deleting a blank line it did work, puzzling for sure but it did work).
Michael
Moderator
 
Posts: 866
Joined: Mon Jul 26, 2004 12:14 pm
Location: Victoria BC, Canada

Postby FieldDir121 » Tue Jul 05, 2005 2:57 pm

Michael,

I had only a single entry, on the first line. I added two more and they worked. I will either experiment or just put a dummy entry on the first line. A blank line didn't seem to help.

Thanks.

I probably wouldn't have bothered, but I think I have so many filters that Pocomail is starting to not work properly. When I use run on selected sometimes it runs but then the filter window goes away. Yesterday when I was shutting down, I found several filter windows behind everything else.

In any case, since the same criteria is used on several hundred addresses there is no reason to use individual filters. One filter with a list makes more sense. Adding addresses to the list will take a little more effort though.

Scott
FieldDir121
Resident Poster
 
Posts: 149
Joined: Mon Aug 02, 2004 5:18 pm

Next

Return to Junk Mail Filtering Help and How-To

Who is online

Users browsing this forum: No registered users and 1 guest

cron