| 1 | <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0//EN"> |
| 2 | <HTML> |
| 3 | |
| 4 | <HEAD> |
| 5 | |
| 6 | <META NAME="Author" CONTENT="ariel@spambouncer.org (Catherine A. Hampton)"> |
| 7 | |
| 8 | <META NAME="Description" CONTENT="The SpamBouncer is a set of Procmail filters (recipes) for trapping and discarding spam, and, if you want, automatically ccomplaining to the senders and their upstream providers."> |
| 9 | |
| 10 | <META NAME="Keywords" CONTENT="spam filter,procmail,email filter"> |
| 11 | |
| 12 | <!-- BASE HREF="http://www.spambouncer.org/" --> |
| 13 | |
| 14 | <TITLE>The SpamBouncer: a Procmail-Based Spam Filter</TITLE> |
| 15 | |
| 16 | </HEAD> |
| 17 | |
| 18 | <BODY BGCOLOR="#FFFFFF" TEXT="#000000" LINK="#FF0000" VLINK="#800000"> |
| 19 | |
| 20 | <P ALIGN=CENTER><IMG ALT="" SRC="sbanim.gif"></P> |
| 21 | |
| 22 | <H1 ALIGN=CENTER><FONT COLOR="#FF0000"><BIG>The SpamBouncer</BIG></A></FONT><BR> |
| 23 | <FONT COLOR="#800000"><SMALL>Version 1.9</SMALL></FONT></H1> |
| 24 | |
| 25 | <P ALIGN=CENTER><STRONG><EM>Updated April 21, 2004</EM></STRONG></P> |
| 26 | |
| 27 | <BLOCKQUOTE><BIG><STRONG>If you have a version before the current version number or more than a month older than this date, |
| 28 | please update. If you are running in COMPLAIN mode, you should update weekly.</STRONG></BIG></BLOCKQUOTE> |
| 29 | |
| 30 | <BLOCKQUOTE><STRONG>Please also read "What's New" for new version information. New users should run with SPAMREPLY and BLOCKREPLY set to SILENT for a week or so until they are sure the program is installed correctly and isn't catching legitimate email. Beta version users should check the Beta Version comments at the top of the SpamBouncer program file when installing a new beta version.</STRONG></BLOCKQUOTE> |
| 31 | |
| 32 | <BLOCKQUOTE>Copyright © 1996-2004 by Catherine A. Hampton. If you abide by the Free Software Foundation's COPYING principles with this document and the spam software and forms, you're home free, but don't try to copyright it yourself or sell this information.</BLOCKQUOTE> |
| 33 | |
| 34 | <HR> |
| 35 | |
| 36 | <H2><FONT COLOR="#800000"><A NAME="Contents">Contents</A></FONT></H2> |
| 37 | |
| 38 | <MULTICOL COLS="2"> |
| 39 | |
| 40 | <UL> |
| 41 | |
| 42 | <LI><STRONG><A HREF="#WhatsNew">What's New with the SpamBouncer?</A></STRONG></LI> |
| 43 | |
| 44 | <LI><STRONG><A HREF="#WhatDoesItDo">What Does the SpamBouncer Do?</A></STRONG></LI> |
| 45 | |
| 46 | <LI><STRONG><A HREF="#WhatDoINeedToRunSB">What Do I Need to Run the SpamBouncer?</A></STRONG></LI> |
| 47 | |
| 48 | <LI><STRONG><A HREF="#BeforeYouBegin">Before You Begin....</A></STRONG></LI> |
| 49 | |
| 50 | <LI><STRONG><A HREF="#Install">How to Install and Use the SpamBouncer</A></STRONG></LI> |
| 51 | |
| 52 | <UL> |
| 53 | |
| 54 | <LI><A HREF="#InstallProcmail">Installing Procmail on Your System</A></LI> |
| 55 | |
| 56 | <LI><A HREF="#RetrievingSpamBouncer">Retrieving the SpamBouncer Program Files</A></LI> |
| 57 | |
| 58 | <LI><A HREF="#TheSpamBouncerFiles">The SpamBouncer Files and What They're For</A></LI> |
| 59 | |
| 60 | <LI><A HREF="#WhereToPutSpamBouncer">Where to Put the SpamBouncer</A></LI> |
| 61 | |
| 62 | </UL> |
| 63 | |
| 64 | <LI><STRONG><A HREF="#ConfiguringSpamBouncer">Configuring the SpamBouncer</A></STRONG></LI> |
| 65 | |
| 66 | <UL> |
| 67 | |
| 68 | <LI><A HREF="#BasicConfiguration">Basic Configuration</A></LI> |
| 69 | |
| 70 | <LI><A HREF="#Risk-Averse">Risk-Averse or New Users</A></LI> |
| 71 | |
| 72 | <LI><A HREF="#Moderate">Ready to Fight Back :)</A></LI> |
| 73 | |
| 74 | <LI><A HREF="#Rabid">I HATE SPAM AND WANT IT GONE NOW!</A></LI> |
| 75 | |
| 76 | <LI><A HREF="#SpecialInstructionsForPOPMail">Special Instructions for Users of POP Mail Clients</A></LI> |
| 77 | |
| 78 | <LI><A HREF="#FinishingConfiguration">Finishing Your Configuration</A></LI> |
| 79 | |
| 80 | </UL> |
| 81 | |
| 82 | <LI><STRONG><A HREF="#Reference">A Reference to SpamBouncer Features</A></STRONG></LI> |
| 83 | |
| 84 | <UL> |
| 85 | |
| 86 | <LI><A HREF="#BlocklistSupport">Supported Blocklists</A></LI> |
| 87 | |
| 88 | <LI><A HREF="#DefaultVariableSettings">A Quick List of Variables and Default Settings</A></LI> |
| 89 | |
| 90 | <LI><A HREF="#CompleteSpamBouncerVariables">A Comprehensive Description of All Variables</A></LI> |
| 91 | |
| 92 | </UL> |
| 93 | |
| 94 | <LI><STRONG><A HREF="#Upgrades">Upgrading the SpamBouncer</A></STRONG></LI> |
| 95 | |
| 96 | <LI><STRONG><A HREF="#Trouble">How to Troubleshoot and Report Trouble</A></STRONG></LI> |
| 97 | |
| 98 | <LI><STRONG><A HREF="#SBUpdates">The SpamBouncer Updates Mailing List</A></STRONG></LI> |
| 99 | |
| 100 | <LI><STRONG><A HREF="#Acknowledgments">Acknowledgments</A></STRONG></LI> |
| 101 | |
| 102 | </UL> |
| 103 | |
| 104 | </MULTICOL> |
| 105 | |
| 106 | <HR> |
| 107 | |
| 108 | <H2><FONT COLOR="#800000"><A NAME="WhatsNew"> |
| 109 | What's New with the SpamBouncer?</A></FONT></H2> |
| 110 | |
| 111 | <TABLE BORDER=0> |
| 112 | |
| 113 | <TR ALIGN=LEFT VALIGN=TOP> |
| 114 | |
| 115 | <TH ALIGN=RIGHT WIDTH=10%><H3>4/21/04</H3></TH> |
| 116 | |
| 117 | <TD WIDTH=5%><BR></TD> |
| 118 | |
| 119 | <TD ALIGN=LEFT WIDTH=85%> |
| 120 | |
| 121 | <P>Today's update is mostly a housekeeping update. It contains one new feature that users should be aware of -- a filter to filter out emails that contain an attack targeted to a known vulnerability in Microsoft Windows computers running certain versions of Internet Explorer. I call this the "CHM Exploit". The filter blocks email containing urls like this one:</P> |
| 122 | |
| 123 | <BLOCKQUOTE><CODE>http://000.000.000.000:8888/help.chm::/exploit.html</CODE></BLOCKQUOTE> |
| 124 | |
| 125 | <P>For <STRONG><CODE>000.000.000.000</CODE></STRONG>, substitute an IP number or (possibly) domain name. For <STRONG><CODE>exploit.html</CODE></STRONG>, substitute any HTML file name containing the actual attack instructions.</P> |
| 126 | |
| 127 | <P>Users who want to disable this filter can set <STRONG><CODE>CHMEXPLOITCHECKING=no</CODE></STRONG> in the variables section of their <STRONG><CODE>.procmailrc</CODE></STRONG> file.</P> |
| 128 | |
| 129 | <P>In addition, this update contains recipes to catch new viruses, new spam sources, spam haven domains, spam phone numbers, and has a number of minor bug fixes. If you are upgrading from any SpamBouncer production release to SpamBouncer 2.0 beta, be sure to read the <STRONG><A HREF="#SB20betainfo">configuration information and updates</A></STRONG> for that release before you do so.</P> |
| 130 | |
| 131 | <P> </P> |
| 132 | |
| 133 | </TD></TR> |
| 134 | |
| 135 | <TR ALIGN=LEFT VALIGN=TOP> |
| 136 | |
| 137 | <TH ALIGN=RIGHT WIDTH=10%><H3>3/28/04</H3></TH> |
| 138 | |
| 139 | <TD WIDTH=5%><BR></TD> |
| 140 | |
| 141 | <TD ALIGN=LEFT WIDTH=85%> |
| 142 | |
| 143 | <P>This update contains a high-priority bug fix (an innocent domain got into the haven domains list). It also contains new spam sources, spam haven domains, spam phone numbers -- the usual housekeeping stuff.</P> |
| 144 | |
| 145 | <P>If you are upgrading from any SpamBouncer production release to SpamBouncer 2.0 beta, be sure to read the <STRONG><A HREF="#SB20betainfo">configuration information and updates</A></STRONG> for that release before you do so.</P> |
| 146 | |
| 147 | <P> </P> |
| 148 | |
| 149 | </TD></TR> |
| 150 | |
| 151 | <TR ALIGN=LEFT VALIGN=TOP> |
| 152 | |
| 153 | <TH ALIGN=RIGHT WIDTH=10%><H3>3/23/04</H3></TH> |
| 154 | |
| 155 | <TD WIDTH=5%><BR></TD> |
| 156 | |
| 157 | <TD ALIGN=LEFT WIDTH=85%> |
| 158 | |
| 159 | <P>This update contains a large number of new spam haven domains, and other housekeeping updates to both the production and beta versions. It contains several minor bug fixes.</P> |
| 160 | |
| 161 | <P>In addition to the above, the beta version contains preliminary support for the <STRONG><A HREF="">ISIPP's</A> new </STRONG> <STRONG><A HREF="">IADB whitelist</A></STRONG>. To enable support for the IADB whitelist, simply set <STRONG><CODE>IADBCHECK=yes</CODE></STRONG> in your .procmailrc. I also removed the WHITELISTLOCAL feature until I have time to debug it thorougly, in April.</P> |
| 162 | |
| 163 | <P>If you are upgrading from any SpamBouncer production release to SpamBouncer 2.0 beta, be sure to read the <STRONG><A HREF="#SB20betainfo">configuration information and updates</A></STRONG> for that release before you do so.</P> |
| 164 | |
| 165 | <P> </P> |
| 166 | |
| 167 | </TD></TR> |
| 168 | |
| 169 | <TR ALIGN=LEFT VALIGN=TOP> |
| 170 | |
| 171 | <TH ALIGN=RIGHT WIDTH=10%><H3>3/02/04</H3></TH> |
| 172 | |
| 173 | <TD WIDTH=5%><BR></TD> |
| 174 | |
| 175 | <TD ALIGN=LEFT WIDTH=85%> |
| 176 | |
| 177 | <P>I posted today's update for one purpose -- to get a virus filter for the new and fast-moving Bagle-J virus out there. <wry grin> There are also a day's worth of small bug fixes, new spam sources and new spam havens.</P> |
| 178 | |
| 179 | <P>If you are upgrading from any SpamBouncer production release to SpamBouncer 2.0 beta, be sure to read the <STRONG><A HREF="#SB20betainfo">configuration information and updates</A></STRONG> for that release before you do so.</P> |
| 180 | |
| 181 | <P> </P> |
| 182 | |
| 183 | </TD></TR> |
| 184 | |
| 185 | <TR ALIGN=LEFT VALIGN=TOP> |
| 186 | |
| 187 | <TH ALIGN=RIGHT WIDTH=10%><H3>3/01/04</H3></TH> |
| 188 | |
| 189 | <TD WIDTH=5%><BR></TD> |
| 190 | |
| 191 | <TD ALIGN=LEFT WIDTH=85%> |
| 192 | |
| 193 | <P>Today's update contains recipes for the Bagle-D, Bagle-E, Bagle-F, Bagle-H and Newsky-D viruses, and a bunch of new spam source and spam haven domains.</P> |
| 194 | |
| 195 | <P>The beta version contains a bug fix to the recipe that extracts IPs from the headers of email, which affected a number of other recipes.</P> |
| 196 | |
| 197 | <P>If you are upgrading from any SpamBouncer production release to SpamBouncer 2.0 beta, be sure to read the <STRONG><A HREF="#SB20betainfo">configuration information and updates</A></STRONG> for that release before you do so.</P> |
| 198 | |
| 199 | <P> </P> |
| 200 | |
| 201 | </TD></TR> |
| 202 | |
| 203 | <TR ALIGN=LEFT VALIGN=TOP> |
| 204 | |
| 205 | <TH ALIGN=RIGHT WIDTH=10%><H3>2/25/04</H3></TH> |
| 206 | |
| 207 | <TD WIDTH=5%><BR></TD> |
| 208 | |
| 209 | <TD ALIGN=LEFT WIDTH=85%> |
| 210 | |
| 211 | <P>Today's update contains a recipe for the new, rather rapidly spreading Newsky-C virus.</P> |
| 212 | |
| 213 | <P>The beta version also contains a bug fix -- the ALWAYSBLOCK functionality was broken in yesterday's version because of a typo. :)</P> |
| 214 | |
| 215 | <P>If you are upgrading from any SpamBouncer production release to SpamBouncer 2.0 beta, be sure to read the <STRONG><A HREF="#SB20betainfo">configuration information and updates</A></STRONG> for that release before you do so.</P> |
| 216 | |
| 217 | <P> </P> |
| 218 | |
| 219 | </TD></TR> |
| 220 | |
| 221 | <TR ALIGN=LEFT VALIGN=TOP> |
| 222 | |
| 223 | <TH ALIGN=RIGHT WIDTH=10%><H3>2/24/04</H3></TH> |
| 224 | |
| 225 | <TD WIDTH=5%><BR></TD> |
| 226 | |
| 227 | <TD ALIGN=LEFT WIDTH=85%> |
| 228 | |
| 229 | <P>Today's update to SpamBouncer 1.9 (production) contains recipes for the Newsky and Mydoom-F viruses, a bunch of additions to the Small Fry (Spam Source) and Haven Domain (Spam Haven) lists, and a few bug fixes.</P> |
| 230 | |
| 231 | <P>Today's update to SpamBouncer 2.0 (beta) contains the aforementioned additions and updates. It also contains bug fixes for the following:</P> |
| 232 | |
| 233 | <P><UL><LI><STRONG><EM>Shell error when checking LEGITLISTS file.</EM></STRONG> This is a bug that has been in the SpamBouncer since the LEGITLIST capability was added. The fix may also fix perennial problems on a few systems when checking the NOBOUNCE, GLOBALNOBOUNCE, MYEMAIL, and LOCALHOST files in a number of recipes.</LI></UL></P> |
| 234 | |
| 235 | <P><UL><LI><STRONG><EM>SBHOST error.</EM></STRONG> In the default setting for the SBHOST variable, I used a flag that many systems don't support and that caused an error message in the Procmail log. On a very few Sun systems running an older version of Solaris, it also could cause the system to go into a loop and use all avilable CPU cycles. That flag has been removed.</LI></UL></P> |
| 236 | |
| 237 | <P>If you want to upgrade from a production release to SpamBouncer 2.0 beta, be sure to read the <STRONG><A HREF="#SB20betainfo">configuration information and updates</A></STRONG> for that release before you do so.</P> |
| 238 | |
| 239 | <P> </P> |
| 240 | |
| 241 | </TD></TR> |
| 242 | |
| 243 | <TR ALIGN=LEFT VALIGN=TOP> |
| 244 | |
| 245 | <TH ALIGN=RIGHT WIDTH=10%><H3>2/17/04</H3></TH> |
| 246 | |
| 247 | <TD WIDTH=5%><BR></TD> |
| 248 | |
| 249 | <TD ALIGN=LEFT WIDTH=85%> |
| 250 | |
| 251 | <P>Today's update to SpamBouncer 1.9 (production) contains a bunch of additions to the Small Fry (Spam Source) and Haven Domain (Spam Haven) lists, and a few bug fixes.</P> |
| 252 | |
| 253 | <P>Today's update to SpamBouncer 2.0 (beta) contains the aforementioned additions and updates. All remaining pre-2.0 recipes for specific spammers have been converted to 2.0 format. The data files for a number of prolific spammers have also been updated with new IPs, IP ranges, and domains.</P> |
| 254 | |
| 255 | <P>In addition, this release contains a new function, the "Whitelist Local" function, that whitelists email sent from users that use an IP or host listed in your <STRONG><CODE>LOCALHOSTFILE</CODE></STRONG> file. Most users don't get spam from other, local users, although they get spam with local addresses forged into it. This function is not fooled by the forgeries -- it whitelists only email actually sent using a local server and that did not, at any point in its journey to you, leave the local system. To enable whitelisting of email from local users, set <STRONG><CODE>WHITELISTLOCAL=yes</CODE></STRONG> in the variables section at the top of your <STRONG><CODE>.procmailrc</CODE></STRONG> file. </P> |
| 256 | |
| 257 | <P>If you want to upgrade from a production release to SpamBouncer 2.0 beta, be sure to read the <STRONG><A HREF="#SB20betainfo">configuration information and updates</A></STRONG> for that release before you do so.</P> |
| 258 | |
| 259 | <P> </P> |
| 260 | |
| 261 | </TD></TR> |
| 262 | |
| 263 | <TR ALIGN=LEFT VALIGN=TOP> |
| 264 | |
| 265 | <TH ALIGN=RIGHT WIDTH=10%><H3>2/11/04</H3></TH> |
| 266 | |
| 267 | <TD WIDTH=5%><BR></TD> |
| 268 | |
| 269 | <TD ALIGN=LEFT WIDTH=85%> |
| 270 | |
| 271 | <P>SpamBouncer 1.9 officially enters production with this release, and SpamBouncer 2.0 officially enters beta. At the request of several users, I am making the archives available in three formats: PKZIP archives, Unix .Z archives, and gzip archives. I hope this makes retrieving and using the files easier for many of you.</P> |
| 272 | |
| 273 | <H3>SpamBouncer 1.9 Production Release Information</H3> |
| 274 | |
| 275 | <P>SpamBouncer 1.9 has the usual updates for this release -- lots of new Small Fry and Haven Domains, minor bug fixes, etc. Those of you who have been running SpamBouncer 1.8 can install this version on top of your existing SpamBouncer installation. No new configuration is required.</P> |
| 276 | |
| 277 | <P>In the 1.9 release, automatic spam complaints are disabled, as they have been for the past few months. They will return with the 2.0 production release.</P> |
| 278 | |
| 279 | <P>If you use MH Mail and have not yet tried SpamBouncer 1.9's MH support, you may want to take advantage of it. See the <STRONG><A HREF="#varSBDELIVERY">SBDELIVERY</A></STRONG> entry for instructions on how to configure the SpamBouncer to deliver to MH folders. If your MH Mail <STRONG><CODE>rcvstore</CODE></STRONG> program is not in the default location, you may also need to set the <STRONG><A HREF="#varMHDELIVER">MHDELIVER</A></STRONG> variable to the proper value for your system.</P> |
| 280 | |
| 281 | <H3><A NAME="SB20betainfo">SpamBouncer 2.0 Beta Release Information</A></H3> |
| 282 | |
| 283 | <P>SpamBouncer 2.0 beta represents a nearly complete rewriting of much of the SpamBouncer's underlying code. The following, in particular, has changed:</P> |
| 284 | |
| 285 | <P><UL><LI><STRONG><EM>Rewritten header information extraction routines.</EM></STRONG> The header information extraction routines were rewritten from the ground up. </LI></UL></P> |
| 286 | |
| 287 | <P><UL><LI><STRONG><EM>New message body information extraction routines.</EM></STRONG> The SpamBouncer now extracts IPs and hosts from the message body and generates IPs for the hosts in the message bodies of spam.</LI></UL></P> |
| 288 | |
| 289 | <P><UL><LI><STRONG><EM>Rewritten code to test for specific spammers.</EM></STRONG> The new code checks extracted header and body information against internal lists of IP ranges and domains that belong to known, prolific spammers. This catches a <STRONG>lot</STRONG> more spam.</LI></UL></P> |
| 290 | |
| 291 | <P><UL><LI><STRONG><EM>Rewritten whitelist/blocklist support.</EM></STRONG> The code used to test both DNS-based whitelists and DNS-based blocklists is brand new and considerably more robust. It catches considerably more spam than the old code did. Those of you who have had trouble getting the SpamBouncer's old blocklist support to work on your systems should find that 2.0 works properly. </LI></UL></P> |
| 292 | |
| 293 | <P><UL><LI><STRONG><EM>Lots more in the next few months! :)</EM></STRONG> A number of new features are planned for the 2.0 production release that are not currently present, including much greater user control over scoring, SpamBouncer logs, and a rewritten and considerably more useful autocomplaint mechanism.</LI></UL></P> |
| 294 | |
| 295 | <P>Much of the configuration process for 2.0 is the same as for 1.9. You should be able to install and use this release without too much difficulty. I recommend following this procedure to upgrade to SpamBouncer 2.0:</P> |
| 296 | |
| 297 | <P><OL CLASS=1 START=1><LI>Create a new directory for the SpamBouncer 2.0 installation.</LI></OL></P> |
| 298 | |
| 299 | <P><OL><P>This will prevent old files from becoming mixed in with the new program files.</P></OL></P> |
| 300 | |
| 301 | <P><OL CLASS=1 START=2><LI>Retrieve the SpamBouncer 2.0 beta archive of your choice, put it in the new directory, and uncompress it.</LI></OL></P> |
| 302 | |
| 303 | <P><OL><P>Uncompressing the archive will create new files and also a number of new subdirectories that contain data files and subroutines used by the SpamBouncer, auxiliary files that users might need (such as a sample Procmail configuration file), and documentation (such as there is). :)</P></OL></P> |
| 304 | |
| 305 | <P><OL><P><STRONG>Note:</STRONG> You can safely delete the archive file after you've uncompressed the program files.</P></OL></P> |
| 306 | |
| 307 | <P><OL CLASS=1 START=3><LI>Edit your <STRONG><CODE>.procmailrc</CODE></STRONG> file and add the following variables to the variables section at the top, before you call the SpamBouncer:</LI></OL></P> |
| 308 | |
| 309 | <P><OL><BLOCKQUOTE><CODE>BLOCKLEVEL=5<BR> |
| 310 | SPAMLEVEL=20<BR> |
| 311 | VIRUSFOLDER=/dev/null</CODE></BLOCKQUOTE></OL></P> |
| 312 | |
| 313 | <P><OL><P>SpamBouncer 2.0 is considerably better at spotting spam from known spammers than earlier versions have been, and the blocklisting code catches a lot more spam as well. Because of this, actual spam usually piles up quite a score. I find that setting the SPAMLEVEL at 20 with this release prevents false positives without significantly increasing the amount of actual spam missed. Your mileage may vary; start with this setting and vary it to meet your needs. There are currently so many viruses pounding email servers that I recommend deleting viruses outright -- unless you have a great deal of hard disk space that you don't need for better things. :)</P></OL></P> |
| 314 | |
| 315 | <P><OL CLASS=1 START=4><LI>If you want to see detailed headers on your email, showing exactly why the SpamBouncer classified particular spam as coming from a specific spammer, set the following variable in your <STRONG><CODE>.procmailrc</CODE></STRONG> file:</LI></OL></P> |
| 316 | |
| 317 | <P><OL><BLOCKQUOTE><CODE>SBHEADERS=COMPLETE</CODE></BLOCKQUOTE></OL></P> |
| 318 | |
| 319 | <P><OL><P>With headers set to COMPLETE, the SpamBouncer adds detailed (sometimes irritatingly so) headers indicating exactly which server or IP was identified as belonging to a particular spammer. You probably won't want complete headers for long, but it's fun at first and a good idea when you're debugging.</P></OL></P> |
| 320 | |
| 321 | <P><OL CLASS=1 START=5><LI>If you do not want the SpamBouncer to treat IP ranges known to host web sites with trojan programs as "dangerous content" that is blocked before referring to any of your whitelists, set the following variable in your <STRONG><CODE>.procmailrc</CODE></STRONG> file:</LI></OL></P> |
| 322 | |
| 323 | <P><OL><BLOCKQUOTE><CODE>TROJANURLCHECKING=no</CODE></BLOCKQUOTE></OL></P> |
| 324 | |
| 325 | <P><OL><P>I recommend that users who use Microsoft Windows, and particularly who use Internet Explorer and/or a Microsoft email client, leave this enabled. Users who browse the web and read email on non-Windows computers can safely turn this off, at least at present. (I don't know of any web-hosted trojans that attack Apple Macintosh or Unix computers.)</P></OL></P> |
| 326 | |
| 327 | <P><OL CLASS=1 START=6><LI>If you are upgrading from a production release of the SpamBouncer, edit your <STRONG><CODE>.procmailrc</CODE></STRONG> file to invoke <STRONG><CODE>sb-new.rc</CODE></STRONG> rather than <STRONG><CODE>sb.rc</CODE></STRONG>.</LI></OL></P> |
| 328 | |
| 329 | <P><OL><P>If you are upgrading from a previous beta version, you can skip this step.</P></OL></P> |
| 330 | |
| 331 | <P><OL CLASS=1 START=7><LI>Change the name of your current SpamBouncer directory to an old name, such as <STRONG><CODE>sb-old</CODE></STRONG>.</LI></OL></P> |
| 332 | |
| 333 | <P><OL CLASS=1 START=8><LI>Change the name of your SpamBouncer 2.0 beta directory to the name of your default SpamBouncer directory.</LI></OL></P> |
| 334 | |
| 335 | <P>You are now live with SpamBouncer 2.0. If you use this beta version, in particular, I need bug reports! Spam that this version misses should be forwarded to <STRONG><A HREF="mailto:spamtrap@spambouncer.org">spamtrap@spambouncer.org</A></STRONG>, as always. Bug reports and questions should be sent directly to me at <STRONG><A HREF="mailto:ariel@spambouncer.org">ariel@spambouncer.org</A></STRONG>.</P> |
| 336 | |
| 337 | <P><STRONG>NOTE:</STRONG> The SpamBouncer web page is being rewritten for the 2.0 release, as well. The current web page does not cover 2.0 features, but a beta release of the new web page will be available soon. Meanwhile, feel free to browse the code if you're curious. (I do comment my code.)</P> |
| 338 | |
| 339 | <P> </P> |
| 340 | |
| 341 | </TD></TR> |
| 342 | |
| 343 | <TR ALIGN=LEFT VALIGN=TOP> |
| 344 | |
| 345 | <TH ALIGN=RIGHT WIDTH=10%><H3>2/04/04</H3></TH> |
| 346 | |
| 347 | <TD WIDTH=5%><BR></TD> |
| 348 | |
| 349 | <TD ALIGN=LEFT WIDTH=85%> |
| 350 | |
| 351 | <P>I'm putting off release of 1.9 into production, and 2.0 into beta, for a few more days. (A couple of beta features need some debugging.) So here's Yet One More Maintenance Release for your enjoyment. Lots of new small fry and haven domains, a few bug fixes, etc. :)</P> |
| 352 | |
| 353 | <P> </P> |
| 354 | |
| 355 | </TD></TR> |
| 356 | |
| 357 | <TR ALIGN=LEFT VALIGN=TOP> |
| 358 | |
| 359 | <TH ALIGN=RIGHT WIDTH=10%><H3>1/26/04</H3></TH> |
| 360 | |
| 361 | <TD WIDTH=5%><BR></TD> |
| 362 | |
| 363 | <TD ALIGN=LEFT WIDTH=85%> |
| 364 | |
| 365 | <P>I fixed a couple of bugs and did the usual housekeeping updates, but there were a bunch of them. Spammers appear to be a bit desperate to spam lots while they still can. <wry grin></P> |
| 366 | |
| 367 | <P> </P> |
| 368 | |
| 369 | </TD></TR> |
| 370 | |
| 371 | <TR ALIGN=LEFT VALIGN=TOP> |
| 372 | |
| 373 | <TH ALIGN=RIGHT WIDTH=10%><H3>1/19/04</H3></TH> |
| 374 | |
| 375 | <TD WIDTH=5%><BR></TD> |
| 376 | |
| 377 | <TD ALIGN=LEFT WIDTH=85%> |
| 378 | |
| 379 | <P>A ton of new spammers appeared over the weekend, so I decided to issue an update and give you the benefit of all the new small fry and haven domains listings. :)</P> |
| 380 | |
| 381 | <P> </P> |
| 382 | |
| 383 | </TD></TR> |
| 384 | |
| 385 | <TR ALIGN=LEFT VALIGN=TOP> |
| 386 | |
| 387 | <TH ALIGN=RIGHT WIDTH=10%><H3>1/15/04</H3></TH> |
| 388 | |
| 389 | <TD WIDTH=5%><BR></TD> |
| 390 | |
| 391 | <TD ALIGN=LEFT WIDTH=85%> |
| 392 | |
| 393 | <P>This release contains a large number of mostly housekeeping updates, including a number of bug fixes to annoying, although minor, bugs. There are a number of updates to recipes for specific spammers, to the Small Fry and Haven Domains lists, and to other parts of the SpamBouncer. This is in preparation for the pending release of Version 1.9 of the SpamBouncer, due in a couple of weeks.</P> |
| 394 | |
| 395 | <BLOCKQUOTE><STRONG>NOTE:</STRONG> You may have heard of the current spam run that contains forged Habeas SWE headers. Even those of you who enabled Habeas whitelisting won't have seen this spam unless you checked your BLOCKFOLDER or SPAMFOLDER, because the SpamBouncer whitelists only Habeas email that comes from IPs on the Habeas User's List (HUL), not email that contains the Habeas SWE headers but does not come from an IP on that list. You can safely leave Habeas whitelisting enabled during this spam run; the forged headers will not fool the SpamBouncer.</BLOCKQUOTE> |
| 396 | |
| 397 | <P>Update to catch more annoying spam. :)</P> |
| 398 | |
| 399 | <P> </P> |
| 400 | |
| 401 | </TD></TR> |
| 402 | |
| 403 | </TABLE> |
| 404 | |
| 405 | <P ALIGN=CENTER><EM><A HREF="#Contents"> |
| 406 | Return to Table of Contents</A></EM></P> |
| 407 | |
| 408 | <H2><FONT COLOR="#800000"><A NAME="WhatDoesItDo"> |
| 409 | What Does the SpamBouncer Do?</A></FONT></H2> |
| 410 | |
| 411 | <P><CITE>The SpamBouncer</CITE> is a set of procmail <EM>recipes</EM>, or instructions, which search the headers and text of your incoming email to see if it meets one or more of the following conditions:</P> |
| 412 | |
| 413 | <P><UL><LI><EM>Contains body text strings which match the SpamBouncer's profile of a particular virus, class of viruses, or dangerous content that might be a virus.</EM></LI></UL></P> |
| 414 | |
| 415 | <P><UL><LI><EM>Originates from an <EM>spam source</EM> -- an IP range that belongs to or is controlled by a spammer or has been appropriated by a spammer for spamming.</EM></LI></UL></P> |
| 416 | |
| 417 | <P><UL><LI><EM>Advertises a <EM>spam haven</EM> -- an email address, web site, telephone number, or postal address whose owner spams on its behalf or solicits others to do so.</EM></LI></UL></P> |
| 418 | |
| 419 | <P><UL><LI><EM>Originates from an irresponsible Internet Service Provider (ISP) or Email Sending Provider (ESP) that permits spamming from its IP ranges or advertising web sites that it hosts.</EM></LI></UL></P> |
| 420 | |
| 421 | <P><UL><LI><EM>Was sent using a bulk email program whose only or primary purpose is to send large quantities of unsolicited bulk email.</EM></LI></UL></P> |
| 422 | |
| 423 | <P><UL><LI><EM>Contains headers which match the SpamBouncer's profile of definite or probable spam.</EM></LI></UL></P> |
| 424 | |
| 425 | <P><UL><LI><EM>Contains body text strings which match the SpamBouncer's profile of probable spam.</EM></LI></UL></P> |
| 426 | |
| 427 | <P>The SpamBouncer sorts suspected spam into three categories -- email sent by a virus, email from known spam sources which is definitely spam, and email which is probably spam, but might also be legitimate. It then tags each email with appropriate headers for the spam classification, and responds according to the parameters you have set.</P> |
| 428 | |
| 429 | <P>Depending on how you set it up, it will:</P> |
| 430 | |
| 431 | <P><UL><LI><EM>Simply tag the suspected spam and return it to your main incoming mailbox, allowing you to set up Eudora, Pegasus Mail, or another POP mail program to retrieve and sort your mail.</EM></LI></UL></P> |
| 432 | |
| 433 | <P><UL><LI><EM>Tag the suspected spam, delete viruses and spam from known spam sources, and file suspected spam in a separate folder.</EM></LI></UL></P> |
| 434 | |
| 435 | <P><UL><LI><EM>Complain to the "upstream providers" of known spammers or spam sites/domains, asking that they disconnect the internet service of the spammers. (Automatic spam complaints are disabled at present.)</EM></LI></UL></P> |
| 436 | |
| 437 | <P><UL><LI><EM>Notify senders of email tagged as probable spam that their email was intercepted, and give them a password to resend their email and bypass spam filtering if their email was legitimate. (Spammers almost never try to bypass filtering when warned this way -- in most cases, they don't even read replies to their mail.)</EM></LI></UL></P> |
| 438 | |
| 439 | <P>If you get mail from friends who have accounts at a site listed in the SpamBouncer, you can put their names and email addresses in a text file and set the NOBOUNCE variable to point to it. If you want to receive mail from a site I have listed as a spam site, you can add the entire site name to the NOBOUNCE file. The SpamBouncer will check the NOBOUNCE file before filtering your email and will skip any email from a person or site listed in the NOBOUNCE file. </P> |
| 440 | |
| 441 | <P>Please note that you can put entire domain names, not just email addresses, in NOBOUNCE. For example, if you want to accept all email from <CODE><STRONG>concentric.net</STRONG></CODE> without checking for spam, just put <CODE><STRONG>concentric.net</STRONG></CODE> in your NOBOUNCE file, with no <CODE><STRONG>username@</STRONG></CODE> section. This will cause the SpamBouncer to skip all email from anyone at Concentric. (I do not recommend doing this except for small domains which you =KNOW= will not be sources of spam, though.)</P> |
| 442 | |
| 443 | <H2><FONT COLOR="#800000"><A NAME="WhatDoINeedToRunSB"> |
| 444 | What Do I Need to Run the SpamBouncer?</A></FONT></H2> |
| 445 | |
| 446 | <P>The SpamBouncer itself must run on a Unix server which has the Procmail mail filtering program installed, so only users who have access to a Unix shell account with Procmail installed can use it. This means that AOL users, Earthlink users, Mindspring users, Netcom Netcruiser/Netcomplete users, Compuserve users, Prodigy users, and others who do not have a Unix shell account as part of their service will have to find some other means of filtering spam. Sorry!</P> |
| 447 | |
| 448 | <P>It is possible, however, for people who use Eudora, Pegasus Mail, and other POP clients to use the SpamBouncer on their Unix shell accounts to filter their email, and then use their favorite POP mail client to retrieve their filtered mail from the server. If their POP client programs can filter mail by headers, they can filter and delete known spam and probable spam directly into appropriate folders via the SpamBouncer's headers.</P> |
| 449 | |
| 450 | <P>This means that anyone running any kind of computer, operating system, and software can use the SpamBouncer, provided they have and use a Unix shell account, and (if they want to use a POP mail program) have software capable of filtering their mail based on user-configurable headers.</P> |
| 451 | |
| 452 | <P>If you are totally confused by now, <STRONG>PLEASE find a friend who understands what this means before you try to install the SpamBouncer.</STRONG> While I have made this as user-friendly as I could, using the SpamBouncer requires a certain level of knowledge about computers and the internet. It is not for computer or internet novices.</P> |
| 453 | |
| 454 | <P ALIGN=CENTER><EM><A HREF="#Contents"> |
| 455 | Return to Table of Contents</A></EM></P> |
| 456 | |
| 457 | <H2><FONT COLOR="#800000"><A NAME="BeforeYouBegin">Before You Begin...</A></FONT></H2> |
| 458 | |
| 459 | <P>Because someone who evidently likes the SpamBouncer listed it for me in Yahoo and other search engines <wry grin>, I need to include the following disclaimers and warnings.</P> |
| 460 | |
| 461 | <BLOCKQUOTE><STRONG>First, this is free software. No warranty is provided or implied -- users use the SpamBouncer at their own risk.</STRONG></BLOCKQUOTE> |
| 462 | |
| 463 | <P>I wrote the SpamBouncer originally to filter my own mail, when spam started drowning out the real mail. I originally posted these filters to my web site so that users at my old ISP, Best Internet (long since bought out by Verio), and a few other experienced users could help me test them. I recommend that Procmail neophytes get help from an experienced Procmail user on their system to install the SpamBouncer, and run it in default "Silent Mode" until they are more confident of their skills.</P> |
| 464 | |
| 465 | <P>The SpamBouncer is being developed on a Pentium-based server running OpenBSD, and running Procmail 3.15.</P> |
| 466 | |
| 467 | <P>In addition to the Pentium-based system where I am developing the SpamBouncer currently, I have developed and tested the earlier versions of it on Linux, FreeBDS, SGI systems running Irix 5.3 and 6.2, SunOS 4.1.3, and Solaris 5.2. I know of no problems running on these systems. A number of users have also run the progrem under various flavors of SunOS, Solaris, HPUX, and other versions of Unix with no trouble.</P> |
| 468 | |
| 469 | <P>So please be careful, and keep a close eye on your account for a few days after installing to be sure it works properly.</P> |
| 470 | |
| 471 | <P ALIGN=CENTER><EM><A HREF="#Contents">Return to Table of Contents</A></EM></P> |
| 472 | |
| 473 | <H2><FONT COLOR="#800000"><A NAME="Install">Installing the SpamBouncer</A></FONT></H2> |
| 474 | |
| 475 | <H3><A NAME="InstallProcmail">Installing Procmail</A></H3> |
| 476 | |
| 477 | <P>To use these filters, you will need to have procmail installed on your system, and have set it up for your account. This does not mean you must read mail on your unix account -- if you have a shell account, these filters can be configured to filter mail and then deliver it to your POP mail box. If you don't know what kind of account you have, you probably shouldn't be using these filters until you learn something about Unix and shell accounts.</P> |
| 478 | |
| 479 | <P>Since the way Procmail should be installed is different on different systems, if you do not already have Procmail installed, you will need to ask your system administrator or people on your local internet service provider for help. Those who have never used Procmail and want to get started with a simple Procmail setup can jump to <STRONG><A HREF="proctut.shtml">Getting Started With Procmail</A></STRONG>, a tutorial with clear instructions about what information you will need to get from your system administrator to set up Procmail properly on your account, and a basic <CODE>.procmailrc</CODE> configuration file which should work well on most systems.</P> |
| 480 | |
| 481 | <P>If you are an experienced Procmail user, please make sure that your <CODE>.procmailrc</CODE> file is configured to filter out your mailing lists before filtering for spam. The SpamBouncer tries to identify list mail and skip it, but some mailing lists do not use standard list "Precedence:" headers or headers recognisable by Procmail as coming from a daemon or list program. So please be sure you filter out your lists first, especially if you are running with SPAMREPLY set to BOUNCE or COMPLAIN!</P> |
| 482 | |
| 483 | <P>In any event, you should always run in SILENT mode for a few days, until you are sure you have your mailing lists filtered out properly and that the filter is working properly on your account. </P> |
| 484 | |
| 485 | <P>If you did not use <CODE>procmail.rc</CODE> from <CITE>Getting Started With Procmail</CITE>, here's a recipe to filter out list mail and other mail from automatic mailer programs, or <EM>mailer daemons</EM>, as they are usually called on Unix machines. Put it in your .procmailrc file <STRONG>before</STRONG> the INCLUDERC statement that calls the SpamBouncer.</P> |
| 486 | |
| 487 | <PRE># Filter out Mailing List Mail |
| 488 | :0: |
| 489 | * ^TO(listmom-talk@skylist.com|\ |
| 490 | orthodoxy@lists.best.com|\ |
| 491 | procmail@Informatik.RWTH-Aachen.DE) |
| 492 | $BULKFOLDER</PRE> |
| 493 | |
| 494 | <P>You should substitute all mailing list addresses for mailing lists you receive for the list I gave -- you and I don't read mail from the same lists, at least as far as I know! :)</P> |
| 495 | |
| 496 | <P ALIGN=CENTER><EM><A HREF="#Contents"> |
| 497 | Return to Table of Contents</A></EM></P> |
| 498 | |
| 499 | <H3><A NAME="RetrievingSpamBouncer">Retrieving the SpamBouncer Program Files</A></H3> |
| 500 | |
| 501 | <P>After you have installed Procmail for your system, you can install the SpamBouncer. You will need to download the SpamBouncer program files to your Unix account first. You can do this one of two ways -- by downloading them from the links below to your personal computer, or by ftp'ing them. The advantage to ftp is that it ensures that the file format will be right. Often, when you retrieve a text file using a WWW browser and then save it to your hard disk, the browser reformats the file. This type of reformatting can break Procmail configuration files like the SpamBouncer.</P> |
| 502 | |
| 503 | <P><STRONG>Lynx users should note that lynx reformats text files when downloading them via a normal link access command, which will break the SpamBouncer and most other Procmail scripts.</STRONG> If you're a lynx user, please remember to use the "D" command to download the SpamBouncer files instead of just accessing the link, or (even better) ftp the files from the links in the FTP column instead of trying to retrieve them from the http:// links in the WWW/HTTP column.</P> |
| 504 | |
| 505 | <TABLE BORDER=0 WIDTH=100%> |
| 506 | |
| 507 | <TR ALIGN=CENTER VALIGN=CENTER> |
| 508 | |
| 509 | <TH WIDTH=48%>Via FTP</TH> |
| 510 | <TD WIDTH=4%><BR></TD> |
| 511 | <TH WIDTH=48%>Via WWW/HTTP</TH> |
| 512 | |
| 513 | </TR> |
| 514 | |
| 515 | <TR ALIGN=LEFT VALIGN=TOP> |
| 516 | |
| 517 | <TD WIDTH=48%><P>To ftp the SpamBouncer, you must do this:</P> |
| 518 | |
| 519 | <OL> |
| 520 | |
| 521 | <LI>Log on to your shell account, and type "<CODE>cd</CODE>" to be sure you are in your home directory.</LI> |
| 522 | |
| 523 | <LI>Type, "<CODE>ftp ftp.spambouncer.org</CODE>", and press <Enter>.</LI> |
| 524 | |
| 525 | <LI>When ftp prompts you to login, type "<CODE>anonymous</CODE>", press <Enter>, and then when prompted for your password, type your email address, and press <Enter> again. <EM>(This will log you in and take you to the location where the SpamBouncer files are stored.)</EM></LI> |
| 526 | |
| 527 | <LI>Depending on whether you want to download the complete SpamBouncer archive or update an existing installation, you will need to do slightly different things at this point:</LI> |
| 528 | |
| 529 | <UL> |
| 530 | |
| 531 | <LI>To retrieve the entire SpamBouncer program archive as a Unix .Z (compress format) file, when your prompt returns, type "<CODE>binary</CODE>" and press <Enter>. When your prompt returns, type "<CODE>get sb.tar.Z</CODE>" and press <Enter> to retrieve the production version SpamBouncer archive. To retrieve the beta version, type "<CODE>get sb-new.tar.Z</CODE>" and press <Enter>.</LI> |
| 532 | |
| 533 | <LI>To retrieve the entire SpamBouncer program archive as a Unix .gz (gzip format) file, when your prompt returns, type "<CODE>binary</CODE>" and press <Enter>. When your prompt returns, type "<CODE>get sb.tar.gz</CODE>" and press <Enter> to retrieve the production version SpamBouncer archive. To retrieve the beta version, type "<CODE>get sb-new.tar.gz</CODE>" and press <Enter>.</LI> |
| 534 | |
| 535 | <LI>To retrieve the <STRONG><EM>uncompressed</EM></STRONG> individual files to update an existing SpamBouncer installation, when your prompt returns, type "<CODE>cd sb</CODE>" (for the production version) or "<CODE>cd sb-new</CODE>" for the beat version, and then press <Enter>. When your prompt returns, type "<CODE>ascii</CODE>" and press <Enter>. When your prompt returns, type "<CODE>get <EM>filename</EM></CODE>" to retrieve an individual file, or "<CODE>mget *</CODE>" to get all files, and press <Enter> .</LI> |
| 536 | |
| 537 | </UL> |
| 538 | |
| 539 | <LI>When your prompt returns, type "<CODE>bye</CODE>" and press <Enter> to end your ftp session.</LI> |
| 540 | |
| 541 | </OL> |
| 542 | |
| 543 | </TD> |
| 544 | |
| 545 | <TD WIDTH=4%> <BR></TD> |
| 546 | |
| 547 | <TD WIDTH=48%><P>To download the SpamBouncer via your WWW browser, choose one of the links below and, when your web browser prompts you, save the file to your hard disk. The ZIP archives contain files intended for your PC, while the tar.Z and tar.gz archives contain files intended for your Unix server.</P> |
| 548 | |
| 549 | <UL> |
| 550 | |
| 551 | <LI><STRONG>Production:</STRONG> <A HREF="mailto:pinochet@hrweb.org"></A><A HREF="http://www.spambouncer.org/sb.zip">sb.zip</A> | <A HREF="http://www.spambouncer.org/sb.tar.Z">sb.tar.Z</A> | <A HREF="http://www.spambouncer.org/sb.tar.gz">sb.tar.gz</A> (4/21/04)</LI> |
| 552 | |
| 553 | <UL><LI><STRONG>Beta:</STRONG> <STRONG><EM><A HREF="http://www.spambouncer.org/sb-new.zip">sb-new.zip</A> | <A HREF="http://www.spambouncer.org/sb-new.tar.Z">sb-new.tar.Z</A> | <A HREF="http://www.spambouncer.org/sb-new.tar.gz">sb-new.tar.gz</A> (4/21/04)</LI></EM></STRONG></UL> |
| 554 | |
| 555 | <UL><LI><STRONG>Previous Production:</STRONG> <EM><A HREF="http://www.spambouncer.org/sb-old.zip">sb-old.zip</A> | <A HREF="http://www.spambouncer.org/sb-old.tar.Z">sb-old.tar.Z</A> | <A HREF="http://www.spambouncer.org/sb-old.tar.gz">sb-old.tar.gz</A> (2/11/04)</LI></EM></UL> |
| 556 | |
| 557 | </UL> |
| 558 | |
| 559 | <P>Here are FTP download URLs for the convenience of Lynx users or users of other browsers who are having trouble with file corruption when downloading the SpamBouncer from the standard HTTP urls above. Please use the links below only if the other links don't work for you.</P> |
| 560 | |
| 561 | <P><UL> |
| 562 | |
| 563 | <LI><STRONG>Production:</STRONG> <A HREF="ftp://ftp.spambouncer.org/sb.zip">sb.zip</A> | <A HREF="ftp://ftp.spambouncer.org/sb.tar.Z">sb.tar.Z</A> | <A HREF="ftp://ftp.spambouncer.org/sb.tar.gz">sb.tar.gz</A> (4/21/04)</LI> |
| 564 | |
| 565 | <UL><LI><STRONG>Beta:</STRONG> <STRONG><EM><A HREF="ftp://ftp.spambouncer.org/sb-new.zip">sb-new.zip</A> | <A HREF="ftp://ftp.spambouncer.org/sb-new.tar.Z">sb-new.tar.Z</A> | <A HREF="ftp://ftp.spambouncer.org/sb-new.tar.gz">sb-new.tar.gz</A> (4/21/04)</LI></EM></STRONG></UL> |
| 566 | |
| 567 | <UL><LI><STRONG>Previous Production:</STRONG> <EM><A HREF="ftp://ftp.spambouncer.org/sb-old.zip">sb-old.zip</A> | <A HREF="ftp://ftp.spambouncer.org/sb-old.tar.Z">sb-old.tar.Z</A> | <A HREF="ftp://ftp.spambouncer.org/sb-old.tar.gz">sb-old.tar.gz</A> (2/11/04)</LI></EM></UL> |
| 568 | |
| 569 | </UL></P> |
| 570 | |
| 571 | </TD> |
| 572 | |
| 573 | </TR> |
| 574 | |
| 575 | </TABLE> |
| 576 | |
| 577 | <P>Now, if you saved the SpamBouncer files on your local PC, you will need to ftp or upload them to your unix shell account. They should be put in their own directory.</P> |
| 578 | |
| 579 | <P>To unarchive the ZIP format archive, type "<CODE>unzip spambnc.zip</CODE>" and press <Enter>. (Your Unix machine may respond with an "unzip: command not found" error message. If it does, you may not have the Unix program unzip, |
| 580 | and should retrieve the <CODE>tar.Z</CODE> archive.) To unarchive the <CODE>tar.Z</CODE> file, type "<CODE>uncompress spambnc.tar.Z</CODE>", press <Enter>, and then type "<CODE>tar -xvf spambnc.tar</CODE>" and press <Enter> |
| 581 | to extract the individual files.</P> |
| 582 | |
| 583 | <P ALIGN=CENTER><EM><A HREF="#Contents">Return to Table of Contents</A></EM></P> |
| 584 | |
| 585 | <H3><A NAME="TheSpamBouncerFiles">The SpamBouncer Files and What They're For</A></H3> |
| 586 | |
| 587 | <P>The index file of the SpamBouncer, which may be named <CODE>sb.rc</CODE>, <CODE>sb-old.rc</CODE> or <CODE>sb-new.rc</CODE> depending on which version you downloaded, contains the basic script that calls all other files and scripts that comprise the SpamBouncer. The current production version of the SpamBouncer is the one containing <CODE>sb.rc</CODE>. The version containing <CODE>sb-old.rc</CODE> is the previous production release of the SpamBouncer. The version containing <CODE>sb-new.rc</CODE> is the current somewhat stable beta version.</P> |
| 588 | |
| 589 | <P>Inexperienced users or users who don't want problems should not use the beta version, and all beta version users need to follow any warnings/instructions listed among the comments at the top of <CODE>sb-new.rc</CODE> and in the <EM CLASS="XREF"><A HREF="#WhatsNew">What's New</A></EM> section.</P> |
| 590 | |
| 591 | <P>All other files ending in <CODE>.rc</CODE> are subsidiary parts of the SpamBouncer that are called by <CODE>sb.rc</CODE> or <CODE>sb-new.rc</CODE>.</P> |
| 592 | |
| 593 | <P>The <CODE>freemail</CODE> file contains a sample text file which you may install and then set your FREEMAIL variable to point to. You do not need to install this file unless you want to customize the list of free email sites -- the SpamBouncer will use its own internal list if it can't find the text file.</P> |
| 594 | |
| 595 | <P>The "legitlists" file contains a text file with the names of legitimate email lists (the <STRONG>opt-in</STRONG> variety), which you may getting trapped by the SpamBouncer. Just put each mailing list address on a separate line, just as you would with the NOBOUNCE file.</P> |
| 596 | |
| 597 | <P>The other three files contain standardized autoresponder messages for the program. You may customize these to your taste. I do recommend that you leave the references to the SpamBouncer bypass email address in any edited version of |
| 598 | the file <CODE>spam</CODE>, though, so that people know how to contact me if their mail is getting bounced because of a problem with the filter itself, or how it is installed. That way, I can contact you (hopefully), and prevent further damage.</P> |
| 599 | |
| 600 | <P>If you customize the autoresponder messages, you probably will want to keep them reasonably polite. There's no point flaming some poor innocent system administrator at a large ISP just because you're p*ssed at a spamming slimeball. :)</FONT></P> |
| 601 | |
| 602 | <P ALIGN=CENTER><EM><A HREF="#Contents"> |
| 603 | Return to Table of Contents</A></EM></P> |
| 604 | |
| 605 | <H3><A NAME="WhereToPutSpamBouncer">Where to Put the SpamBouncer</A></H3> |
| 606 | |
| 607 | <P>Where you should store the SpamBouncer program files depends on how you are installing the SpamBouncer.</P> |
| 608 | |
| 609 | <P><UL><LI><STRONG><FONT COLOR="#800000" FACE="Arial,Helvetica,Geneva,Sans-Serif">Individual installations</FONT></STRONG>. If you are an individual user who has a Unix workstation or Unix shell account on which you will use the SpamBouncer, you can create a program directory for the SpamBouncer anywhere that your permissions will allow you to create directories and write files. I recommend creating a directory called <CODE>sb</CODE> off of your HOME directory, and putting the SpamBouncer program files there.</LI></UL></P> |
| 610 | |
| 611 | <P><UL><LI><STRONG><FONT COLOR="#800000" FACE="Arial,Helvetica,Geneva,Sans-Serif">Site installations</FONT></STRONG>. If you are a system administrator installing the SpamBouncer for sitewide use, you should create the program directory in an area where user accounts have read-only access. I recommend creating a directory called <CODE>sb</CODE> or <CODE>spambouncer</CODE> off of <CODE>/usr/local/bin</CODE> or another directory where you store local programs. If you do this, users on your system can then create symbolic links to the shared SpamBouncer directory in their home directories. This allows you to keep the SpamBouncer up to date.</LI></UL></P> |
| 612 | |
| 613 | <P><UL><P>If a particular user wants to modify the filter, he can simply create a private directory, copy the necessary files to it, and make whatever changes he wants. If he does the last, of course, he is responsible for updating his copy of the filter manually.</P></UL></P> |
| 614 | |
| 615 | <P>In either case, as you proceed through these instructions and configure the SpamBouncer, you should put the configuration files that you create and will modify somewhere outside of the SpamBouncer program directory. In particular, your <CODE>.procmailrc</CODE> file, LEGITLISTS file, LOCALHOSTFILE file, MYEMAIL file, and NOBOUNCE file should all be located outside of the SpamBouncer program directory. That way, when you update the SpamBouncer, you won't overwrite your configuration.</P> |
| 616 | |
| 617 | <P ALIGN=CENTER><EM><A HREF="#Contents">Return to Table of Contents</A></EM></P> |
| 618 | |
| 619 | <H2><FONT COLOR="#800000"><A NAME="ConfiguringSpamBouncer">Configuring the SpamBouncer</A></FONT></H2> |
| 620 | |
| 621 | <P>The SpamBouncer is a highly configurable program with an often-bewildering number of options. If you are an individual user installing the SpamBouncer, however, you can safely accept the default configuration for many of those options when first installing the program. The default configuration is designed with safety first in mind; even if it catches legitimate email, it will not delete it or autocomplain about it.</P> |
| 622 | |
| 623 | <P>Some configuration is required before you start, though, or the SpamBouncer will simply do nothing and pass your email to you unfiltered. In addition, to get the best use out of the SpamBouncer, you will need to understand more about configuring it so that you can enable options that will catch a lot more spam.</P> |
| 624 | |
| 625 | <P>In particular, if you are a system administrator who will install and configure the SpamBouncer for unsophisticated users, or users who will have only POP access, you must make sure you understand how the SpamBouncer works before you implement it. The SpamBouncer was designed originally by a Unix geek for Unix geeks to use on Unix shell accounts. :) I have added a number of featurs to make it possible to use the SpamBouncer on a system-wide basis and have users that successfully do this, but I am not a system administrator of a mail server myself. I cannot test various configurations of this type myself as a professional software company would. So please be careful, and give me lots of feedback!</P> |
| 626 | |
| 627 | <H3><A NAME="BasicConfiguration">Basic Configuration</A></H3> |
| 628 | |
| 629 | <P>There are a few variables that every user must set when first installing the program, and a few more that you will want to set to make the SpamBouncer work in the most efficient manner. All users must first set the following variables in their <CODE>.procmailrc</CODE> files:</P> |
| 630 | |
| 631 | <P><UL><LI><STRONG><FONT COLOR="#FF0000">DEFAULT</FONT></STRONG>. Find out what your default incoming email box is and set the DEFAULT variable to that mailbox. On many Unix systems, the default mailbox will be <CODE>/var/spool/mail/yourlogin</CODE> or <CODE>/var/mail/yourlogin</CODE>. For example, if your incoming email is stored in <CODE>/var/mail/yourlogin</CODE>, put the statement <CODE>DEFAULT=/var/mail/yourlogin</CODE> in your <CODE>.procmailrc</CODE> file. (Substitute your login for <CODE>yourlogin</CODE>.)</LI></UL></P> |
| 632 | |
| 633 | <P><UL><LI><STRONG><FONT COLOR="#FF0000">FORMAIL</FONT></STRONG>. Find out where the <CODE>formail</CODE> program is stored on your system, and set the FORMAIL variable to point to it. On many Unix systems, <CODE>formail</CODE> will be located in <CODE>/usr/bin/formail</CODE> or <CODE>/usr/local/bin/formail</CODE>. For example, if your system stores <CODE>formail</CODE> in <CODE>/usr/bin/formail</CODE>, put the statement <CODE>FORMAIL=/usr/bin/formail</CODE> in your <CODE>.procmailrc</CODE> file.</LI></UL></P> |
| 634 | |
| 635 | <P><UL><LI><STRONG><FONT COLOR="#FF0000">SBDIR</FONT></STRONG>. Set the SBDIR variable to point to the directory where you have put the SpamBouncer program files. Many users put the SpamBouncer files in <CODE>${HOME}/sb</CODE>, but you can install them wherever you wish. For example, if you install the SpamBouncer program in <CODE>${HOME}/sb</CODE>, put the statement <A HREF="mailto:sakeneko@yahoo.com"></A><CODE>SBDIR=${HOME}/sb</CODE> in your <CODE>.procmailrc</CODE> file.</LI></UL></P> |
| 636 | |
| 637 | <P>After you have set the variables above, you should next create four text files: <CODE>.legitlists</CODE>, <CODE>.localhostfile</CODE>, <CODE>.myemail</CODE>, and <CODE>.nobounce</CODE>. You can put them in your home directory, where the SpamBouncer looks for them by default, or in any other directory. If you put them in a directory other than your HOME directory, you must set the LEGITLISTS, LOCALHOSTFILE, MYEMAIL, and NOBOUNCE variables to point to the proper location and filename. For example, if you name your NOBOUNCE file <CODE>my-friends</CODE> and put it in <CODE>${HOME}/configfiles</CODE>, put the statement <CODE>NOBOUNCE=${HOME}/configfiles/my-friends</CODE> in your <CODE>.procmailrc</CODE> file.</P> |
| 638 | |
| 639 | <P>Each of these text files must be in Unix text format. That means that you must use a text editor to edit them. <STRONG>DO NOT USE a word processing program like Microsoft Word or Microsoft Wordpad!</STRONG> (Windows users should use Windows Notepad, if they do not have another text editor they prefer.) If you edit these files on a Windows- or Macintosh-based computer, you must upload them using ftp in ASCII mode or some other means that will create Unix, not DOS, text files.</P> |
| 640 | |
| 641 | <P>In each file, you must include email addresses or domain names, one on each line of the file. Ensure that there are no blank lines in each of these files, and that the last email address or domain name is followed by a carriage return. (That may create what looks like a blank line in some text editors, but it isn't actually a blank line.) To avoid problems on a few older Unix systems, you should ensure that the email addresses you list in these files are entirely in lower case letters.</P> |
| 642 | |
| 643 | <P><UL><LI><STRONG><FONT COLOR="#FF0000">.legitlists</FONT></STRONG>. Enter the names of all legitimate bulk mailing lists you are subscribed to. A sample <CODE>.legitlists</CODE> file is shown below:</LI></UL></P> |
| 644 | |
| 645 | <BLOCKQUOTE><BLOCKQUOTE><CODE>junkfax-l@trashbusters.org<BR> |
| 646 | html-wizards-l@earlham.edu<BR> |
| 647 | outback@yahoogroups.com</CODE></BLOCKQUOTE></BLOCKQUOTE> |
| 648 | |
| 649 | <P><UL><LI><STRONG><FONT COLOR="#FF0000">.localhostfile</FONT></STRONG>. Enter the name of each domain that you receive email for. If you receive email only for one host, enter that host name in the file. A sample <CODE>.localhostfile</CODE> file is shown below:</LI></UL></P> |
| 650 | |
| 651 | <BLOCKQUOTE><BLOCKQUOTE><CODE>hrweb.org<BR> |
| 652 | spambouncer.org</CODE></BLOCKQUOTE></BLOCKQUOTE> |
| 653 | |
| 654 | <P><UL><LI><STRONG><FONT COLOR="#FF0000">.myemail</FONT></STRONG>. Enter every email address that belongs to you on this system. (Don't worry -- the SpamBouncer knows about spammers that forge your email address into the From: line and isn't fooled by this.) A sample <CODE>.myemail</CODE> file is shown below:</LI></UL></P> |
| 655 | |
| 656 | <BLOCKQUOTE><BLOCKQUOTE><CODE>abuse@hrweb.org<BR> |
| 657 | abuse@spambouncer.org<BR> |
| 658 | ariel@hrweb.org<BR> |
| 659 | ariel@spambouncer.org<BR> |
| 660 | postmaster@hrweb.org<BR> |
| 661 | postmaster@spambouncer.org<BR> |
| 662 | webmaster@hrweb.org<BR> |
| 663 | webmaster@spambouncer.org</CODE></BLOCKQUOTE></BLOCKQUOTE> |
| 664 | |
| 665 | <P><UL><LI><STRONG><FONT COLOR="#FF0000">.nobounce</FONT></STRONG>. Enter the email address of every person you regularly receive email from. This will speed up delivery of your mail and reduce the work your server must do to filter your mail, since email from addresses in the NOBOUNCE file is filtered for viruses, but nothing else. In addition, if you regularly add the email addresses of people you correspond with to the NOBOUNCE file, you can use more aggressive filtering options in the SpamBouncer without having a large number of false positives. A sample <CODE>.nobounce</CODE> file is shown below:</LI></UL></P> |
| 666 | |
| 667 | <BLOCKQUOTE><BLOCKQUOTE><CODE>friend@home.com<BR> |
| 668 | anotherfriend@home.com<BR> |
| 669 | boss@work.com<BR> |
| 670 | coworker@work.com<BR> |
| 671 | mom@juno.com<BR> |
| 672 | brother@yahoo.com<BR> |
| 673 | kid@highschool.kids.us</CODE></BLOCKQUOTE></BLOCKQUOTE> |
| 674 | |
| 675 | <P><UL><P>You can also add partial strings, such as entire domains or subdomains, or partial email addresses, to your NOBOUNCE file. For example, if you know that all email sent from the subdomain <STRONG><CODE>engineering.work.com</CODE></STRONG> is from one of your coworkers and nobody else, you could add that string to your NOBOUNCE file just as you would add an email address. If you have a friend who habitually changes ISPs or uses email accounts at multiple sites, but whose email address always starts with <STRONG><CODE>skywalker@</CODE></STRONG>, you could add that string to your NOBOUNCE file just as you would add an email address.</P></UL></P> |
| 676 | |
| 677 | <P><UL><P><STRONG>NOTE:</STRONG>Be careful about adding partial strings or entire domains to your NOBOUNCE file. If the string you add is a common string that might be found in email other than the email you are expecting, this can cause the SpamBouncer to think that a spam is okay and not filter it.</P></UL></P> |
| 678 | |
| 679 | <P><UL><P>For example, if you have several friends who have email addresses at <STRONG><CODE>aol.com</CODE></STRONG>, and you add <STRONG><CODE>aol.com</CODE></STRONG> to your NOBOUNCE file, the SpamBouncer will pass anything that appears to be from anyone at <STRONG><CODE>aol.com</CODE></STRONG> without filtering it. Lots of spammers forge email address at <STRONG><CODE>aol.com</CODE></STRONG> in the From: lines of their spam, so this means you would get a lot of spam in your inbox that the SpamBouncer would otherwise have caught.</P></UL></P> |
| 680 | |
| 681 | <P><UL><P>It is safest to add only complete email addresses to your NOBOUNCE file unless you are an experienced user and understand the implications of a partial match.</P></UL></P> |
| 682 | |
| 683 | <P>Next, If you use MH Mail, want to forward email to other email addresses after the SpamBouncer has filtered it, or want to write you must set the <STRONG><CODE>SBDELIVERY</CODE></STRONG> variable so that the SpamBouncer won't simply deliver your email to a standard Unix flat-file mailbox. If you use MH Mail, set <STRONG><CODE>SBDELIVERY=MH</CODE></STRONG> in your <STRONG><CODE>.procmailrc</CODE></STRONG>. If you are configuring the SpamBouncer to filter email for an entire mail server, or want to write your own customized delivery recipes, set <STRONG><CODE>SBDELIVERY=FILTER</CODE></STRONG> in your <STRONG><CODE>.procmailrc</CODE></STRONG>.</P> |
| 684 | |
| 685 | <P><STRONG>NOTE:</STRONG> Users who use the SpamBouncer to filter email for their own account, and who use a POP mail program or a Unix-based program such as <STRONG><CODE>elm</CODE></STRONG> or <STRONG><CODE>mutt</CODE></STRONG>, do not need to set this variable. The default setting, <STRONG><CODE>SBDELIVERY=FILE</CODE></STRONG>, is the correct setting for most individual users.</P> |
| 686 | |
| 687 | <P>After you have created these files, you should choose one of the following three sections and do what is indicated in that section. The sections are <STRONG><A HREF="#Risk-Averse">Risk Averse or New Users</A></STRONG>, <STRONG><A HREF="#Moderate">Ready to Fight Back</A></STRONG>, and <STRONG><A HREF="#Rabid">I HATE SPAM AND WANT IT GONE NOW!</A></STRONG>. I've tried to make it easy to tell which section you want. :)</P> |
| 688 | |
| 689 | <P>You can also check out the <STRONG><A HREF="http://www.claws-and-paws.com/spam-l/tracking.html">Tracking Spam</A></STRONG> or <STRONG><A HREF="http://spamcop.net/">SpamCop</A></STRONG> web sites to learn how to complain about spam manually. Manual complaints take time, but are always the best way to get a spammer shut down if you do it right.</P> |
| 690 | |
| 691 | <P ALIGN=CENTER><EM><A HREF="#Contents">Return to Table of Contents</A></EM></P> |
| 692 | |
| 693 | <H3><A NAME="Risk-Averse">Risk-Averse or New Users</A></H3> |
| 694 | |
| 695 | <P>Users who do not want to risk false positives should use this configuration. This is also the configuration you should start with, regardless of what you do after you become comfortable with Unix and the SpamBouncer.</P> |
| 696 | |
| 697 | <P><UL><LI><STRONG><FONT COLOR="#FF0000">BLOCKFOLDER and SPAMFOLDER</FONT></STRONG>. Set both of these variables to the name of a folder where you want the SpamBouncer store email that it catches. Once every few days, review this folder to make sure no legitimate email was caught in error. Add the email address of anyone whose email was caught in error to your NOBOUNCE file or LEGITLISTS file (depending on whether it was individual email or a mailing list), and then delete everything else.</LI></UL></P> |
| 698 | |
| 699 | <P><UL><LI><STRONG><FONT COLOR="#FF0000">BLOCKREPLY, PATTERNMATCHING, and SPAMREPLY</FONT></STRONG>. Set all three of these variables to SILENT. You don't want to send autoreplies or bounces, but you do want Pattern Matching turned on and the default setting leaves it off.</LI></UL></P> |
| 700 | |
| 701 | <P><UL><LI><STRONG><FONT COLOR="#FF0000">VIRUSFOLDER</FONT></STRONG>. Set this variable to <CODE>/dev/null</CODE> to delete all viruses. You don't want to take chances with a virus, and the false positive rate on the virus filters is near zero.</LI></UL></P> |
| 702 | |
| 703 | <P ALIGN=CENTER><EM><A HREF="#Contents">Return to Table of Contents</A></EM></P> |
| 704 | |
| 705 | <H3><A NAME="Moderate">Ready to Fight Back :)</A></H3> |
| 706 | |
| 707 | <P>Users who are willing to accept a low false positive rate, and who want to use the SpamBouncer's autocomplaining features, should set the following variables:</P> |
| 708 | |
| 709 | <P><UL><LI><STRONG><FONT COLOR="#FF0000">ALTFROM</FONT></STRONG>. Set this to the email address from which you want to send complaints. You may want to obtain a free email address at Yahoo or another free provider and use it just for this purpose. Some ISPs forward spam complaints to spammers, and spammers have been known to sell the addresses of people who complain to other spammers as "known live" email addreses, or even mailbomb those who complain. It is best not to send complaints from your normal email address. (A user pointed out that a number of abuse addresses reject complaints from people with Hotmail addresses. You might want to avoid using Hotmail for your complaint account.)</LI></UL></P> |
| 710 | |
| 711 | <P><UL><LI><STRONG><FONT COLOR="#FF0000">BLOCKFOLDER and SPAMFOLDER</FONT></STRONG>. Set both of these variables to the name of a folder where you want the SpamBouncer store email that it catches. Once every few days, review this folder to make sure no legitimate email was caught in error. Add the email address of anyone whose email was caught in error to your NOBOUNCE file or LEGITLISTS file (depending on whether it was individual email or a mailing list). Delete anything the SpamBouncer has complained about already, or that you don't want to bother with, and complain about the rest manually.</LI></UL></P> |
| 712 | |
| 713 | <P><UL><LI><STRONG><FONT COLOR="#FF0000">BLOCKREPLY</FONT></STRONG>. Set this to SILENT. Email classified as Blocked does have some false positives in it, so check your BLOCKFOLDER/SPAMFOLDER regularly to rescue anything you wanted to receive. (And add the sender's name to your NOBOUNCE file to prevent further blocking.)</LI></UL></P> |
| 714 | |
| 715 | <P><UL><LI><STRONG><FONT COLOR="#FF0000">PATTERNMATCHING</FONT></STRONG>. Set this variable to SILENT. You don't want to send autoreplies or bounces for Pattern Matching because it is more prone to false positives than other types of Blocked email, but you do want Pattern Matching turned on and the default setting leaves it off. (Add the sender's name to your NOBOUNCE file to prevent further blocking.)</LI></UL></P> |
| 716 | |
| 717 | <P><UL><LI><STRONG><FONT COLOR="#FF0000">SENDMAIL</FONT></STRONG>. Set this to point to your system's copy of the <CODE>sendmail</CODE> program. On many systems, this is located in <CODE>/usr/bin/sendmail</CODE>, <CODE>/usr/sbin/sendmail</CODE>, or even <CODE>/bin/sendmail</CODE>. If you do not set this variable correctly, the SpamBouncer will not be able to send bounces, complaints, or notify messages.</LI></UL></P> |
| 718 | |
| 719 | <P><UL><LI><STRONG><FONT COLOR="#FF0000">SPAMREPLY</FONT></STRONG>. Set this to COMPLAIN. The SpamBouncer very rarely classifies legitimate email as spam. It also does not complain about most spam; it complains only about spam from known spam sources, and usually very aggressive known spam sources that send a lot of spam. By auto-complaining, you ensure that the ISPS of egregious and aggressive spammers are notified immediately when their spamming customers spam again.</LI></UL></P> |
| 720 | |
| 721 | <P><UL><LI><STRONG><FONT COLOR="#FF0000">VIRUSFOLDER</FONT></STRONG>. Set this variable to <CODE>/dev/null</CODE> to delete all viruses. You don't want to take chances with a virus, and the false positive rate on the virus filters is near zero.</LI></UL></P> |
| 722 | |
| 723 | <P>In addition, look through the <STRONG><A HREF="#BlocklistSupport">list of blocklists</A></STRONG> the SpamBouncer supports and enable those that look interesting. :)</P> |
| 724 | |
| 725 | <P ALIGN=CENTER><EM><A HREF="#Contents">Return to Table of Contents</A></EM></P> |
| 726 | |
| 727 | <H3><A NAME="Rabid">I HATE SPAM AND WANT IT GONE NOW!</A></H3> |
| 728 | |
| 729 | <P>If you feel this way, then you and I obviously have some common ancestors or early environmental influences in common. <grin> Set the following variables if you want to autocomplain aggressively, bounce spam back, and notify users whose mail is blocked by the SpamBouncer, and are willing to check the BLOCKFOLDER frequently for false positives:</P> |
| 730 | |
| 731 | <P><UL><LI><STRONG><FONT COLOR="#FF0000">ALTFROM</FONT></STRONG>. Set this to the email address from which you want to send complaints.</LI></UL></P> |
| 732 | |
| 733 | <P><UL><LI><STRONG><FONT COLOR="#FF0000">BLOCKFOLDER</FONT></STRONG>. Set this variable to the name of a folder where you want the SpamBouncer store blocked email. Once every few days, review this folder to make sure no legitimate email was caught in error. Add the email address of anyone whose email was caught in error to your NOBOUNCE file or LEGITLISTS file (depending on whether it was individual email or a mailing list). Delete anything the SpamBouncer has complained about already, or that you don't want to bother with. Complain about the rest manually.</LI></UL></P> |
| 734 | |
| 735 | <P><UL><LI><STRONG><FONT COLOR="#FF0000">BLOCKREPLY</FONT></STRONG>. Set this to NOTIFY. Email classified as Blocked does have some false positives in it, so in addition to notifying people, you should check your BLOCKFOLDER/SPAMFOLDER regularly to rescue anything you wanted to receive. (And add the sender's name to your NOBOUNCE file to prevent further blocking.)</LI></UL></P> |
| 736 | |
| 737 | <P><UL><LI><STRONG><FONT COLOR="#FF0000">PATTERNMATCHING</FONT></STRONG>. Set this variable to NOTIFY as well, and the SpamBouncer will treat email caught by the Pattern Matching filters exactly as it does Blocked email. (Add the sender's name to your NOBOUNCE file to prevent further blocking.)</LI></UL></P> |
| 738 | |
| 739 | <P><UL><LI><STRONG><FONT COLOR="#FF0000">SENDMAIL</FONT></STRONG>. Set this to point to your system's copy of the <CODE>sendmail</CODE> program. On many systems, this is located in <CODE>/usr/bin/sendmail</CODE>, <CODE>/usr/sbin/sendmail</CODE>, or even <CODE>/bin/sendmail</CODE>. If you do not set this variable correctly, the SpamBouncer will not be able to send bounces, complaints, or notify messages.</LI></UL></P> |
| 740 | |
| 741 | <P><UL><LI><STRONG><FONT COLOR="#FF0000">SPAMFOLDER</FONT></STRONG>. Set this variable to the name of a folder where you want the SpamBouncer store spam, and review the folder every few days so that you can complain manually about anything the SpamBouncer didn't autocomplain about, or set it to <CODE>/dev/null</CODE> if you don't want to be bothered with it further.</LI></UL></P> |
| 742 | |
| 743 | <P><UL><LI><STRONG><FONT COLOR="#FF0000">SPAMREPLY</FONT></STRONG>. Set this to COMPLAIN. COMPLAIN will cause the SpamBouncer to send automatic complaints about spam that comes from a known source.</LI></UL></P> |
| 744 | |
| 745 | <P><UL><LI><STRONG><FONT COLOR="#FF0000">VIRUSFOLDER</FONT></STRONG>. Set this variable to <CODE>/dev/null</CODE> to delete all viruses, or to a folder if you want to look at the virus emails on your Unix system (which is probably immune to them) and determine who might be infected so that you can notify them or their ISP and get the problem fixed.</LI></UL></P> |
| 746 | |
| 747 | <P>In addition, look through the <STRONG><A HREF="#BlocklistSupport">list of blocklists</A></STRONG> the SpamBouncer supports and enable those that look interesting. Many of them are somewhat redundant, but I find that one often catches what the other does not. For example, the Five-Ten-SG blocklists are much better at catching spam from Asian spammers (such as Chinese spammers) than the other blocklists are, but the NJABL lists are better at catching European spam. The SpamBouncer uses a weighted scoring system with blocklist matches, so you can safely enable more aggressive blocklists if you wish without seeing a significantly higher numbr of false positives. </P> |
| 748 | |
| 749 | <P>I prefer to use a lot of blocklists, and when one catches legitimate email, add the sender to my NOBOUNCE file.</P> |
| 750 | |
| 751 | <P ALIGN=CENTER><EM><A HREF="#Contents">Return to Table of Contents</A></EM></P> |
| 752 | |
| 753 | <H3><A NAME="SpecialInstructionsForPOPMail">Special Instructions for Users of POP Mail Clients</A></H3> |
| 754 | |
| 755 | <P><A NAME="X-SpamBouncer">Users</A> who get their mail using Eudora, Netscape Communicator, Pegasus Mail, or another POP mail client which can filter email by any header will need to set up their filters to look for the following headings:</P> |
| 756 | |
| 757 | <P><DL><DT><STRONG>X-SBClass: Admin</STRONG></DT> |
| 758 | |
| 759 | <DD>This header indicates mail sent to the ADMINFOLDER. You should create a folder for Admin mail on your client program, and then set your client program's filter to look for this header and filter mail which has it into the Admin folder.</DD></DL></P> |
| 760 | |
| 761 | <P><DL><DT><STRONG>X-SBClass: Blocked</STRONG></DT> |
| 762 | |
| 763 | <DD>This header indicates mail flagged as probable spam, but not certainly so. Create a folder for Blocked mail and set your client program's filters to put mail with this header into the Blocked Mail folder.</DD></DL></P> |
| 764 | |
| 765 | <P><DL><DT><STRONG>X-SBClass: Bulk</STRONG></DT> |
| 766 | |
| 767 | <DD>This header indicates mail flagged as bulk mail which is probably legitimate, such as that from known opt-in mailing lists or sent using known legitimate mailing list software, and which passed spam filtering. I recommend creating a separate folder for such mail, though, since that will make it easier to spot personal email, which is usually more important and should get priority.</DD></DL></P> |
| 768 | |
| 769 | <P><DL><DT><STRONG>X-SBClass: OK</STRONG></DT> |
| 770 | |
| 771 | <DD>This header indicates personal email which passed the spam checks. Set your client program's filters to put this mail in the normal incoming folder.</DD></DL></P> |
| 772 | |
| 773 | <P><DL><DT><STRONG>X-SBClass: Spam</STRONG></DT> |
| 774 | |
| 775 | <DD>This header indicates mail flagged as definitely spam. Most POP users will simply set the SpamBouncer to delete this mail outright. If you have set the SpamBouncer to deliver it to your POP mail account, though (perhaps because you want to learn more about spam), it will arrive with this header. Create a folder for Spam and set your POP client's |
| 776 | program filters to put mail with this header in the Spam folder.</DD></DL></P> |
| 777 | |
| 778 | <P><DL><DT><STRONG>X-SBClass: Virus</STRONG></DT> |
| 779 | |
| 780 | <DD>This header indicates mail flagged as a virus. POP users should set the SpamBouncer to delete this mail outright.</DD></DL></P> |
| 781 | |
| 782 | <P>Users that use Microsoft Outlook or Outlook Express who cannot upgrade to a better email program can set <STRONG><CODE>OUTLOOKTAGGING=yes</CODE></STRONG> in their <CODE>.procmailrc</CODE> file to cause the SpamBouncer to embed the X-SBClass: header in the Subject: header of incoming email if that email is classifed as a virus, as spam, or as blocked. The users can then use Outlook's filters to put all email with embedded X-SBClass: headers into a junk email folder.</P> |
| 783 | |
| 784 | <P ALIGN=CENTER><EM><A HREF="#Contents">Return to Table of Contents</A></EM></P> |
| 785 | |
| 786 | <H3><A NAME="FinishingConfiguration">Finishing Your Configuration</A></H3> |
| 787 | |
| 788 | <P>After setting the variables in your <CODE>.procmailrc</CODE>, add this line to your <CODE>.procmailrc</CODE> file at the point where you want to filter your mail for spam:</P> |
| 789 | |
| 790 | <PRE> INCLUDERC=${SBDIR}/sb.rc</PRE> |
| 791 | |
| 792 | <P>This line should appear <EM>after recipes for mail you don't want to filter for spam</EM> and <STRONG>before recipes for mail you do want to filter for spam.</STRONG> Users of the sample <CODE>procmail.rc</CODE> that comes with the SpamBouncer will have the correct lines in the correct location already, and will just need to uncomment whichever one they want to use. </P> |
| 793 | |
| 794 | <P ALIGN=CENTER><EM><A HREF="#Contents">Return to Table of Contents</A></EM></P> |
| 795 | |
| 796 | <H2><FONT COLOR="#800000"><A NAME="Reference">A Reference to SpamBouncer Features</A></FONT></H2> |
| 797 | |
| 798 | <P>This section contains a reference to the blocklists supported by the SpamBouncer, and all the SpamBouncer variables. If you need to know what a particular feature does, or want to look "under the hood" of the SpamBouncer, this section will provide it.</P> |
| 799 | |
| 800 | <H3><A NAME="WhitelistSupport">Supported Whitelists</A></H3> |
| 801 | |
| 802 | <P>Anti-spam whitelists contain the IP addresses (and, in some cases, the domain names) of the following types of servers:</P> |
| 803 | |
| 804 | <UL> |
| 805 | |
| 806 | <LI>Private SMTP servers whose owners have guaranteed not to spam</LI> |
| 807 | <LI>ISP SMTP servers that fall within a blocklists blocks through no fault of their own, and that have acceptable and enforced no-spamming AUP/TOS posted publicly on their web sites</LI> |
| 808 | <LI>Bulk email sources whose owners have clear policies forbidding spam and requiring confirmed opt-in for all subscriptions</LI> |
| 809 | |
| 810 | </UL> |
| 811 | |
| 812 | <P>Accepting email sent from whitelisted servers without further filtering can be a highly effective way to reduce false positives resulting from aggressive blocklists and pattern matching filters. This also reduces load on your mail server and speeds delivery of email.</P> |
| 813 | |
| 814 | <P>In addition to the SpamBouncer's internal whitelists, the SpamBouncer supports the Abusive Host Blocking List (AHBL) <STRONG><A HREF="http://www.ahbl.org/">Exemptions</A></STRONG> whitelist, the Habeas Whitelist (<STRONG><A HREF="http://www.habeas.com/supportWhiteList.html">HWL</A></STRONG>), the <STRONG><A HREF="http://www.ironport.com/">Ironport Systems</A></STRONG> Bonded Sender (<STRONG><A HREF="http://www.bondedsender.org/">IBS</A></STRONG>) list, and the <STRONG><A HREF="http://www.web-o-trust.org/">Web-O-Trust</A></STRONG> whitelist. All of these lists are DNS-based whitelists (DNSWLs).</P> |
| 815 | |
| 816 | <P>The AHBL Exemptions whitelist contains the IPs of SMTP servers that the operators of the AHBL consider trustworthy. The HWL contains the IPs of SMTP servers that are bound by the <STRONG><A HREF="http://www.habeas.com/servicesComplianceStds.html">Habeas Compliance Standard</A></STRONG> and associated contract. The IBS contains the IPs of SMTP servers that are part of the Ironport <STRONG><A HREF="http://www.bondedsender.com/">Bonded Sender program</A></STRONG>. The Web-O-Trust whitelist is unique, in that it contains the IPs of SMTP servers vouched for by those system administrators whom the Web-O-Trust operator considers trustworthy, <EM>and</EM> the IPs of SMTP servers whom those sysadmins consider trustworthy, and so on.... Read the web site before enabling it to understand what it is and how it works.</P> |
| 817 | |
| 818 | <P><UL><LI><STRONG><EM><A NAME="AboutAHBLEXEMPTCHECK" HREF="http://www.ahbl.org/">AHBL Exemptions whitelist.</A></EM></STRONG> The AHBL operators maintain a whitelist of trusted email hosts and domains with strict anti-spam policies. They AHBL operators do not make their standards for listing on this whitelist public, but they are long-time anti-spammers with extremely strict standards about a site's policies and practices regarding spam. I (for one) certainly trust any site they trust not to spam. :) If you want to whitelist email from hosts on the AHBL Exemptions whitelist, you must also set <STRONG><CODE>AHBLEXEMPTCHECK=yes</CODE></STRONG> in your <STRONG><CODE>.procmailrc</CODE></STRONG> file. This whitelist is disabled by default.</LI></UL></P> |
| 819 | |
| 820 | <P><UL><LI><STRONG><EM><A NAME="AboutHabeas" HREF="http://www.habeas.com/">Habeas, Inc.</A></EM></STRONG>. Habeas was the brainchild of former MAPS attorney Anne Mitchell and a few other spam fighters who decided to take a different approach to fighting spam -- provide a means to identify email that is <STRONG>not spam</STRONG> and whitelist that email. Users either include a set of headers in their email that are trademarked by Habeas, or register their SMTP servers with the <STRONG><A HREF="http://www.habeas.com/supportWhiteList.html">Habeas Whitelist (HWL)</A></STRONG>. (This is the whitelist formerly called the Habeas User's List, or HUL.)</LI></UL></P> |
| 821 | |
| 822 | <P><UL><P>Habeas has committed to sueing anyone who uses the Habeas SWE warrant mark to send spam, or sends spam via a server listed in the HWL, for trademark and copyright violations. It also places those IPs on another DNS-based list, the <STRONG><A HREF="http://www.habeas.com/supportBlackList.html">Habeas Blacklist (HBL)</A></STRONG>). (This is the list formerly called the Habeas Infringer's List (HIL).) The HBL can then be used to block email from mail servers that have violated the Habeas SWE terms or used the SWE without permission.</P></UL></P> |
| 823 | |
| 824 | <P><UL><P>To enable support for the HUL, you must first complete the <STRONG><A HREF="http://www.habeas.com/cgi-bin/lic.cgi?HUL">Habeas Whitelist Licensing Agreement</A></STRONG>. To obtain access to the HWL, you must agree to certain terms of use, the most important that you will not use the HWL to block email, but only to whitelist it. The SpamBouncer's code does not allow you to use the HWL to block email, so your use of the SpamBouncer will not violate the Habeas license. When you have set this up and Habeas has confirmed that you have access to the HUL server, set the <CODE>HABEASVERIFIED</CODE> variable to <CODE>yes</CODE> in your <CODE>.procmailrc</CODE>. (Habeas and I are working together, so let me know if you run into any problems getting the license.) After you do this, the SpamBouncer will check the HWL and will whitelist email from any server on HWL.</P></UL></P> |
| 825 | |
| 826 | <P><UL><P><STRONG>NOTE:</STRONG> If you get spam from a server on the HWL or that bears the <STRONG><A HREF="http://www.habeas.com/configurationPages/headers.htm">Habeas SWE warrant mark</A></STRONG> in the headers, you should report that spam to Habeas by sending email to <STRONG><A HREF="mailto:reports@habeas.com">reports@habeas.com</A></STRONG> or via their <STRONG><A HREF="http://www.habeas.com/report/">web site</A></STRONG>. Please send a copy to <STRONG><A HREF="mailto:spamtrap@spambouncer.org">spamtrap@spambouncer.org</A></STRONG> as well.</P></UL></P> |
| 827 | |
| 828 | <P><UL><P>To enable support for the HBL, set the <CODE>HABEASINFRINGERS</CODE> variable to <CODE>yes</CODE> in your <CODE>.procmailrc</CODE>. After you do this, the SpamBouncer will check the HBL and will block email from any server on the HBL. (You do not need to sign a license with Habeas to use the HBL.)</P></UL></P> |
| 829 | |
| 830 | <P><UL><LI><STRONG><EM><A NAME="AboutIBS" HREF="http://www.bondedsender.com/">Ironport Bonded Sender List (IBS)</A></EM></STRONG>. The Ironport Bonded Sender program requires that participants send email only to users who have consented to receive it. It restricts the methods that may be used to obtain that consent, forbids participants to sell their email lists to third parties, and imposes a number of other requirements intended to prevent spam. It also requires senders of bulk email put up a substantial cash bond to guarantee compliance with the standards, and fines them for spam complaints above a certain, very small, "allowed complaint rate." Currently, the allowed complaint rate is one complaint per million emails sent, and the fine for additional complaints is $20 per complaint. This quickly becomes prohibitively expensive for spammers.</LI></UL></P> |
| 831 | |
| 832 | <P><UL><P>The Bonded Sender program does not require a closed-loop confirmed opt-in process in all cases, but its exceptions are limited, and the fines that senders pay for any significant number of complaints are, I belive, sufficient to discourage a Bonded Sender participant from sending any significant amount of unsolicited bulk email.</LI></UL></P> |
| 833 | |
| 834 | <P><UL><P>To enable support for the IBS, set the <CODE>IBSCHECK</CODE> variable to <CODE>yes</CODE> in your <CODE>.procmailrc</CODE>. After you do this, the SpamBouncer will check the IBS and will whitelist email from any server on the IBS.</P></UL></P> |
| 835 | |
| 836 | <P><UL><P><STRONG>NOTE:</STRONG> If you get spam from a server on the IBS, you should report that spam to Ironport via their <STRONG><A HREF="http://www.bondedsender.org/complaint/">web site</A></STRONG>. (They also list an email address to which you can report spam on this web page.) Please send a copy to <STRONG><A HREF="mailto:spamtrap@spambouncer.org">spamtrap@spambouncer.org</A></STRONG> as well.</P></UL></P> |
| 837 | |
| 838 | <P><UL><LI><STRONG><EM><A NAME="AboutWOTCHECK" HREF="http://www.web-o-trust.org/">The Web-O-Trust whitelist.</A></EM></STRONG> The whitelist at <STRONG><A HREF="http://www.web-o-trust.org/">web-o-trust.org</A></STRONG> is now supported, and <STRONG>spambouncer.org</STRONG> is participating in in the Web-O-Trust experiment. If you want to participate, you must follow the instructions at the web site. If you want to whitelist email from other participants, you must also set <STRONG><CODE>WOTCHECK=yes</CODE></STRONG> in your <STRONG><CODE>.procmailrc</CODE></STRONG> file. This whitelist is disabled by default.</LI></UL></P> |
| 839 | |
| 840 | <P><UL><P><STRONG>NOTE:</STRONG> The Web-O-Trust whitelist is experimental and new. Don't use it unless you are willing to risk a few spams getting through, and willing to learn what it's about and how it works. I think it's a cool idea, but how well it will work remains to be seen.</P></UL></P> |
| 841 | |
| 842 | <H3><A NAME="BlocklistSupport">Supported Blocklists</A></H3> |
| 843 | |
| 844 | <P>Anti-spam blocklists contain the IP addresses (and, in some cases, the domain names) of the following types of servers:</P> |
| 845 | |
| 846 | <UL> |
| 847 | |
| 848 | <LI>SMTP servers that are direct spam sources (usually owned by the spammers)</LI> |
| 849 | <LI>Web servers that host the web sites of spammers (haven domains)</LI> |
| 850 | <LI>SMTP servers that allow spammers to spam from them (spam-friendly ISPs)</LI> |
| 851 | <LI>SMTP servers that relay for spammers (single- or multi-stage open relays)</LI> |
| 852 | <LI>Proxy servers that allow spammers to hide behind them (open proxies)</LI> |
| 853 | <LI>IP ranges that are assigned to dial-up users (dial-up lists)</LI> |
| 854 | <LI>Web servers that contain insecure forms that can be used for spamming (formmail.pl and other CGI scripts)</LI> |
| 855 | <LI>All servers that lack proper whois information or required contact addresses</LI> |
| 856 | <LI>Other servers that are abused by spammers or that help spammers hide</LI> |
| 857 | |
| 858 | </UL> |
| 859 | |
| 860 | <P>Blocking email sent from blacklisted servers can be a highly effective way to stop spam from reaching your mailbox. In the last year, as the volume of spam on the Internet has surged, the number of blocklists has multiplied, allowing users to choose blocklists whose policies closely match their needs. Blocklists are frequently updated, so a filter that uses them is effectively updated as often as the blocklist is, considerably more frequently than the filter itself is usually updated.</P> |
| 861 | |
| 862 | <P>The following is a list of blocklists supported by the SpamBouncer, sorted by category. I explain what type of spam problem each blocklist category addresses, and then list the available blocklists in that category. The name of each blocklist is hyperlinked to the blocklist maintainer's web site, which you can consult for more information about blocklist policies.</P> |
| 863 | |
| 864 | <P><STRONG><FONT COLOR="#800000" FACE="Arial,Helvetica,Geneva,Sans-Serif">Spam Sources</FONT></STRONG>. IPs and sites listed as spam sources are persistent sources of spam that have continued to spam for a considerable length of time and despite many efforts to stop them. Many have gone through multiple ISPs, being repeatedly disconnected for breaking their provider's terms of service by spamming. Included in these lists are the SMTP servers used to send spam and the web servers that host web sites advertised by spam. Most of these lists are maintained manually.</P> |
| 865 | |
| 866 | <P>One of these blocklists, the SpamHaus blocklist, is enabled by default in the SpamBouncer because it blocks a considerable amount of spam and has a very low false positive rate. Because the most carefully maintained blocklist will make occasional errors, though, the SpamBouncer treats email from all blocklisted servers as suspicious rather than as outright spam, unless that email comes from a server on several blocklists or also meets the SpamBouncer's internal criteria for spam.</P> |
| 867 | |
| 868 | <P><UL><LI><STRONG><EM><A HREF="http://www.spamhaus.org/" NAME="AboutSPAMHAUSORGCHECK">SpamHaus.org List</A></EM></STRONG>. Highly respected blocklist of IP addresses used to send repeated, multiple spam runs or that host web sites advertised via spamming. Enabled by default. You can disable this blocklist by setting the <STRONG><CODE>SPAMHAUSORGCHECK</CODE></STRONG> variable to <CODE>no</CODE>, but I recommend leaving it enabled.</LI></UL></P> |
| 869 | |
| 870 | <P><UL><LI><STRONG><EM><A HREF="http://dnsbl.njabl.org/" NAME="AboutNJABLSRCCHECK">NJABL Confirmed Spam Sources</A></EM></STRONG>. Blocklist of IP addresses used to send repeated, multiple spam runs. Slightly more aggressive than SpamHaus.org, but reasonably conservative, well-maintained, and effective. Disabled by default. You can enable this blocklist by setting the <STRONG><CODE>NJABLSRCCHECK</CODE></STRONG> variable to <CODE>yes</CODE> in your .procmailrc.</LI></UL></P> |
| 871 | |
| 872 | <P><UL><LI><STRONG><EM><A HREF="http://www.spamcop.net/" NAME="AboutSPAMCOPCHECK">SpamCop blocklist</A></EM></STRONG>. Blocklist of IP addresses used to send spam or that offer spam support services. This blocklist is more aggressive than those previously listed, and is likely to result in legitimate email being blocked if you receive email from a site with a lax abuse department or that has spamming customers. If you enable this blocklist, you should check your BLOCKFOLDER frequently to retrieve any legitimate email it catches. Enable this blocklist by setting the <STRONG><CODE>SPAMCOPCHECK</CODE></STRONG> variable to <CODE>yes</CODE>.</LI></UL></P> |
| 873 | |
| 874 | <P><UL><LI><STRONG><EM><A HREF="http://www.mail-abuse.org/rbl/" NAME="AboutRBLCHECK">MAPS Real-time Blackhole List (RBL)</A></EM></STRONG>. The original blocklist of IP addresses used to send repeated, multiple spam runs. Now a pay service and available only if you have subscribed. Enable this blocklist by setting the <STRONG><CODE>RBLCHECK</CODE></STRONG> variable to <CODE>yes</CODE>.(<STRONG>NOTE:</STRONG> If you enable this blocklist without first subscribing to it, all queries against it will result in a negative response. No spam will be detected.)</LI></UL></P> |
| 875 | |
| 876 | <P><UL><LI><STRONG><EM><A HREF="http://www.ahbl.org/" NAME="AboutAHBLSPAMCHECK">AHBL Spam Sources.</A></EM></STRONG> This blocklist lists hosts owned by, operated by, or under the control of spammers. To enable this blocklist, you must set <STRONG><CODE>AHBLSPAMCHECK=yes</CODE></STRONG> in your <STRONG><CODE>.procmailrc</CODE></STRONG> file. This blocklist is disabled by default.</LI></UL></P> |
| 877 | |
| 878 | <P><UL><UL><LI><STRONG><EM><A HREF="http://www.ahbl.org/" NAME="AboutAHBLPSSLCHECK">AHBL Provisional Spam Source Listing.</A></EM></STRONG> IPs that recently have become the source of large quantities of spam, for reasons as yet unknown. The listings on this blocklist change rapidly, as blocks are either removed or moved to other categories. To enable this blocklist, you must set <STRONG><CODE>AHBLPSSLCHECK=yes</CODE></STRONG> in your <STRONG><CODE>.procmailrc</CODE></STRONG> file. This blocklist is disabled by default.</LI></UL></UL></P> |
| 879 | |
| 880 | <P><UL><LI><STRONG><EM><A HREF="http://www.ahbl.org/" NAME="AboutAHBLDOMAINCHECK">AHBL Abusive Domains.</A></EM></STRONG> This blocklist lists domains (not IPs) that are owned by spammers or under their effective control. To enable this blocklist, you must set <STRONG><CODE>AHBLDOMAINCHECK=yes</CODE></STRONG> in your <STRONG><CODE>.procmailrc</CODE></STRONG> file. This blocklist is disabled by default.</LI></UL></P> |
| 881 | |
| 882 | <P><UL><LI><STRONG><EM><A HREF="http://www.five-ten-sg.com/blackhole.php" NAME="FTSGSource">Five-Ten-SG Spam Sources</A></EM></STRONG>. Blocklist of direct spam sources. Similar to the NJABL Spam Sources blocklist, but more aggressive and may therefore result in blocking larger amounts of legitimate email. Enable this blocklist by setting the <STRONG><CODE>FTSGSRCCHECK</CODE></STRONG> variable to <CODE>yes</CODE>.</LI></UL></P> |
| 883 | |
| 884 | <P><UL><LI><STRONG><EM><A HREF="http://www.dnsbl.us.sorbs.net/" NAME="AboutSORBSSPAMCHECK">SORBS Spam Sources blocklist</A></EM></STRONG>. Blocklist of IPs and IP ranges that have sent spam to the SORBS administrators, that host web sites advertised in spam sent to the SORBS aministrators, or that offer spam support services (such as email drop-boxes or DNS) to spammers. This blocklist is aggressive, and is likely to result in legitimate email being blocked if you receive email from a site with a lax abuse department or that has spamming customers. If you enable this blocklist, you should check your BLOCKFOLDER frequently to retrieve any legitimate email it catches. Enable this blocklist by setting the <STRONG><CODE>SORBSSPAMCHECK</CODE></STRONG> variable to <CODE>yes</CODE>.</LI></UL></P> |
| 885 | |
| 886 | <P><STRONG><FONT COLOR="#800000" FACE="Arial,Helvetica,Geneva,Sans-Serif">Open Relays</FONT></STRONG>. Open relays are SMTP servers that accept email from any user on the Internet and deliver it to any other user on the Internet. Properly configured SMTP servers require that either the sender of the email or the recipient be a local user. Spammers <STRONG>LOVE</STRONG> open relays because open relays allow them to avoid spam blocks and deliver more spam, and because some open relays also hide the actual origin of the spam. (The latter are called anonymizing open relays.)</P> |
| 887 | |
| 888 | <P>Blocking open relays is inherently aggressive and will block legitimate email along with spam. It is also an extremely effective way to get spam out of your mailbox, however. While no open relay blocklist is enabled by default in the SpamBouncer, I recommend strongly that you enable one or more of them.</P> |
| 889 | |
| 890 | <P><UL><LI><STRONG><EM><A HREF="http://relays.visi.com/" NAME="RSL">Relay Stop List (RSL)</A></EM></STRONG>. Blocklist of single-stage open relays. This is the least aggressive of the open relay blocklists; it lists only open relays that have been used to relay spam "in the recent past." The RSL tests servers to see if they are open relays only when it has "spam in hand" that appears to have come from that open relay; it does not test preemptively. It removes listings ninety days after the last reported spam from that source, or upon request. This is a good open relay blocklist for those who want to block open relays that are actively being used to send spam, but who do not approve of preemptive testing. Enable this blocklist by setting the <STRONG><CODE>RSLCHECK</CODE></STRONG> variable to <CODE>yes</CODE> in your <STRONG><CODE>.procmailrc</CODE></STRONG>.</LI></UL></P> |
| 891 | |
| 892 | <P><UL><LI><STRONG><EM><A HREF="http://dnsbl.njabl.org/" NAME="AboutNJABLRSSCHECK">NJABL Open Relays</A></EM></STRONG>. Blocklist of single-stage open relays. More aggressive than the ORDB, but well-maintained and effective. Disabled by default. You can enable this blocklist by setting the <STRONG><CODE>NJABLRSSCHECK</CODE></STRONG> variable to <CODE>yes</CODE> in your .procmailrc.</LI></UL></P> |
| 893 | |
| 894 | <P><UL><LI><STRONG><EM><A HREF="http://work-rss.mail-abuse.org/rss/" NAME="AboutRSSCHECK">MAPS Relay Spam Stopper (RSS)</A></EM></STRONG>. Blocklist of single-stage open relays. Conservative -- lists only relays that have been used to spam, rather than all open relays. Now a pay service and available only if you have subscribed. Enable this blocklist by setting the <STRONG><CODE>RSSCHECK</CODE></STRONG> variable to <CODE>yes</CODE>. (<STRONG>NOTE:</STRONG> If you enable this blocklist without first subscribing to it, all queries against it will result in a negative response. No spam will be detected.)</LI></UL></P> |
| 895 | |
| 896 | <P><UL><LI><STRONG><EM><A HREF="http://www.ordb.org/" NAME="AboutORDBCHECK">Open Relay Database (ORDB)</A></EM></STRONG>. Blocklist of single-stage open relays. This is a "Child of ORBS" list; it tests open relays on request and lists those that are open relays. Probably the largest and most widely used list of open relays on the Internet. (I use it.) Enable this blocklist by setting the <STRONG><CODE>ORDBCHECK</CODE></STRONG> variable to <CODE>yes</CODE>.</LI></UL></P> |
| 897 | |
| 898 | <P><UL><LI><STRONG><EM><A HREF="http://www.five-ten-sg.com/blackhole.php" NAME="FTSGRSS">Five-Ten-SG Single-Stage Open Relays</A></EM></STRONG>. Blocklist of single-stage open relays. This is similar to the NJABL Open Relays blocklist, but more aggressive. Enable this blocklist by setting the <STRONG><CODE>FTSGRSSCHECK</CODE></STRONG> variable to <CODE>yes</CODE>.</LI></UL></P> |
| 899 | |
| 900 | <P><UL><LI><STRONG><EM><A HREF="http://dsbl.org/" NAME="DSBL">DSBL Single-Stage Open Relays</A></EM></STRONG>. Blocklist of single-stage open relays -- IP addresses of SMTP servers that relay email for any user on the Internet, addressed to any other user on the Internet. This list contains the IP addresses of confirmed open SMTP relays, open proxy servers, and web sites with insecure <CODE>formmail.pl</CODE> scripts. Entries to this list are from trusted users only. The DSBL is a "Son of ORBZ" blocklist, and as such is somewhat aggressive. Enable this blocklist by setting the <STRONG><CODE>DSBLCHECK</CODE></STRONG> variable to <CODE>yes</CODE>.</LI></UL></P> |
| 901 | |
| 902 | <P><UL><LI><STRONG><EM><A HREF="http://www.ahbl.org/" NAME="AboutAHBLRELAYCHECK">AHBL Open Relays.</A></EM></STRONG> Lists open SMTP relays. To enable this blocklist, you must set <STRONG><CODE>AHBLRELAYCHECK=yes</CODE></STRONG> in your <STRONG><CODE>.procmailrc</CODE></STRONG> file. This blocklist is disabled by default.</LI></UL></P> |
| 903 | |
| 904 | <P><UL><LI><STRONG><EM><A HREF="http://www.dnsbl.us.sorbs.net/" NAME="AboutSORBSRELAYCHECK">SORBS Open Relays blocklist</A></EM></STRONG>. Blocklist of IPs and IP ranges that operate SMTP servers configured as open relays. Enable this blocklist by setting the <STRONG><CODE>SORBSRELAYCHECK</CODE></STRONG> variable to <CODE>yes</CODE>.</LI></UL></P> |
| 905 | |
| 906 | <P><STRONG><FONT COLOR="#800000" FACE="Arial,Helvetica,Geneva,Sans-Serif">Multi-Stage Open Relays/"Smart Hosts"</FONT></STRONG>. Multi-stage open relays are SMTP servers that are themselves secure; they accept email only from their own users or for their own users. Among their users, however, are SMTP servers that are open relays. This allows a spammer to use a customer site of a multi-stage open relay to send email via that site's SMTP server, increasing the amount of spam he can deliver and further obscuring the origin of his spam.</P> |
| 907 | |
| 908 | <P>Blocking email from a multi-stage open relay is inherently risky. Most multi-stage open relays are SMTP servers for large ISPs or companies, and most email they send is legitimate. They have been abused to send large spam runs, however. Blocking email from these relays should reduce the amount of spam you get considerably.</P> |
| 909 | |
| 910 | <P><UL><LI><STRONG><EM><A HREF="http://dnsbl.njabl.org/" NAME="AboutNJABLMULTICHECK">NJABL Multi-Stage Open Relays</A></EM></STRONG>. Blocklist of multi-stage open relays and "smart hosts". Well-maintained and effective. Disabled by default. You can enable this blocklist by setting the <STRONG><CODE>NJABLMULTICHECK</CODE></STRONG> variable to <CODE>yes</CODE> in your .procmailrc.</LI></UL></P> |
| 911 | |
| 912 | <P><UL><LI><STRONG><EM><A HREF="http://www.five-ten-sg.com/blackhole.php" NAME="FTSGMulti">Five-Ten-SG Multi-Stage Open Relays</A></EM></STRONG>. Blocklist of multi-stage open relays. This is similar to the NJABL Multi-Stage Open Relays blocklist, but more aggressive. Enable this blocklist by setting the <STRONG><CODE>FTSGMULTICHECK</CODE></STRONG> variable to <CODE>yes</CODE>.</LI></UL></P> |
| 913 | |
| 914 | <P><UL><LI><STRONG><EM><A HREF="http://dsbl.org/" NAME="DSBLMulti">DSBL Multi-Stage Open Relays</A></EM></STRONG>. Blocklist of multi-stage open relays -- IP addresses of SMTP servers that are themselves secure, but that relay email for other, insecure SMTP servers. Entries to this list are from trusted users only. Enable this blocklist by setting the <STRONG><CODE>DSBLMULTICHECK</CODE></STRONG> variable to <CODE>yes</CODE>.</LI></UL></P> |
| 915 | |
| 916 | <P><STRONG><FONT COLOR="#800000" FACE="Arial,Helvetica,Geneva,Sans-Serif">Dynamic IP Ranges</FONT></STRONG>. Blocklists of dynamic IP ranges include IP addresses assigned dynamically to dial-up users, and sometimes IP addresses assigned to DSL users and cable modem users. Most of these users are not spammers. Users with this type of connection, however, will rarely (if ever) send email directly from their computer to a recipient's SMTP server. Instead, they send outgoing email via their ISPs SMTP servers.</P> |
| 917 | |
| 918 | <P>Spammers, on the other hand, frequently use software that sends email directly from their computer to the recipient's SMTP server, bypassing their own ISP's SMTP server. This allows them to evade security and anti-spamming measures the ISP might have taken. By rejecting email sent directly from a dial-up IP address, you are unlikely to reject legitimate email, but will catch a lot of spam.</P> |
| 919 | |
| 920 | <P>The NJABL Dial-Up Spam Sources List is enabled by default. I highly recommend that you use it or another list below; these lists catch a lot of spam.</P> |
| 921 | |
| 922 | <P><UL><LI><STRONG><EM><A HREF="http://dnsbl.njabl.org/" NAME="AboutNJABLDULCHECK">NJABL Dial-Up and Dynamic IP Ranges</A></EM></STRONG>. Blocklist of dynamically-assigned IP ranges, usually used for dial-up and low-end DSL and CableModem connections. Well-maintained and effective. Disabled by default. You can enable this blocklist by setting the <STRONG><CODE>NJABLDULCHECK</CODE></STRONG> variable to <CODE>yes</CODE> in your .procmailrc.</LI></UL></P> |
| 923 | |
| 924 | <P><UL><LI><STRONG><EM><A HREF="http://www.mail-abuse.org/dul/" NAME="DUL">MAPS Dial-Up List (DUL)</A></EM></STRONG>. Blocklist of dynamic IP addresses assigned to dial-up users. Now a pay service and available only if you have subscribed. Enable this blocklist by setting the <STRONG><CODE>DULCHECK</CODE></STRONG> variable to <CODE>yes</CODE>.(<STRONG>NOTE:</STRONG> If you enable this blocklist without first subscribing to it, all queries against it will result in a negative response. No spam will be detected.)</LI></UL></P> |
| 925 | |
| 926 | <P><UL><LI><STRONG><EM><A HREF="http://www.five-ten-sg.com/blackhole.php" NAME="FTSGDial">Five-Ten-SG Dial-up List</A></EM></STRONG>. Blocklist of dynamic IP addresses assigned to dial-up, cable modem, and DSL users. Similar to the NJABL Dial-Up and Dynamic IP Ranges blocklist, but more aggressive. Enable this blocklist by setting the <STRONG><CODE>FTSGDIALCHECK</CODE></STRONG> variable to <CODE>yes</CODE>.</LI></UL></P> |
| 927 | |
| 928 | <P><UL><LI><STRONG><EM><A HREF="http://www.dnsbl.us.sorbs.net/" NAME="AboutSORBSDYNCHECK">SORBS Dynamic IP Ranges blocklist</A></EM></STRONG>. Blocklist of dynamically-assigned IPs and IP ranges assigned temporarily to dial-up Internet users or users with low-end broadband access. Enable this blocklist by setting the <STRONG><CODE>SORBSDYNCHECK</CODE></STRONG> variable to <CODE>yes</CODE>.</LI></UL></P> |
| 929 | |
| 930 | <P><STRONG><FONT COLOR="#800000" FACE="Arial,Helvetica,Geneva,Sans-Serif">Insecure Web Forms</FONT></STRONG>. These blocklists list the IP addresses of web servers that have insecure web forms or scripts that allow any user to send email to any other user, such as old versions of <CODE>formmail.pl</CODE>. Email from such web servers is likely to be spam. While none of these blocklists is enabled by default, I recommend enabling one or more of them.</P> |
| 931 | |
| 932 | <P><UL><LI><STRONG><EM><A HREF="http://www.five-ten-sg.com/blackhole.php" NAME="FTSGWebForm">Five-Ten-SG Insecure Web Form List</A></EM></STRONG>. Blocklist of web sites that run insecure web forms, such as <CODE>formmail.pl</CODE>, that are abused by spammers to send spam. Enable this blocklist by setting the <STRONG><CODE>FTSGWEBFORMCHECK</CODE></STRONG> variable to <CODE>yes</CODE>.</LI></UL></P> |
| 933 | |
| 934 | <P><UL><LI><STRONG><EM><A HREF="http://dnsbl.njabl.org/" NAME="AboutNJABLCGICHECK">NJABL Insecure Web Forms blocklist</A></EM></STRONG>. Blocklist of IP addresses of web servers that contain insecure web forms that can be used to spam. Well-maintained and effective. Disabled by default. You can enable this blocklist by setting the <STRONG><CODE>NJABLCGICHECK</CODE></STRONG> variable to <CODE>yes</CODE> in your .procmailrc.</LI></UL></P> |
| 935 | |
| 936 | <P><UL><LI><STRONG><EM><A HREF="http://www.ahbl.org/" NAME="AboutAHBLCGICHECK">AHBL Formmail Spam List.</A></EM></STRONG> This blocklists contains the IPs of web hosts with insecure formmail scripts that are abused by spammers. To enable this blocklist, you must set <STRONG><CODE>AHBLCGICHECK=yes</CODE></STRONG> in your <STRONG><CODE>.procmailrc</CODE></STRONG> file. This blocklist is disabled by default.</LI></UL></P> |
| 937 | |
| 938 | <P><UL><LI><STRONG><EM><A HREF="http://www.dnsbl.us.sorbs.net/" NAME="AboutSORBSCGICHECK">SORBS Insecure Web Servers blocklist</A></EM></STRONG>. Blocklist of web servers that host insecure CGI scripts, other types of insecure scripts that can be abused by spammers, or that are compromised by a virus or trojan. Enable this blocklist by setting the <STRONG><CODE>SORBSCGICHECK</CODE></STRONG> variable to <CODE>yes</CODE>.</LI></UL></P> |
| 939 | |
| 940 | <P><STRONG><FONT COLOR="#800000" FACE="Arial,Helvetica,Geneva,Sans-Serif">Open Proxies</FONT></STRONG>. An open proxy is a proxy server that accepts anonymous connections from anyone on the Internet. Open proxys are abused by spammers to hide the origin of outgoing spam. None of the open proxy blocklists below is enabled by default, but I recommend that you enable one or more of them.</P> |
| 941 | |
| 942 | <P><UL><LI><STRONG><EM><A HREF="http://dnsbl.njabl.org/" NAME="AboutNJABLPROXYCHECK">NJABL Open Proxies</A></EM></STRONG>. Blocklist of IP addresses of web servers that run open proxies. Well-maintained and effective. Disabled by default. You can enable this blocklist by setting the <STRONG><CODE>NJABLPROXYCHECK</CODE></STRONG> variable to <CODE>yes</CODE> in your .procmailrc.</LI></UL></P> |
| 943 | |
| 944 | <P><UL><LI><STRONG><EM><A HREF="http://www.blitzed.org/bopm/" NAME="AboutOPMBLITZEDCHECK">Blitzed.org Open Proxy Monitor (BOPM) List</A></EM></STRONG> Lists all types of open proxies. To enable this blocklist, you must set <STRONG><CODE>OPMBLITZEDCHECK=yes</CODE></STRONG> in your <STRONG><CODE>.procmailrc</CODE></STRONG> file. This blocklist is disabled by default.</LI></UL></P> |
| 945 | |
| 946 | <P><UL><LI><STRONG><EM><A HREF="http://www.ahbl.org/" NAME="AboutAHBLPROXYCHECK">AHBL Open Proxies List.</A></EM></STRONG> Lists all types of open proxies. To enable this blocklist, you must set <STRONG><CODE>AHBLPROXYCHECK=yes</CODE></STRONG> in your <STRONG><CODE>.procmailrc</CODE></STRONG> file. This blocklist is disabled by default.</LI></UL></P> |
| 947 | |
| 948 | <P><UL><LI><STRONG><EM><A HREF="http://www.dnsbl.us.sorbs.net/" NAME="AboutSORBSPROXYCHECK">SORBS Open HTTP Proxy Servers blocklist</A></EM></STRONG>. Blocklist of open HTTP proxies. Enable this blocklist by setting the <STRONG><CODE>SORBSPROXYCHECK</CODE></STRONG> variable to <CODE>yes</CODE>.</LI></UL></P> |
| 949 | |
| 950 | <P><UL><LI><STRONG><EM><A HREF="http://www.dnsbl.us.sorbs.net/" NAME="AboutSORBSSOCKSCHECK">SORBS Open Socks Proxy Servers blocklist</A></EM></STRONG>. Blocklist of open Socks Proxy servers. Enable this blocklist by setting the <STRONG><CODE>SORBSSOCKSCHECK</CODE></STRONG> variable to <CODE>yes</CODE>.</LI></UL></P> |
| 951 | |
| 952 | <P><UL><LI><STRONG><EM><A HREF="http://www.dnsbl.us.sorbs.net/" NAME="AboutSORBSPROXY2CHECK">SORBS Other Open Proxies blocklist</A></EM></STRONG>. Blocklist of other types of open proxies. Enable this blocklist by setting the <STRONG><CODE>SORBSPROXY2CHECK</CODE></STRONG> variable to <CODE>yes</CODE>.</LI></UL></P> |
| 953 | |
| 954 | <P><STRONG><FONT COLOR="#800000" FACE="Arial,Helvetica,Geneva,Sans-Serif">Other Spam Support</FONT></STRONG>. The blocklists below contain the IP addresses of sites that host bulk email servers that don't properly confirm subscriptions, and that have other spam-related problems.</P> |
| 955 | |
| 956 | <P><UL><LI><STRONG><EM><A HREF="http://www.five-ten-sg.com/blackhole.php" NAME="FTSGOptOut">Five-Ten-SG Opt-Out Lists</A></EM></STRONG>. Blocklist of sites that host bulk email servers that don't properly confirm subscriptions. Enable this blocklist by setting the <STRONG><CODE>FTSGOPTOUTCHECK</CODE></STRONG> variable to <CODE>yes</CODE>.</LI></UL></P> |
| 957 | |
| 958 | <P><UL><LI><STRONG><EM><A HREF="http://www.completewhois.com/bogons/index.htm" NAME="CWhoisBogons">CompleteWhois Bogons blocklist</A></EM></STRONG>. Blocklist of unallocated IP ranges and IANA reserved IP ranges, none of which should ever appear in email. Enable this blocklist by setting the <STRONG><CODE>CWHOISBOGONCHECK</CODE></STRONG> variable to <CODE>yes</CODE>.</LI></UL></P> |
| 959 | |
| 960 | <P><UL><LI><STRONG><EM><A HREF="http://www.completewhois.com/hijacked/index.htm" NAME="CWhoisHijackd">CompleteWhois Hijacked Netblocks blocklist</A></EM></STRONG>. Blocklist of IP ranges that have been hijacked and are controlled by users other than the registered owners. Enable this blocklist by setting the <STRONG><CODE>CWHOISHIJACKCHECK</CODE></STRONG> variable to <CODE>yes</CODE>.</LI></UL></P> |
| 961 | |
| 962 | <P><UL><LI><STRONG><EM><A HREF="http://www.ahbl.org/" NAME="AboutAHBLDDOSCHECK">AHBL Compromised Systems List.</A></EM></STRONG> This blocklist lists the IPs of computers that are sources of Distributed Denial of Service (DDOS) attacks, viruses or worms, or that appear to be hacked or infected with a trojan that allows spammers to send spam through them. To enable this blocklist, you must set <STRONG><CODE>AHBLDDOSCHECK=yes</CODE></STRONG> in your <STRONG><CODE>.procmailrc</CODE></STRONG> file. This blocklist is disabled by default.</LI></UL></P> |
| 963 | |
| 964 | <P><UL><LI><STRONG><EM><A HREF="http://www.dnsbl.us.sorbs.net/" NAME="AboutSORBSZOMBIECHECK">SORBS Zombie Netblocks blocklist</A></EM></STRONG>. Blocklist of IP ranges that have been hijacked and are controlled by users other than the registered owner. Enable this blocklist by setting the <STRONG><CODE>SORBSZOMBIECHECK</CODE></STRONG> variable to <CODE>yes</CODE>.</LI></UL></P> |
| 965 | |
| 966 | <P><UL><LI><STRONG><EM><A HREF="http://www.five-ten-sg.com/blackhole.php" NAME="FTSGIgnore">Five-Ten-SG Ignores Spam Complaints List</A></EM></STRONG>. Blocklist of sites that do not respond to spam complaints. When I last checked, most of Sprint was listed here, among other major sites -- I do not recommend using this blocklist unless you want to block a lot of legitimate email. (Sites that don't respond to spam complaints <STRONG>should</STRONG> be blacklisted, but it is not practical to do so at present.) Enable this blocklist by setting the <STRONG><CODE>FTSGIGNORECHECK</CODE></STRONG> variable to <CODE>yes</CODE>.</LI></UL></P> |
| 967 | |
| 968 | <P><UL><LI><STRONG><EM><A HREF="http://www.five-ten-sg.com/blackhole.php" NAME="FTSGOther">Five-Ten-SG Other Issues</A></EM></STRONG>. Blocklist of sites with other, unspecified spam-support issues. Since I could not determine what sites were on this list or what the criteria were for inclusion, I do not recommend using this list. Enable this blocklist by setting the <STRONG><CODE>FTSGOTHERCHECK</CODE></STRONG> variable to <CODE>yes</CODE>.</LI></UL></P> |
| 969 | |
| 970 | <P><STRONG><FONT COLOR="#800000" FACE="Arial,Helvetica,Geneva,Sans-Serif"><A NAME="RFCIGNORANT">RFC-Ignorant.org</A></FONT></STRONG>. The <STRONG><CODE>rfc-ignorant.org</CODE></STRONG> blocklists are unique -- they target computer systems and services that do not properly implement the RFCs (the "building blocks" of the Internet), rather than those that send spam. Systems that do not implement the RFCs properly often are misconfigured in other ways and therefore easily abused by spammers. In addition, many of these systems lack any publicly available, valid email addresses that you can use to contact the system administrator when there's a problem.</P> |
| 971 | |
| 972 | <P>There are five blocklists on <CODE>rfc-ignorant.org</CODE>.</P> |
| 973 | |
| 974 | <P><UL><LI><STRONG><EM><A HREF="http://www.rfc-ignorant.org/">abuse.rfc-ignorant.org</A></EM></STRONG>. Blocklist of domains that have no valid abuse@ address. Enable this blocklist by setting the <STRONG><CODE>RFCABUSECHECK</CODE></STRONG> variable to <CODE>yes</CODE>.</LI></UL></P> |
| 975 | |
| 976 | <P><UL><LI><STRONG><EM><A HREF="http://www.rfc-ignorant.org/">dsn.rfc-ignorant.org</A></EM></STRONG>. Blocklist of domains that reject bounces -- automatic error messages generated by mail servers when email is sent to a non-existent address or domain. Enable this blocklist by setting the <STRONG><CODE>RFCDSNCHECK</CODE></STRONG> variable to <CODE>yes</CODE>.</LI></UL></P> |
| 977 | |
| 978 | <P><UL><LI><STRONG><EM><A HREF="http://www.rfc-ignorant.org/">ipwhois.rfc-ignorant.org</A></EM></STRONG>. Blocklist of IP blocks with no or invalid whois information. Enable this blocklist by setting the <STRONG><CODE>RFCIPWHOISCHECK</CODE></STRONG> variable to <CODE>yes</CODE>.</LI></UL></P> |
| 979 | |
| 980 | <P><UL><LI><STRONG><EM><A HREF="http://www.rfc-ignorant.org/">postmaster.rfc-ignorant.org</A></EM></STRONG>. Blocklist of domains that have no postmaster@ address. Enable this blocklist by setting the <STRONG><CODE>RFCPOSTMASTERCHECK</CODE></STRONG> variable to <CODE>yes</CODE>.</LI></UL></P> |
| 981 | |
| 982 | <P><UL><LI><STRONG><EM><A HREF="http://www.rfc-ignorant.org/">whois.rfc-ignorant.org</A></EM></STRONG>. Blocklist of domains that have no or invalid whois information. Enable this blocklist by setting the <STRONG><CODE>RFCWHOISCHECK</CODE></STRONG> variable to <CODE>yes</CODE>.</LI></UL></P> |
| 983 | |
| 984 | <P><STRONG><FONT COLOR="#800000" FACE="Arial,Helvetica,Geneva,Sans-Serif">All-In-One Blocklists</FONT></STRONG>. The following list is the Swiss Army knives of blocklists -- it contain multiple types of listings. SPEWS is not enabled by default in the SpamBouncer; it is extremely aggressive and, unless you configure your system carefully, you are likely to block legitimate email by using it. I feel that most users will do better using a judicious selection of the other, more narrowly focused blocklists. I personally use SPEWS, however, in addition to other Spam Sources lists, because it often lists a spammer who moved to a new ISP before the other lists do.</P> |
| 985 | |
| 986 | <P><UL><LI><STRONG><EM><A HREF="http://cbl.abuseat.org" NAME="CBL">Combined Blocklist (CBL)</A></EM></STRONG>. The CBL is a combined blocklist that draws from a number of other blocklists, and that contains spam sources, open relays, open proxies, and other frequently abused sites. If you want a single, reliable, and relatively conservative blocklist, this or the EasyNet blocklist (discussed next) are your best bets. You can disable this blocklist by setting the <STRONG><CODE>CBLCHECK</CODE></STRONG> variable to <CODE>no</CODE>, but I recommend leaving it enabled.</LI></UL></P> |
| 987 | |
| 988 | <P><UL><LI><STRONG><EM><A HREF="http://www.spews.org/">Spam Prevention Early Warning System (SPEWS)</A></EM></STRONG>. Blocklist of sites that either are spamming actively or that the SPEWS maintainers believe are likely to spam, based on past experience. This is another "Swiss Army knife" blocklist that is aggressive and may result in substantial quantities of legitimate email being classified as possible spam. There are actually two SPEWS blocklists. The Level 1 blocklist contain only IPs and IP ranges that the SPEWS maintainers believe belong to or are completely controlled by spammers. The Level 2 blocklist contains sites that the SPEWS maintainers believe are "spam friendly", but that also contain non-spamming users. Enable the SPEWS Level 1 blocklist by setting the <STRONG><CODE>SPEWSCHECK</CODE></STRONG> variable to <CODE>yes</CODE>. Enable the SPEWS Level 2 blocklist by setting the <STRONG><CODE>SPEWSL2CHECK</CODE></STRONG> variable to <CODE>yes</CODE>.</LI></UL></P> |
| 989 | |
| 990 | <H3><A NAME="DefaultVariableSettings">A Quick List of Variables and Default Settings</A></H3> |
| 991 | |
| 992 | <P>This section contains a quick list of all variables supported by the SpamBouncer, with each with its default setting. A complete list of each variable, a description of what it does, and all available settings, can be found in the following section.</P> |
| 993 | |
| 994 | <PRE> <STRONG><FONT COLOR="#FF0000">DEFAULT={NO DEFAULT} |
| 995 | FORMAIL={NO DEFAULT} |
| 996 | SBDIR={NO DEFAULT}</FONT></STRONG> |
| 997 | ADMINFOLDER=${DEFAULT} |
| 998 | AHBLCGICHECK=no |
| 999 | AHBLDDOSCHECK=no |
| 1000 | AHBLDOMAINCHECK=no |
| 1001 | AHBLEXEMPTCHECK=no |
| 1002 | AHBLPROXYCHECK=no |
| 1003 | AHBLPSSLCHECK=no |
| 1004 | AHBLRELAYCHECK=no |
| 1005 | AHBLSPAMCHECK=no |
| 1006 | ALTFROM=${LOGNAME}@${HOST} |
| 1007 | ALWAYSBLOCK=NONE |
| 1008 | ARABIC=no |
| 1009 | BASE64BLOCK=yes |
| 1010 | BLOCKFOLDER=${DEFAULT} |
| 1011 | BLOCKLEVEL=5 |
| 1012 | BLOCKREPLY=SILENT |
| 1013 | BULKFOLDER=${DEFAULT} |
| 1014 | BYPASSWD=syzygy |
| 1015 | CBLCHECK=yes |
| 1016 | CHINESE=no |
| 1017 | CHMEXPLOITCHECKING=yes |
| 1018 | CSLIDCHECKING=yes |
| 1019 | CWHOISBOGONCHECK=no |
| 1020 | CWHOISHIJACKCHECK=no |
| 1021 | CYRILLIC=no |
| 1022 | DATE=date |
| 1023 | DEBUG=no |
| 1024 | DOMAIN=`domainname` |
| 1025 | DORKSLCHECK=no |
| 1026 | DSBLCHECK=no |
| 1027 | DSBLMULTICHECK=no |
| 1028 | DULCHECK=no |
| 1029 | ECHO=echo |
| 1030 | EXECHECKING=yes |
| 1031 | EXEDOCCHECKING=yes |
| 1032 | EXELINKCHECKING=yes |
| 1033 | FILTER=no |
| 1034 | FREEMAIL=INTERNAL |
| 1035 | FREEWEB=yes |
| 1036 | FTSGDIALCHECK=no |
| 1037 | FTSGIGNORECHECK=no |
| 1038 | FTSGMULTICHECK=no |
| 1039 | FTSGOPTOUTCHECK=no |
| 1040 | FTSGOTHERCHECK=no |
| 1041 | FTSGRSSCHECK=no |
| 1042 | FTSGSRCCHECK=no |
| 1043 | FTSGWEBFORMCHECK=no |
| 1044 | GARBLEDCHARSET=yes |
| 1045 | GLOBALNOBOUNCE=NONE |
| 1046 | GREEK=no |
| 1047 | GREP=fgrep |
| 1048 | HABEASINFRINGERS=no |
| 1049 | HABEASVERIFIED=no |
| 1050 | HEBREW=no |
| 1051 | HTMLBLOCK=no |
| 1052 | IBSCHECK=no |
| 1053 | IFRAMECHECKING=yes |
| 1054 | JAPANESE=no |
| 1055 | KOREAN=no |
| 1056 | LANGFILTER=yes |
| 1057 | LEAN=yes |
| 1058 | LEGITLISTS=NONE |
| 1059 | LOCALHOSTFILE=${HOME}/.localhostfile |
| 1060 | MHDELIVER='/usr/lib/mh/rcvstore +' |
| 1061 | MYEMAIL=${HOME}/.myemail |
| 1062 | NJABLCGICHECK=no |
| 1063 | NJABLDULCHECK=yes |
| 1064 | NJABLMULTICHECK=no |
| 1065 | NJABLPROXYCHECK=yes |
| 1066 | NJABLRSSCHECK=no |
| 1067 | NJABLSRCCHECK=no |
| 1068 | NOBOUNCE=${HOME}/.nobounce |
| 1069 | NOLOOP=${ALTFROM} |
| 1070 | NSLOOKUP=nslookup |
| 1071 | NUKEBOUNCES=no |
| 1072 | OPMBLITZEDCHECK=no |
| 1073 | ORDBCHECK=no |
| 1074 | OUTLOOKTAGGING=no |
| 1075 | PATTERNMATCHING=SILENT |
| 1076 | RBLCHECK=no |
| 1077 | RFCABUSECHECK=no |
| 1078 | RFCDSNCHECK=no |
| 1079 | RFCIPWHOISCHECK=no |
| 1080 | RFCPOSTMASTERCHECK=no |
| 1081 | RFCWHOISCHECK=no |
| 1082 | RM=rm |
| 1083 | RSLCHECK=no |
| 1084 | RSSCHECK=no |
| 1085 | RUSSIAN=no |
| 1086 | SBDEBUG=no |
| 1087 | SBDELIVERY=FILE |
| 1088 | SBSHELL='/bin/sh -c' |
| 1089 | SBTEMP=/tmp |
| 1090 | SBTRAP=NONE |
| 1091 | SCRIPTCHECKING=yes |
| 1092 | SED=sed |
| 1093 | SENDMAIL=/usr/sbin/sendmail |
| 1094 | SORBSCGICHECK=no |
| 1095 | SORBSDYNCHECK=no |
| 1096 | SORBSPROXYCHECK=no |
| 1097 | SORBSPROXY2CHECK=no |
| 1098 | SORBSRELAYCHECK=no |
| 1099 | SORBSSOCKSCHECK=no |
| 1100 | SORBSSPAMCHECK=no |
| 1101 | SORBSZOMBIECHECK=no |
| 1102 | SPAMCOPCHECK=no |
| 1103 | SPAMFOLDER=${DEFAULT} |
| 1104 | SPAMHAUSORGCHECK=yes |
| 1105 | SPAMLEVEL=10 |
| 1106 | SPAMREPLY=SILENT |
| 1107 | SPEWSCHECK=no |
| 1108 | SPEWSL2CHECK=no |
| 1109 | TEST=test |
| 1110 | THISISP=${HOST} |
| 1111 | TURKISH=no |
| 1112 | VIRUSCHECKING=yes |
| 1113 | VIRUSFOLDER=${SPAMFOLDER} |
| 1114 | WOTCHECK=no |
| 1115 | ZIPCHECKING=no |
| 1116 | </PRE> |
| 1117 | |
| 1118 | <P>The variables are shown with the default values which the SpamBouncer will assign if they are not already set in your <CODE>.procmailrc</CODE> file. These defaults will prevent problems, but also will cause the SpamBouncer not to do very much. So you want to set the correct variables for your system and account.</P> |
| 1119 | |
| 1120 | <H3><A NAME="CompleteSpamBouncerVariables">A Comprehensive Description of All Variables</A></H3> |
| 1121 | |
| 1122 | <P>This section contains a description of each configuration variable in the SpamBouncer, what it does, and what the valid values for it are. Many of these variables have default settings that will work for the vast majority of users; you should not need to set most of them in your <CODE>.procmailrc</CODE> file. If a SpamBouncer feature is not working properly, though, setting the correct variable may fix the problem.</P> |
| 1123 | |
| 1124 | <P><FONT COLOR="#FF0000">Please note that those variables in red have no defaults and <STRONG>MUST BE SET</STRONG> or the SpamBouncer will simply pass all your mail on to you unfiltered!</FONT></P> |
| 1125 | |
| 1126 | <P><DL><DT><FONT COLOR="#FF0000"><STRONG><A NAME="varDEFAULT">DEFAULT</A></STRONG></FONT></DT> |
| 1127 | |
| 1128 | <DD>The email inbox to which your system delivers mail by default, or (if you use your shell account to read mail) to which you want your mail delivered by default. If you normally read email using a POP mail program, like Eudora, Internet Explorer, Netscape, or Pegasus mail, ask your system administrator for the name and location of your POP mailbox, and set DEFAULT to that path and file name.</DD></DL></P> |
| 1129 | |
| 1130 | <P><DL><DT><FONT COLOR="#FF0000"><STRONG><A NAME="varFORMAIL">FORMAIL</A></STRONG></FONT></DT> |
| 1131 | |
| 1132 | <DD>The full path to your system's copy of formail. If this is not set properly, the SpamBouncer is unable to sort and tag your email, and so will simply pass it on unfiltered to you.</DD></DL></P> |
| 1133 | |
| 1134 | <P><DL><DT><FONT COLOR="#FF0000"><STRONG><A NAME="varSBDIR">SBDIR</A></STRONG></FONT></DT> |
| 1135 | |
| 1136 | <DD>The directory where your SpamBouncer program and auxiliary files are located.</DD></DL></P> |
| 1137 | |
| 1138 | <P><DL><DT><STRONG><A NAME="varADMINFOLDER">ADMINFOLDER</A></STRONG></DT> |
| 1139 | |
| 1140 | <DD>ADMINFOLDER is for mail from mailer daemons (usually bounced mail -- mail that could not be delivered), and for mail from administrative addresses like root, admin, sysadmin, and abuse. Shell readers will want to set this to an appropriate folder separate from their DEFAULT folder. (I use admin.incoming.) POP mail readers should set this to DEFAULT, and use their POP program's filters to sort it into a separate folder after downloading.</DD></DL></P> |
| 1141 | |
| 1142 | <P><DL><DD>ADMINFOLDER is set to your DEFAULT mailbox by default.</DD></DL></P> |
| 1143 | |
| 1144 | <P><DL><DT><STRONG><A NAME="varAHBLCGICHECK">AHBLCGICHECK</A></STRONG></DT> |
| 1145 | |
| 1146 | <DD>If set to <CODE>yes</CODE>, tells the SpamBouncer to check the Abusive Hosts Blocking List (AHBL) to see if an IP hosts a web server that contains an insecure formmail script, and block email sent to your system via one of these IP addresses. See the <STRONG><A HREF="#AboutAHBLCGICHECK">AHBL Formmail List entry</A></STRONG> for more information about this blocklist and how to use it.</DD></DL></P> |
| 1147 | |
| 1148 | <P><DL><DT><STRONG><A NAME="varAHBLDDOSCHECK">AHBLDDOSCHECK</A></STRONG></DT> |
| 1149 | |
| 1150 | <DD>If set to <CODE>yes</CODE>, tells the SpamBouncer to check the Abusive Hosts Blocking List (AHBL) to see if an IP belongs to a computer that is running a trojan program or is virus-infected, and block email sent to your system via one of these IP addresses. See the <STRONG><A HREF="#AboutAHBLDDOSCHECK">AHBL Compromised Hosts entry</A></STRONG> for more information about this blocklist and how to use it.</DD></DL></P> |
| 1151 | |
| 1152 | <P><DL><DD>AHBLDDOSCHECK is set to <CODE>no</CODE> by default.</DD></DL></P> |
| 1153 | |
| 1154 | <P><DL><DT><STRONG><A NAME="varAHBLEXEMPTCHECK">AHBLEXEMPTCHECK</A></STRONG></DT> |
| 1155 | |
| 1156 | <DD>If set to <CODE>yes</CODE>, tells the SpamBouncer to check the Abusive Hosts Blocking List (AHBL) to see if an IP belongs to a computer that is running a trojan program or is virus-infected, and block email sent to your system via one of these IP addresses. See the <STRONG><A HREF="#AboutAHBLEXEMPTCHECK">AHBL Exemptions whitelist entry</A></STRONG> for more information about this whitelist and how to use it.</DD></DL></P> |
| 1157 | |
| 1158 | <P><DL><DD>AHBLEXEMPTCHECK is set to <CODE>no</CODE> by default.</DD></DL></P> |
| 1159 | |
| 1160 | <P><DL><DT><STRONG><A NAME="varAHBLPROXYCHECK">AHBLPROXYCHECK</A></STRONG></DT> |
| 1161 | |
| 1162 | <DD>If set to <CODE>yes</CODE>, tells the SpamBouncer to check the Abusive Hosts Blocking List (AHBL) to see if an IP belongs to a computer that is running a trojan program or is virus-infected, and block email sent to your system via one of these IP addresses. See the <STRONG><A HREF="#AboutAHBLPROXYCHECK">AHBL Open Proxies entry</A></STRONG> for more information about this blocklist and how to use it.</DD></DL></P> |
| 1163 | |
| 1164 | <P><DL><DD>AHBLPROXYCHECK is set to <CODE>no</CODE> by default.</DD></DL></P> |
| 1165 | |
| 1166 | <P><DL><DT><STRONG><A NAME="varAHBLPSSLCHECK">AHBLPSSLCHECK</A></STRONG></DT> |
| 1167 | |
| 1168 | <DD>If set to <CODE>yes</CODE>, tells the SpamBouncer to check the Abusive Hosts Blocking List (AHBL) to see if an IP belongs to a computer that is running a trojan program or is virus-infected, and block email sent to your system via one of these IP addresses. See the <STRONG><A HREF="#AboutAHBLPSSLCHECK">AHBL Provisional Spam Source Listing entry</A></STRONG> for more information about this blocklist and how to use it.</DD></DL></P> |
| 1169 | |
| 1170 | <P><DL><DD>AHBLPSSLCHECK is set to <CODE>no</CODE> by default.</DD></DL></P> |
| 1171 | |
| 1172 | <P><DL><DT><STRONG><A NAME="varAHBLRELAYCHECK">AHBLRELAYCHECK</A></STRONG></DT> |
| 1173 | |
| 1174 | <DD>If set to <CODE>yes</CODE>, tells the SpamBouncer to check the Abusive Hosts Blocking List (AHBL) to see if an IP belongs to a computer that is running a trojan program or is virus-infected, and block email sent to your system via one of these IP addresses. See the <STRONG><A HREF="#AboutAHBLRELAYCHECK">AHBL Open Relays entry</A></STRONG> for more information about this blocklist and how to use it.</DD></DL></P> |
| 1175 | |
| 1176 | <P><DL><DD>AHBLRELAYCHECK is set to <CODE>no</CODE> by default.</DD></DL></P> |
| 1177 | |
| 1178 | <P><DL><DT><STRONG><A NAME="varAHBLSPAMCHECK">AHBLSPAMCHECK</A></STRONG></DT> |
| 1179 | |
| 1180 | <DD>If set to <CODE>yes</CODE>, tells the SpamBouncer to check the Abusive Hosts Blocking List (AHBL) to see if an IP belongs to a computer that is running a trojan program or is virus-infected, and block email sent to your system via one of these IP addresses. See the <STRONG><A HREF="#AboutAHBLSPAMCHECK">AHBL Spam Sources entry</A></STRONG> for more information about this blocklist and how to use it.</DD></DL></P> |
| 1181 | |
| 1182 | <P><DL><DD>AHBLSPAMCHECK is set to <CODE>no</CODE> by default.</DD></DL></P> |
| 1183 | |
| 1184 | <P><DL><DT><STRONG><A NAME="varALTFROM">ALTFROM</A></STRONG></DT> |
| 1185 | |
| 1186 | <DD>ALTFROM should be set to a valid address that you will use for the notifications, bounces, and complaints sent by the SpamBouncer. It is wise to set this to an email address that you do not use for another purpose, and preferably one that does not forward to your main email address. Some ISPs forward spam complaints to their spamming customers. Spammers often add the addresses of complaining users to a list of known "live" email addresses and sell them to other spammers. Some spammers also retaliate against complainers in various ways. It is best to avoid giving out your usual email address when complaining about spam.</DD></DL></P> |
| 1187 | |
| 1188 | <P><DL><DD>I recommend using an account at a free email site, like Hotmail or Yahoo, for this purpose. You can check it occasionally for responses to your complaints. If it gets on too many spam lists, you can close it and open a new one.</DD></DL></P> |
| 1189 | |
| 1190 | <P><DL><DD>ALTFROM is set to ${USER}@${HOST}.${DOMAIN} by default.</DD></DL></P> |
| 1191 | |
| 1192 | <P><DL><DT><STRONG><A NAME="varALWAYSBLOCK">ALWAYSBLOCK</A></STRONG></DT> |
| 1193 | |
| 1194 | <DD>If set to point to a file, tells the SpamBouncer where to find your <CODE>ALWAYSBLOCK</CODE> file, a text file of email addresses and domains whose email you want to place in your BLOCKFOLDER without further filtering and without notifying the sender that his email was blocked.</DD></DL></P> |
| 1195 | |
| 1196 | <P><DL><DD>ALWAYSBLOCK is set to NONE by default, and must be explicitly enabled if you want to use it.</DD></DL></P> |
| 1197 | |
| 1198 | <P><DL><DD><STRONG><FONT COLOR="#FF0000">WARNING! ALWAYSBLOCK IS DANGEROUS IF MISUSED.</FONT></STRONG> If you put a blank line in your ALWAYSBLOCK file, it will match every incoming email it sees. If you put a partial email address or entire domain in your ALWAYSBLOCK file, it may match email that you did not intend to block. The same code is used as with the NOBOUNCE file, and the same precautions apply, except that the consequences of a mistake are greater, especially if your BLOCKFOLDER is set to <CODE>/dev/null</CODE>. (I highly recommend against doing that.) Use ALWAYSBLOCK at your own risk -- and be careful!</DD></DL></P> |
| 1199 | |
| 1200 | <P><DL><DD>If you want to keep a local list of email addresses from which you do not want to receive any email, set ALWAYSBLOCK to point to the directory and filename where you keep that file. I suggest naming the file <CODE>.alwaysblock</CODE> and keeping it in your home directory. If you do this, put the statement <CODE>ALWAYSBLOCK=${HOME}/.alwaysblock</CODE> in your <CODE>.procmailrc</CODE> file.</DD></DL></P> |
| 1201 | |
| 1202 | <P><DL><DD>Your ALWAYSBLOCK file (whatever you name it and wherever you put it) should contain one email address per line of text, and nothing else, like this:</DD></DL></P> |
| 1203 | |
| 1204 | <PRE> spammer@spamsite.com |
| 1205 | jerk@roguesite.net</PRE> |
| 1206 | |
| 1207 | <P><DL><DD>Please note that these names and addresses should be in plain text -- don't use Procmail regular expressions or wildcards, and don't try to escape the "." (period) using a "\" (backslash). This will just confuse the SpamBouncer and cause your ALWAYSBLOCK file not to work.</DD></DL></P> |
| 1208 | |
| 1209 | <P><DL><DT><STRONG><A NAME="varARABIC">ARABIC</A></STRONG></DT> |
| 1210 | |
| 1211 | <DD>Tells the SpamBouncer what to do with email in Arabic. Set <CODE>ARABIC=yes</CODE> if you receive email in Arabic. Otherwise, the SpamBouncer will assume that any email in Arabic is probably spam and put it in the BLOCKFOLDER.</DD></DL></P> |
| 1212 | |
| 1213 | <P><DL><DD>ARABIC is set to <CODE>no</CODE> by default.</DD></DL></P> |
| 1214 | |
| 1215 | <P><DL><DT><STRONG><A NAME="varBASE64BLOCK">BASE64BLOCK</A></STRONG></DT> |
| 1216 | |
| 1217 | <DD>Tells the SpamBouncer to negatively score text or HTML email that uses Base64 encoding, and that does not use a character set that requires or benefits from that encoding. Legitimate email in Unicode normally uses Base64 encoding, and email in a number of Asian languages often does as well, so Base64-encoded email that is in Unicode or a Chinese, Japanese, or Korean charset is not scored negatively. Set <CODE>BASE64BLOCK=no</CODE> to prevent the SpamBouncer from negatively scoring any email that uses Base64 encoding.</DD></DL></P> |
| 1218 | |
| 1219 | <P><DL><DD>BASE64BLOCK is set to <CODE>yes</CODE> by default.</DD></DL></P> |
| 1220 | |
| 1221 | <P><DL><DT><STRONG><A NAME="varBLOCKFOLDER">BLOCKFOLDER</A></STRONG></DT> |
| 1222 | |
| 1223 | <DD>Tells the SpamBouncer where to store email that it classifies as probable spam, but not absolutely certain spam. I recommend setting the BLOCKFOLDER to a folder if you read email on your Unix server (such as <CODE>block.incoming</CODE>, or leave it set to ${DEFAULT} if you read email via a POP3 client. Users of POP3 clients can set up their local filters to put BLOCKFOLDER email into an appropriate folder in their email program so that it doesn't clutter up their inbox.</DD></DL></P> |
| 1224 | |
| 1225 | <P><DL><DD>Unix users whose clients use MAILDIR (a directory) instead of a folder to store email may set BLOCKFOLDER to a directory rather than a filename. Users with exotic ideas about spam management <grin> may also forward this email to a different address by setting the FILTER variable to yes and then writing the appropriate recipe in their <CODE>.procmailrc</CODE> file.</DD></DL></P> |
| 1226 | |
| 1227 | <P><DL><DD>BLOCKFOLDER is set to <CODE>${DEFAULT}</CODE> by default.</DD></DL></P> |
| 1228 | |
| 1229 | <P><DL><DT><STRONG><A NAME="varBLOCKLEVEL">BLOCKLEVEL</A></STRONG></DT> |
| 1230 | |
| 1231 | <DD>Tells the SpamBouncer which score to use as the threshold for considering email suspicious. Email that scores at this level or above, but not at the level set for the SPAMLEVEL, is considered suspicious. It receives an X-SBClass: Blocked header, and unless you have <STRONG><CODE>FILTER=yes</CODE></STRONG> in your <CODE>.procmailrc</CODE>, puts that email in the BLOCKFOLDER.</DD></DL></P> |
| 1232 | |
| 1233 | <P><DL><DD>BLOCKLEVEL is set to <CODE>5</CODE> by default. Increase this score to loosen the SpamBouncer's criteria for considering email suspicious; decrease it to tighten the SpamBouncer's criteria.</DD></DL></P> |
| 1234 | |
| 1235 | <P><DL><DT><STRONG><A NAME="varBLOCKREPLY">BLOCKREPLY</A></STRONG></DT> |
| 1236 | |
| 1237 | <DD>How to handle mail which the filter tags as probable spam, but which may contain some real email as well. Valid values are <STRONG><CODE>SILENT</CODE></STRONG>, which simply files the mail in the BLOCKFOLDER, and <STRONG><CODE>NOTIFY</CODE></STRONG>, which sends a notice and copy of the email back to the sender with instructions on |
| 1238 | how to bypass the SpamBouncer if the email is not spam. Very few spammers will resend their email after receiving such a notice. (Most don't even look at bounces or email sent back to them.)</DD></DL></P> |
| 1239 | |
| 1240 | <P><DL><DD>BLOCKREPLY is set to <CODE>SILENT</CODE> by default.</DD></DL></P> |
| 1241 | |
| 1242 | <P><DL><DT><STRONG><A NAME="varBULKFOLDER">BULKFOLDER</A></STRONG></DT> |
| 1243 | |
| 1244 | <DD>How to handle bulk mail which the filter does not tag as probable spam -- bulk email which is probably legitimate. If you read mail on your shell account, set this to a separate folder from your normal incoming folder, especially if you get a lot of email or are on many mailing lists, and you'll be able to find your personal mail much more easily. :) If you read email using a POP3 client, leave it set to ${DEFAULT} and use your POP client's filters to sort it into a separate folder from your personal email.</DD></DL></P> |
| 1245 | |
| 1246 | <P><DL><DD>BULKFOLDER is set to <CODE>${DEFAULT}</CODE> by default.</DD></DL></P> |
| 1247 | |
| 1248 | <P><DL><DT><STRONG><A NAME="varBYPASSWD">BYPASSWD</A></STRONG></DT> |
| 1249 | |
| 1250 | <DD>A password which, when included on the Subject: line of an email, causes the SpamBouncer to pass the mail immediately into your incoming mail box without further filtering. It allows people who happen to have accounts at ISPs which are blocked in the SpamBouncer, or whose email is being trapped by an error in the SpamBouncer, to contact you and arrange to have the problem fixed or get into your nobounce list. Change this if spammers start using it, but it is very unlikely that they will. (It never has happened to me in the three years since I started developing the SpamBouncer.)</DD></DL></P> |
| 1251 | |
| 1252 | <P><DL><DD>BYPASSWD is set to <CODE>zeugma</CODE> by default.</DD></DL></P> |
| 1253 | |
| 1254 | <P><DL><DT><STRONG><A NAME="varCBLCHECK">CBLCHECK</A></STRONG></DT> |
| 1255 | |
| 1256 | <DD>If set to <CODE>yes</CODE>, tells the SpamBouncer to check the Combined Blocklist (CBL), which lists IP addresses taken from a number of other blocklists covering spam sources, haven domains, open relays, open proxies, and other spam concerns, and block email sent to your system via one of these IP addresses. See the <STRONG><A HREF="#CBL">CBL entry</A></STRONG> for more information about this blocklist and how to use it.</DD></DL></P> |
| 1257 | |
| 1258 | <P><DL><DD>CBLCHECK is set to <CODE>yes</CODE> by default.</DD></DL></P> |
| 1259 | |
| 1260 | <P><DL><DT><STRONG><A NAME="varCHINESE">CHINESE</A></STRONG></DT> |
| 1261 | |
| 1262 | <DD>Tells the SpamBouncer what to do with email in Chinese. Set <CODE>CHINESE=yes</CODE> if you receive email in Chinese. Otherwise, the SpamBouncer will assume that any email in Chinese is probably spam and put it in the BLOCKFOLDER.</DD></DL></P> |
| 1263 | |
| 1264 | <P><DL><DD>CHINESE is set to <CODE>no</CODE> by default.</DD></DL></P> |
| 1265 | |
| 1266 | <P><DL><DT><STRONG><A NAME="varCHMEXPLOITCHECKING">CHMEXPLOITCHECKING</A></STRONG></DT> |
| 1267 | |
| 1268 | <DD>Tells the SpamBouncer whether to check for email with URLs that attack a known Internet Explorer vulnerability, and to block any email containing such a URL. To disable this feature, set <CODE>CHMEXPLOITCHECKING=no</CODE> in your <CODE>.procmailrc</CODE> file.</DD></DL></P> |
| 1269 | |
| 1270 | <P><DL><DD>CHMEXPLOITCHECKING is set to <CODE>yes</CODE> by default.</DD></DL></P> |
| 1271 | |
| 1272 | <P><DL><DT><STRONG><A NAME="varCSLIDCHECKING">CSLIDCHECKING</A></STRONG></DT> |
| 1273 | |
| 1274 | <DD>Tells the SpamBouncer whether to check for email with URLs that contain a CSLID-based link, and to block any email containing such a link. To disable this feature, set <CODE>CSLIDCHECKING=no</CODE> in your <CODE>.procmailrc</CODE> file.</DD></DL></P> |
| 1275 | |
| 1276 | <P><DL><DD>CSLIDCHECKING is set to <CODE>yes</CODE> by default.</DD></DL></P> |
| 1277 | |
| 1278 | <P><DL><DT><STRONG><A NAME="varCWHOISBOGONCHECK">CWHOISBOGONCHECK</A></STRONG></DT> |
| 1279 | |
| 1280 | <DD>If set to <CODE>yes</CODE>, tells the SpamBouncer to check the Complete Whois Bogons blocklist, which lists unallocated IP ranges and IANA reserved IP ranges, which should never appear in the headers of email. See the <STRONG><A HREF="#CWhoisBogons">Ccomplete Whois Bogons List entry</A></STRONG> for more information about this blocklist and how to use it.</DD></DL></P> |
| 1281 | |
| 1282 | <P><DL><DD>CWHOISBOGONCHECK is set to <CODE>no</CODE> by default.</DD></DL></P> |
| 1283 | |
| 1284 | <P><DL><DT><STRONG><A NAME="varCWHOISHIJACKCHECK">CWHOISHIJACKCHECK</A></STRONG></DT> |
| 1285 | |
| 1286 | <DD>If set to <CODE>yes</CODE>, tells the SpamBouncer to check the Complete Whois Hijacked Netblocks blocklist, which lists IP ranges that have been hijacked and are no longer controlled by their registered owners. See the <STRONG><A HREF="#CWhoisHijackd">Ccomplete Whois Hijacked Netblocks List entry</A></STRONG> for more information about this blocklist and how to use it.</DD></DL></P> |
| 1287 | |
| 1288 | <P><DL><DD>CWHOISHIJACKCHECK is set to <CODE>no</CODE> by default.</DD></DL></P> |
| 1289 | |
| 1290 | <P><DL><DT><STRONG><A NAME="varCYRILLIC">CYRILLIC</A></STRONG></DT> |
| 1291 | |
| 1292 | <DD>Tells the SpamBouncer what to do with email in a language that uses any Cyrillic character set except Russian. (Russian is handled separately.) Set <CODE>CYRILLIC=yes</CODE> if you receive email in a language that uses a Cyrillic alphabet. Otherwise, the SpamBouncer will assume that any email in a Cyrillic character set is probably spam and put it in the BLOCKFOLDER.</DD></DL></P> |
| 1293 | |
| 1294 | <P><DL><DD>CYRILLIC is set to <CODE>no</CODE> by default.</DD></DL></P> |
| 1295 | |
| 1296 | <P><DL><DT><STRONG><A NAME="varDATE">DATE</A></STRONG></DT> |
| 1297 | |
| 1298 | <DD>The local Unix <CODE>date</CODE> program. The <CODE>date</CODE> program is usually in a directory that is on your PATH. (The PATH variable contains a list of directories that your Unix shell searches when you tell it to run an executable program and do not provide a full path with the program name.)</DD></DL></P> |
| 1299 | |
| 1300 | <P><DL><DD>If your SpamBouncer installation is refusing to send complaints or notification emails despite your having configured it to do so, set the DATE variable to point to your system's <CODE>date</CODE> program, and that should fix the problem. If the SpamBouncer is working properly, there is no need to set this variable.</DD></DL></P> |
| 1301 | |
| 1302 | <P><DL><DD>DATE is set to <CODE>date</CODE> by default.</DD></DL></P> |
| 1303 | |
| 1304 | <P><DL><DT><STRONG><A NAME="varDEBUG">DEBUG</A></STRONG></DT> |
| 1305 | |
| 1306 | <DD><FONT COLOR="#FF0000">DEPRECATED -- DO NOT USE.</FONT> Use the <STRONG><CODE><A HREF="#varSBDEBUG">SBDEBUG</A></CODE></STRONG> variable instead to run the SpamBouncer in debugging mode.</DD></DL></P> |
| 1307 | |
| 1308 | <P><DL><DT><STRONG><A NAME="varDOMAIN">DOMAIN</A></STRONG></DT> |
| 1309 | |
| 1310 | <DD>Your system's domain. Unless you set this variable in your <CODE>.procmailrc</CODE> file, the SpamBouncer attempts to set it automatically by calling the <CODE>domainname</CODE> program that exists on many, but not all, Unix systems. Since the canonical domain for a server may or may not match the domain for which you are processing email, however, you should set this manually. Those who are filtering email for accounts at multiple domains should refer to the <STRONG><CODE><A HREF="#varLOCALHOSTFILE">LOCALHOSTFILE</A></CODE></STRONG> variable description, as well.</DD></DL></P> |
| 1311 | |
| 1312 | <P><DL><DT><STRONG><A NAME="varDSBLCHECK">DSBLCHECK</A></STRONG></DT> |
| 1313 | |
| 1314 | <DD>If set to <CODE>yes</CODE>, tells the SpamBouncer to check the DSBL Main blocklist at <STRONG><A HREF="http://dsbl.org"><http://dsbl.org></A></STRONG>, to see if an IP address or domain name is on the main dsbl.org blocklist. See the <STRONG><A HREF="#DSBL">DSBL entry</A></STRONG> for more information about this blocklist and how to use it.</DD></DL></P> |
| 1315 | |
| 1316 | <P><DL><DD>DSBLCHECK is set to <CODE>no</CODE> by default.</DD></DL></P> |
| 1317 | |
| 1318 | <P><DL><DT><STRONG><A NAME="varDSBLMULTICHECK">DSBLMULTICHECK</A></STRONG></DT> |
| 1319 | |
| 1320 | <DD>If set to <CODE>yes</CODE>, tells the SpamBouncer to check the DSBL Multihop Relays blocklist at <STRONG><A HREF="http://dsbl.org"><http://dsbl.org></A></STRONG>, to see if an IP address or domain name is on the multi-hop relays dsbl.org blocklist. See the <STRONG><A HREF="#DSBLMulti">DSBL Multi-Stage entry</A></STRONG> for more information about this blocklist and how to use it.</DD></DL></P> |
| 1321 | |
| 1322 | <P><DL><DD>DSBLMULTICHECK is set to <CODE>no</CODE> by default.</DD></DL></P> |
| 1323 | |
| 1324 | <P><DL><DT><STRONG><A NAME="varDULCHECK">DULCHECK</A></STRONG></DT> |
| 1325 | |
| 1326 | <DD>If set to <CODE>yes</CODE>, tells the SpamBouncer to check the Mail Abuse Prevention System (MAPS) Dial-Up List (DUL), which lists IP addresses that are part of ISP dial-up pools, and block email sent directly to your system from these IP addresses. See the <STRONG><A HREF="#DUL">DUL entry</A></STRONG> for more information about this blocklist and how to use it.</DD></DL></P> |
| 1327 | |
| 1328 | <P><DL><DD>DULCHECK is set to <CODE>no</CODE> by default.</DD></DL></P> |
| 1329 | |
| 1330 | <P><DL><DT><STRONG><A NAME="varECHO">ECHO</A></STRONG></DT> |
| 1331 | |
| 1332 | <DD>The local Unix <CODE>echo</CODE> program. The <CODE>echo</CODE> program is usually in a directory that is on your PATH. (The PATH variable contains a list of directories that your Unix shell searches when you tell it to run an executable program and do not provide a full path with the program name.)</DD></DL></P> |
| 1333 | |
| 1334 | <P><DL><DD>If your SpamBouncer installation is not properly renaming executable file attachment extensions, <IFRAME> tags, or <SCRIPT> tags, or if you have a domain-based blocklist enabled and it isn't working, set the ECHO variable to point to your system's <CODE>echo</CODE> program, and that should fix the problem. If the SpamBouncer is working properly, there is no need to set this variable.</DD></DL></P> |
| 1335 | |
| 1336 | <P><DL><DD>ECHO is set to <CODE>echo</CODE> by default.</DD></DL></P> |
| 1337 | |
| 1338 | <P><DL><DT><STRONG><A NAME="varEXECHECKING">EXECHECKING</A></STRONG></DT> |
| 1339 | |
| 1340 | <DD>Tells the SpamBouncer whether to check for email with embedded executable file attachments and put any such email directly into your SPAMFOLDER. To disable this feature, set <CODE>EXECHECKING=no</CODE> in your <CODE>.procmailrc</CODE> file.</DD></DL></P> |
| 1341 | |
| 1342 | <P><DL><DD>EXECHECKING is set to <CODE>yes</CODE> by default because executable attachments are so dangerous these days.</DD></DL></P> |
| 1343 | |
| 1344 | <P><DL><DT><STRONG><A NAME="varEXEDOCCHECKING">EXEDOCCHECKING</A></STRONG></DT> |
| 1345 | |
| 1346 | <DD>Tells the SpamBouncer whether to check for email with embedded document file attachments of a type that can contain executable code, to block any email containing such attachments. To enable this feature, set <CODE>EXEDOCCHECKING=yes</CODE> in your <CODE>.procmailrc</CODE> file.</DD></DL></P> |
| 1347 | |
| 1348 | <P><DL><DD>EXEDOCCHECKING is set to <CODE>no</CODE> by default.</DD></DL></P> |
| 1349 | |
| 1350 | <P><DL><DT><STRONG><A NAME="varEXELINKCHECKING">EXELINKCHECKING</A></STRONG></DT> |
| 1351 | |
| 1352 | <DD>Tells the SpamBouncer whether to check for email with links to Windows executable files, and to put such email in the BLOCKFOLDER. To enable this feature, set <CODE>EXELINKCHECKING=yes</CODE> in your <CODE>.procmailrc</CODE> file.</DD></DL></P> |
| 1353 | |
| 1354 | <P><DL><DD>EXELINKCHECKING is set to <CODE>no</CODE> by default.</DD></DL></P> |
| 1355 | |
| 1356 | <P><DL><DT><STRONG><A NAME="varFILTER">FILTER</A></STRONG></DT> |
| 1357 | |
| 1358 | <DD>If set to <CODE>yes</CODE>, tells the SpamBouncer not to file blocked email, spam, suspected virus-laden email, admin email or legitimate bulk email in the appropriate location, but to pass it on to the user along with the other email. The user must then use his/her own filters to file this email in the proper location.</DD></DL></P> |
| 1359 | |
| 1360 | <P><DL><DD>FILTER is set to <CODE>no</CODE> by default.</DD></DL></P> |
| 1361 | |
| 1362 | <P><DL><DD>The FILTER variable is intended for administrators who want to use the SpamBouncer to filter incoming email for an entire server before delivering it to individual users. The individual users can then choose whether to filter their own email using the SpamBouncer's headers, or to ignore the headers and receive their email unfiltered.</DD></DL></P> |
| 1363 | |
| 1364 | <P><DL><DT><STRONG><A NAME="varFREEMAIL">FREEMAIL</A></STRONG></DT> |
| 1365 | |
| 1366 | <DD>Tells the SpamBouncer where to find your <CODE>freemail</CODE> file, a text file of domains offering free email accounts commonly used or forged by spammers. The SpamBouncer then scores email that comes from one of these domains negatively. Email from a free account at a site with insufficient anti-spamming features is not blocked simply because it comes from a free account, but it is treated with a greater level of suspicion. You can set FREEMAIL to INTERNAL, NONE, or the name of an external file. If you set FREEMAIL to INTERNAL, the SpamBouncer uses its internal list of free email sites. If you set it to NONE, the SpamBouncer does not negatively score email that comes from free email sites.</DD></DL></P> |
| 1367 | |
| 1368 | <P><DL><DD>If you set it to an external filename, the SpamBouncer uses that file for FREEMAIL filtering. The file should be formatted in the same fashion as your LEGITLISTS, MYEMAIL, or NOBOUNCE files, with domains listed one per text line, and with no blank lines in the file.</DD></DL></P> |
| 1369 | |
| 1370 | <P><DL><DD>FREEMAIL is set to <CODE>INTERNAL</CODE> by default. </DD></DL></P> |
| 1371 | |
| 1372 | <P><DL><DD><STRONG><FONT COLOR="#FF0000">WARNING!</FONT> Do not create an empty FREEMAIL file -- that will cause all incoming email to be treated as coming from a free email address!</STRONG></DD></DL></P> |
| 1373 | |
| 1374 | <P><DL><DT><STRONG><A NAME="varFREEWEB">FREEWEB</A></STRONG></DT> |
| 1375 | |
| 1376 | <DD>Tells the SpamBouncer to score negatively any email that has URLs hosted on free web providers in the message body. A lot of spam uses free web sites to host pages that redirect to the real URL, so filtering for free web site URLs can be a useful Pattern Matching tool. Valid settings for this variable are <CODE>no</CODE> and <CODE>yes</CODE>. If you set this variable to no, the SpamBouncer does not negatively score email with URLs hosted on free web site providers.</DD></DL></P> |
| 1377 | |
| 1378 | <P><DL><DD>FREEWEB is set to <CODE>yes</CODE> by default. </DD></DL></P> |
| 1379 | |
| 1380 | <P><DL><DT><STRONG><A NAME="varFTSGDIALCHECK">FTSGDIALCHECK</A></STRONG></DT> |
| 1381 | |
| 1382 | <DD>If set to "yes", tells the SpamBouncer to check <CODE>blackholes.five-ten-sg.com</CODE>, a blocklist hosted by Five-Ten-SG.com, to see if an IP address belongs to a pool of addresses assigned to dial-up users of an ISP. See the <STRONG><A HREF="#FTSGDial">FTSG Dial-Up entry</A></STRONG> for more information about this blocklist and how to use it.</DD></DL></P> |
| 1383 | |
| 1384 | <P><DL><DD>FTSGDIALCHECK is set to <CODE>no</CODE> by default.</DD></DL></P> |
| 1385 | |
| 1386 | <P><DL><DT><STRONG><A NAME="varFTSGIGNORECHECK">FTSGIGNORECHECK</A></STRONG></DT> |
| 1387 | |
| 1388 | <DD>If set to "yes", tells the SpamBouncer to check <CODE>blackholes.five-ten-sg.com</CODE>, a blocklist hosted by Five-Ten-SG.com, to see if an IP address belongs to a company or ISP that ignores spam complaints. See the <STRONG><A HREF="#FTSGIgnore">FTSG Ignores Spam Complaints entry</A></STRONG> for more information about this blocklist and how to use it.</DD></DL></P> |
| 1389 | |
| 1390 | <P><DL><DD>FTSGIGNORECHECK is set to <CODE>no</CODE> by default.</DD></DL></P> |
| 1391 | |
| 1392 | <P><DL><DT><STRONG><A NAME="varFTSGMULTICHECK">FTSGMULTICHECK</A></STRONG></DT> |
| 1393 | |
| 1394 | <DD>If set to "yes", tells the SpamBouncer to check <CODE>blackholes.five-ten-sg.com</CODE>, a blocklist hosted by Five-Ten-SG.com, to see if an IP address belongs to an SMTP server that is itself secure, but that relays for one or more insecure SMTP servers. See the <STRONG><A HREF="#FTSGMulti">FTSG Multi-Stage Open Relays entry</A></STRONG> for more information about this blocklist and how to use it.</DD></DL></P> |
| 1395 | |
| 1396 | <P><DL><DD>FTSGMULTICHECK is set to <CODE>no</CODE> by default.</DD></DL></P> |
| 1397 | |
| 1398 | <P><DL><DT><STRONG><A NAME="varFTSGOPTOUTCHECK">FTSGOPTOUTCHECK</A></STRONG></DT> |
| 1399 | |
| 1400 | <DD>If set to "yes", tells the SpamBouncer to check <CODE>blackholes.five-ten-sg.com</CODE>, a blocklist hosted by Five-Ten-SG.com, to see if an IP address belongs to an email list server that adds email addresses to its lists without first properly confirming that the user wants to be on that list. See the <STRONG><A HREF="#FTSGOptOut">FTSG Opt-Out Lists entry</A></STRONG> for more information about this blocklist and how to use it.</DD></DL></P> |
| 1401 | |
| 1402 | <P><DL><DD>FTSGOPTOUTCHECK is set to <CODE>no</CODE> by default.</DD></DL></P> |
| 1403 | |
| 1404 | <P><DL><DT><STRONG><A NAME="varFTSGOTHERCHECK">FTSGOTHERCHECK</A></STRONG></DT> |
| 1405 | |
| 1406 | <DD>If set to "yes", tells the SpamBouncer to check <CODE>blackholes.five-ten-sg.com</CODE>, a blocklist hosted by Five-Ten-SG.com, to see if an IP address belongs to a server with which there are other, undefined spam-related problems that the maintainers of the Five-Ten-SG blocklist feel warrant blacklisting. See the <STRONG><A HREF="#FTSGOther">FTSG Other Issues entry</A></STRONG> for more information about this blocklist and how to use it.</DD></DL></P> |
| 1407 | |
| 1408 | <P><DL><DD>FTSGOTHERCHECK is set to <CODE>no</CODE> by default.</DD></DL></P> |
| 1409 | |
| 1410 | <P><DL><DT><STRONG><A NAME="varFTSGRSSCHECK">FTSGRSSCHECK</A></STRONG></DT> |
| 1411 | |
| 1412 | <DD>If set to "yes", tells the SpamBouncer to check <CODE>blackholes.five-ten-sg.com</CODE>, a blocklist hosted by Five-Ten-SG.com, to see if an IP address belongs to an SMTP server that is an open relay, that is, that allows any user on the Internet to use it to send email to any other user on the Internet. See the <STRONG><A HREF="#FTSGRSS">FTSG Single-Stage Open Relays entry</A></STRONG> for more information about this blocklist and how to use it.</DD></DL></P> |
| 1413 | |
| 1414 | <P><DL><DD>FTSGRSSCHECK is set to <CODE>no</CODE> by default.</DD></DL></P> |
| 1415 | |
| 1416 | <P><DL><DT><STRONG><A NAME="varFTSGSRCCHECK">FTSGSRCCHECK</A></STRONG></DT> |
| 1417 | |
| 1418 | <DD>If set to "yes", tells the SpamBouncer to check <CODE>blackholes.five-ten-sg.com</CODE>, a blocklist hosted by Five-Ten-SG.com, to see if an IP address belongs to a server that is a direct spam source. See the <STRONG><A HREF="#FTSGSource">FTSG Spam Sources entry</A></STRONG> for more information about this blocklist and how to use it.</DD></DL></P> |
| 1419 | |
| 1420 | <P><DL><DD>FTSGSRCCHECK is set to <CODE>no</CODE> by default.</DD></DL></P> |
| 1421 | |
| 1422 | <P><DL><DT><STRONG><A NAME="varFTSGWEBFORMCHECK">FTSGWEBFORMCHECK</A></STRONG></DT> |
| 1423 | |
| 1424 | <DD>If set to "yes", tells the SpamBouncer to check <CODE>blackholes.five-ten-sg.com</CODE>, a blocklist hosted by Five-Ten-SG.com, to see if an IP address belongs to a web server that has one or more insecure web forms, such as web forms using insecure versions of <CODE>formmail.pl</CODE>, that are abused by spammers to send spam. See the <STRONG><A HREF="#FTSGWebForm">FTSG Insecure Web Form entry</A></STRONG> for more information about this blocklist and how to use it.</DD></DL></P> |
| 1425 | |
| 1426 | <P><DL><DD>FTSGWEBFORMCHECK is set to <CODE>no</CODE> by default.</DD></DL></P> |
| 1427 | |
| 1428 | <P><DL><DT><STRONG><A NAME="varGARBLEDCHARSET">GARBLEDCHARSET</A></STRONG></DT> |
| 1429 | |
| 1430 | <DD>Controls the GARBLEDCHARSET filter, which tests for email with non-Latin character sets, and missing, wrong or corrupted MIME headers which should accompany any such character sets. This filter has been refined considerably, but may still occasionally catch email in heavily-modified Latin character sets (such as Baltic or some Eastern European languages), and will tend to catch email with non-Latin character sets, such as Russian, Greek, Arabic, Hebrew, etc.</DD></DL></P> |
| 1431 | |
| 1432 | <P><DL><DD>The default for this variable is yes, which enables this filter. Users who expect to receive email in a non-Latin character set, or who find it is catching too much legitimate email, can set this variable to no to disable the filter.</DD></DL></P> |
| 1433 | |
| 1434 | <P><DL><DT><STRONG><A NAME="varGLOBALNOBOUNCE">GLOBALNOBOUNCE</A></STRONG></DT> |
| 1435 | |
| 1436 | <DD>Points to a system-wide nobounce file, if your system administrator has provided one or if you are the system administrator and want to provide one. Please note that this is in addition to each user's individual NOBOUNCE file, and does not replace it. If you do not set this variable, it is automatically set to NONE, so you need to set it only if you have a system nobounce file.</DD></DL></P> |
| 1437 | |
| 1438 | <P><DL><DD>See NOBOUNCE for a more complete description of how this file works.</DD></DL></P> |
| 1439 | |
| 1440 | <P><DL><DT><STRONG><A NAME="varGREEK">GREEK</A></STRONG></DT> |
| 1441 | |
| 1442 | <DD>Set GREEK=yes if you receive email in Greek. Otherwise leave it set to no (the default), and the SpamBouncer will send any email in this language to the BLOCKFOLDER.</DD></DL></P> |
| 1443 | |
| 1444 | <P><DL><DT><STRONG><A NAME="varGREP">GREP</A></STRONG></DT> |
| 1445 | |
| 1446 | <DD>A variant of Unix <CODE>grep</CODE>, a set of programs which searches files on Unix systems for specified strings of characters. This is set by default to "fgrep", a fast version of grep which is usually found in a normal system programs directory on Unix machines. Most versions of fgrep work properly with the SpamBouncer.</DD></DL></P> |
| 1447 | |
| 1448 | <P><DL><DD>If NOBOUNCE and LEGITLISTS are working on your system, there is no need to set this variable. If NOBOUNCE is not working, set this variable to point to one of your system's <CODE>grep</CODE> programs other than <CODE>fgrep</CODE>. Usually <CODE>egrep</CODE> will work, or <CODE>agrep</CODE> if that does not.</DD></DL></P> |
| 1449 | |
| 1450 | <P><DL><DT><STRONG><A NAME="varHABEASINFRINGERS">HABEASINFRINGERS</A></STRONG></DT> |
| 1451 | |
| 1452 | <DD>If set to "yes", tells the SpamBouncer to check <CODE>hil.habeas.com</CODE>, a blocklist hosted by <STRONG><A HREF="http://www.habeas.com/">Habeas, Inc.</A></STRONG>, to see if an IP address found in the headers of an email has been used to send spam in violation of the Habeas SWE program. See the <STRONG><A HREF="#ABOUTHABEAS">Habeas entry</A></STRONG> for more information about this blocklist and how to use it.</DD></DL></P> |
| 1453 | |
| 1454 | <P><DL><DD>HABEASINFRINGERS is set to <CODE>no</CODE> by default.</DD></DL></P> |
| 1455 | |
| 1456 | <P><DL><DT><STRONG><A NAME="varHABEASVERIFIED">HABEASVERIFIED</A></STRONG></DT> |
| 1457 | |
| 1458 | <DD>If set to "yes", tells the SpamBouncer to check <CODE>hul.habeas.com</CODE>, a whitelist hosted by <STRONG><A HREF="http://www.habeas.com/">Habeas, Inc.</A></STRONG>, to see if an IP address found in the headers of an email is registered with Habeas as a guaranteed source of only non-spam email. See the <STRONG><A HREF="#ABOUTHABEAS">Habeas entry</A></STRONG> for more information about this whitelist and how to use it.</DD></DL></P> |
| 1459 | |
| 1460 | <P><DL><DD>HABEASVERIFIED is set to <CODE>no</CODE> by default.</DD></DL></P> |
| 1461 | |
| 1462 | <P><DL><DT><STRONG><A NAME="varHEBREW">HEBREW</A></STRONG></DT> |
| 1463 | |
| 1464 | <DD>Set HEBREW=yes if you receive email in Hebrew. Otherwise leave |
| 1465 | it set to no (the default), and the SpamBouncer will send any email |
| 1466 | in this language to the BLOCKFOLDER.</DD></DL></P> |
| 1467 | |
| 1468 | <P><DL><DT><STRONG><A NAME="varHTMLBLOCK">HTMLBLOCK</A></STRONG></DT> |
| 1469 | |
| 1470 | <DD>If set to "yes", tells the SpamBouncer to block HTML-only email. Some years ago I set the SpamBouncer to block email in pure HTML (as opposed to the hybrid text and HTML email produced by Outlook and Netscape at the time), because such email was almost always spam. That is no longer the case -- brain-dead software from Microsoft, AOL, and others enables HTML email by default these days. (Can you tell that I really do not like HTML email?) ;> I have therefore disabled HTML blocking by default in this release. You can manually re-enable HTML blocking by setting the <CODE>HTMLBLOCK</CODE> variable to <CODE>yes</CODE> in your <CODE>.procmailrc</CODE> file.</DD></DL></P> |
| 1471 | |
| 1472 | <P><DL><DD>HTMLBLOCK is set to <CODE>no</CODE> by default.</DD></DL></P> |
| 1473 | |
| 1474 | <P><DL><DT><STRONG><A NAME="varIBSCHECK">IBSCHECK</A></STRONG></DT> |
| 1475 | |
| 1476 | <DD>If set to <CODE>yes</CODE>, tells the SpamBouncer to check the Ironport Bonded Sender list (IBS), which lists IP addresses of participants in the Ironport Bonded Sender program, and whitelist email sent to your system via one of these IP addresses. See the <STRONG><A HREF="#AboutIBS">IBS entry</A></STRONG> for more information about this whitelist and how to use it.</DD></DL></P> |
| 1477 | |
| 1478 | <P><DL><DD>CBLCHECK is set to <CODE>yes</CODE> by default.</DD></DL></P> |
| 1479 | |
| 1480 | <P><DL><DT><STRONG><A NAME="varIFRAMECHECKING">IFRAMECHECKING</A></STRONG></DT> |
| 1481 | |
| 1482 | <DD>Tells the SpamBouncer whether to check for email with embedded IFRAME tags, to block any email containing such active content. To disable this feature, set <CODE>IFRAMECHECKING=no</CODE> in your <CODE>.procmailrc</CODE> file.</DD></DL></P> |
| 1483 | |
| 1484 | <P><DL><DD>IFRAMECHECKING is set to <CODE>yes</CODE> by default.</DD></DL></P> |
| 1485 | |
| 1486 | <P><DL><DT><STRONG><A NAME="varJAPANESE">JAPANESE</A></STRONG></DT> |
| 1487 | |
| 1488 | <DD>Set JAPANESE=yes if you receive email in Japanese. Otherwise leave it set to no (the default), and the SpamBouncer will send any email in this language to the BLOCKFOLDER.</DD></DL></P> |
| 1489 | |
| 1490 | <P><DL><DT><STRONG><A NAME="varKOREAN">KOREAN</A></STRONG></DT> |
| 1491 | |
| 1492 | <DD>Set KOREAN=yes if you receive email in Korean. Otherwise leave it set to no (the default), and the SpamBouncer will send any email in this language to the BLOCKFOLDER.</DD></DL></P> |
| 1493 | |
| 1494 | <P><DL><DT><STRONG><A NAME="varLANGFILTER">LANGFILTER</A></STRONG></DT> |
| 1495 | |
| 1496 | <DD>If set to "yes", tells the SpamBouncer to filter incoming email and block email in Arabic, Chinese, any Cyrillic-based alphabet, Greek, Hebrew, Japanese, Korean, and Turkish. For most users who do not receive email in any of these languages, language filtering will delete a lot of spam and catch very little, if any, legitimate email. Users who do receive email in one or more of these languages will usually want to disable filtering only for those languages in which they normally receive email. For the rare polyglot, or shared account, that receives legitimate email in many languages, you can disable all language filtering by setting LANGFILTER=no. </DD></DL></P> |
| 1497 | |
| 1498 | <P><DL><DD>LANGFILTER is set to <CODE>yes</CODE> by default.</DD></DL></P> |
| 1499 | |
| 1500 | <P><DL><DT><STRONG><A NAME="varLEAN">LEAN</A></STRONG></DT> |
| 1501 | |
| 1502 | <DD>This variable turns off Pattern Matching on the body text only of messages over a certain size, and is set to yes by default. This is to prevent the SpamBouncer from hogging system resources on your server while filtering extremely large messages. The SpamBouncer is a large filter and can use a lot of CPU cycles and RAM if this limit is not in place.</DD></DL></P> |
| 1503 | |
| 1504 | <P><DL><DD>Set LEAN=no only if you receive large quantities of spam with attached files, and then only if you run your own server or know that the server on which your email is filtered has sufficient resources to run the SpamBouncer on the full text of all incoming email.</DD></DL></P> |
| 1505 | |
| 1506 | <P><DL><DT><STRONG><A NAME="varLEGITLISTS">LEGITLISTS</A></STRONG></DT> |
| 1507 | |
| 1508 | <DD>Tells the SpamBouncer about legitimate mailing lists which the SpamBouncer should not filter, but should deliver to the BULKFOLDER. Your LEGITLISTS file (whatever you name it and wherever you put it) should contain one email list address per line of text, and nothing else, like this:</DD></DL></P> |
| 1509 | |
| 1510 | <PRE> chitchat@borg.besties.com |
| 1511 | dylan-fanatics@lists.musicman.net</PRE> |
| 1512 | |
| 1513 | <P><DL><DD>If you do not set this variable, it is automatically set to <STRONG><CODE>${HOME}/.legitlists</CODE></STRONG>. If the file does not exist, the SpamBouncer just skips this recipe.</DD></DL></P> |
| 1514 | |
| 1515 | <P><DL><DT><STRONG><A NAME="varLOCALHOSTFILE">LOCALHOSTFILE</A></STRONG></DT> |
| 1516 | |
| 1517 | <DD>Tells the SpamBouncer which domains are local to you -- that is, which domains you receive email for. The SpamBouncer needs to know this to know which IP addresses and domains in the Received: headers should be checked against various blocklists. Your LOCALHOSTFILE file (whatever you name it and wherever you put it) should contain one domain name per line of text, and nothing else, like this:</DD></DL></P> |
| 1518 | |
| 1519 | <PRE> hrweb.org |
| 1520 | spambouncer.org</PRE> |
| 1521 | |
| 1522 | <P><DL><DD>If you do not set this variable to point to another location, the SpamBouncer automatically checks your home directory for <STRONG><CODE>${HOME}/.localhostfile</CODE></STRONG>. If the file exists, the SpamBouncer uses it. If it does not exist, the SpamBouncer uses the contents of the <STRONG><CODE><A HREF="#varDOMAIN">DOMAIN</A></CODE></STRONG> variable.</DD></DL></P> |
| 1523 | |
| 1524 | <P><DL><DT><STRONG><A NAME="varMHDELIVER">MHDELIVER</A></STRONG></DT> |
| 1525 | |
| 1526 | <DD>Points to the MH Mail <STRONG><CODE>rcvstore</CODE></STRONG> program, which is used to deliver email to MH Mail folders and update the indexes, and sets the necessary flags. On most systems, this program is located in <STRONG><CODE>/usr/lib/mh/rcvstore</CODE></STRONG>. If it is located in a different place on your system, you must set this variable manually in your <STRONG><CODE>.procmailrc</CODE></STRONG> file. Most MH Mail users do not need to set this variable.</DD></DL></P> |
| 1527 | |
| 1528 | <P><DL><DT><STRONG><A NAME="varMYEMAIL">MYEMAIL</A></STRONG></DT> |
| 1529 | |
| 1530 | <DD>Points to a text file similar to the NOBOUNCE file, containing a list of email addresses which belong to you. This helps the SpamBouncer with a number of internal routines, and will be implemented in future spam tests, as well. The default is ${HOME}/.myemail. If you do not set this variable to a different value, and if there is no .myemail file in your ${HOME} directory, the SpamBouncer will assume that ${LOGIN}@${HOST} is your email address.</DD></DL></P> |
| 1531 | |
| 1532 | <P><DL><DT><STRONG><A NAME="varNOBOUNCE">NOBOUNCE</A></STRONG></DT> |
| 1533 | |
| 1534 | <DD>Tells the SpamBouncer where to find your <CODE>NOBOUNCE</CODE> file, a text file of email addresses and domains whose email you want the SpamBouncer to skip filtering and deliver directly to you. Set this to point to the directory and filename where you keep that file. I name mine ".nobounce" and keep it in my home directory, and this is where the SpamBouncer looks if you don't set this variable.</DD></DL></P> |
| 1535 | |
| 1536 | <P><DL><DD>Your NOBOUNCE file (whatever you name it and wherever you put it) should contain one email address per line of text, and nothing else, like this:</DD></DL></P> |
| 1537 | |
| 1538 | <PRE> goodguy@spamsite.com |
| 1539 | niceguy@roguesite.net</PRE> |
| 1540 | |
| 1541 | <P><DL><DD>Please note that these names and addresses should be in plain text -- don't use Procmail regular expressions or wildcards, and don't try to escape the "." (periods) using a "\" (backslash). This will just confuse the SpamBouncer and cause your NOBOUNCE file not to work. :)</DD></DL></P> |
| 1542 | |
| 1543 | <P><DL><DD>You can also include entire domain names (the portion of the email address to the right of the @ sign) if you want the SpamBouncer to accept all email from anyone at those domains without checking. I do not recommend doing this, however, except for small domains which you know will not either send spam or be forged into spam by spammers. Since spammers often forge false email addresses in the From: and Reply-To: lines of their messages, you need to be careful or you will make it too easy for them.</DD></DL></P> |
| 1544 | |
| 1545 | <P><DL><DD>In particular, do not put your own domain in your NOBOUNCE file, since a number of spammers use mailmerge spam programs to forge their victims' own email addresses or a phony email address at their victims' domains into their spams, specifically in order to evade filters like the SpamBouncer.</DD></DL></P> |
| 1546 | |
| 1547 | <P><DL><DT><STRONG><A NAME="varNOLOOP">NOLOOP</A></STRONG></DT> |
| 1548 | |
| 1549 | <DD>Sets the <CODE>X-Loop:</CODE> header. I recommend leaving the default setting, which uses your ALTFROM address.</DD></DL></P> |
| 1550 | |
| 1551 | <P><DL><DT><STRONG><A NAME="varNSLOOKUP">NSLOOKUP</A></STRONG></DT> |
| 1552 | |
| 1553 | <DD>Tells the SpamBouncer the path and filename of your system's <STRONG><CODE>nslookup</CODE></STRONG> program. You need to set this only if nslookup is not in your path (the list of directories which your system will search for a program), if you have an alias set up for nslookup on your account, or if you are running Debian Linux or another Linux system that fills up your logs with error messages indicating that nslookup is deprecated. (If you aren't having trouble getting blocklists to work on your system, you can leave this alone.)</DD></DL></P> |
| 1554 | |
| 1555 | <P><DL><DD>Linux users whose systems object to nslookup can safely set NSLOOKUP=host. Users of other Unix-based systems can also do this provided your version of Unix has the host program. Check before you change this setting!</DD></DL></P> |
| 1556 | |
| 1557 | <P><DL><DD>This variable is set to <CODE>nslookup</CODE> by default.</DD></DL></P> |
| 1558 | |
| 1559 | <P><DL><DT><STRONG><A NAME="varNUKEBOUNCES">NUKEBOUNCES</A></STRONG></DT> |
| 1560 | |
| 1561 | <DD>If set to <CODE>yes</CODE>, tells the SpamBouncer to delete bounces to SpamBouncer complaints, abuse autoresponse messages, and other "junk mail" that most users do not care to see. It will not delete abuse responses that are not autogenerated.</DD></DL></P> |
| 1562 | |
| 1563 | <P><DL><DD>This variable is set to <CODE>no</CODE> by default.</DD></DL></P> |
| 1564 | |
| 1565 | <P><DL><DT><STRONG><A NAME="varOPMBLITZEDCHECK">OPMBLITZEDCHECK</A></STRONG></DT> |
| 1566 | |
| 1567 | <DD>If set to <CODE>yes</CODE>, tells the SpamBouncer to check the Blitzed.org Open Proxy Monitor (BOPM), at <STRONG><A HREF="http://www.blitzed.org/bopm/"><http://www.blitzed.org/bopm/></A></STRONG>, to see if an IP address is an open proxy.</DD></DL></P> |
| 1568 | |
| 1569 | <P><DL><DD>This variable is set to <CODE>no</CODE> by default.</DD></DL></P> |
| 1570 | |
| 1571 | <P><DL><DT><STRONG><A NAME="varORDBCHECK">ORDBCHECK</A></STRONG></DT> |
| 1572 | |
| 1573 | <DD>If set to <CODE>yes</CODE>, tells the SpamBouncer to check the Open Relay Database, at <STRONG><A HREF="http://www.ordb.org"><http://www.ordb.org></A></STRONG>, to see if an IP address is an open relay. This list closely corresponds to the old ORBS inputs list. An email server listed in the ORBL has not necessarily been used to send spam; it merely can be used to do so. Using this or any open relay blocklist can result in blocking a considerable amount of legitimate email as well as spam, if you correspond with people at sites that host open relays.</DD></DL></P> |
| 1574 | |
| 1575 | <P><DL><DD>This variable is set to <CODE>no</CODE> by default.</DD></DL></P> |
| 1576 | |
| 1577 | <P><DL><DT><STRONG><A NAME="varOUTLOOKTAGGING">OUTLOOKTAGGING</A></STRONG></DT> |
| 1578 | |
| 1579 | <DD>If set to <CODE>yes</CODE>, tells the SpamBouncer to embed its X-SBClass: header in the Subject: line of any email it classifies as a Virus, Spam, or Blocked. Since Microsoft Outlook and Outlook Express lack the ability to filter on any headers other than From: and Subject:, this allows users of these programs to filter the this email into a backup folder, as users of email programs with more powerful filtering capabilities can already.</DD></DL></P> |
| 1580 | |
| 1581 | <P><DL><DD>This variable is set to <CODE>no</CODE> by default. I do not recommend enabling it unless you use a POP mail program that cannot filter directly on the X-SBClass: header. It leaves the Subject: lines of spam looking a bit awkward.</DD></DL></P> |
| 1582 | |
| 1583 | <P><DL><DT><STRONG><A NAME="varPATTERNMATCHING">PATTERNMATCHING</A></STRONG></DT> |
| 1584 | |
| 1585 | <DD>How to handle mail which the generic pattern matching filter tags as probable spam, but which may be legitimate email. Valid values are <STRONG><CODE>NONE</CODE></STRONG>, which skips pattern matching entirely; <STRONG><CODE>SILENT</CODE></STRONG>, which simply files the mail in the BLOCKFOLDER; and <STRONG><CODE>NOTIFY</CODE></STRONG>, which sends a notice to the sender that his email was blocked, and explains how |
| 1586 | to bypass spam filtering if his email was legitimate.</DD></DL></P> |
| 1587 | |
| 1588 | <P><DL><DD>I recommend that users set this value to SILENT. Pattern matching occasionally filters out legitimate email -- there is no way to prevent this entirely. Since more and more spammers are using throwaway accounts, though, and forging their headers so heavily that it is difficult to spot spam through header analysis alone, setting PATTERNMATCHING to NONE will reduce the effectiveness of the SpamBouncer considerably.</DD></DL></P> |
| 1589 | |
| 1590 | <P><DL><DD>The default setting for this variable is NONE, however, because I want to be sure that if you're using it, you have actually read these instructions and know that you are using it. So, if you want to enable it, you must set PATTERNMATCHING to SILENT in your .procmailrc.</DD></DL></P> |
| 1591 | |
| 1592 | <P><DL><DT><STRONG><A NAME="varRBLCHECK">RBLCHECK</A></STRONG></DT> |
| 1593 | |
| 1594 | <DD>If set to <CODE>yes</CODE>, tells the SpamBouncer to check the Mail Abuse Prevention System (MAPS) Realtime Blackhole List (RBL), which lists IP addresses associated with domains which have spammed repeatedly, and which have failed to clean up their acts despite the RBL team's efforts and assistance. As of August 1, 2001 you must subscribe to MAPS to use the MAPS RBL (Realtime Blackhole List). If you want to use the RBL, contact MAPS <STRONG><A HREF="http://www.mail-abuse.org"><http://www.mail-abuse.org></A></STRONG> and become a subscriber. Sites |
| 1595 | listed on the RBL are highly likely to be the sources of spam, and will rarely be sources of email you want to receive.</DD></DL></P> |
| 1596 | |
| 1597 | <P><DL><DD>This variable is set to <CODE>no</CODE> by default. To enable RBL-based filtering, set RBLCHECK=yes in your <CODE>.procmailrc</CODE> file.</DD></DL></P> |
| 1598 | |
| 1599 | <P><DL><DT><STRONG><A NAME="varRFCABUSECHECK">RFCABUSECHECK</A></STRONG></DT> |
| 1600 | |
| 1601 | <DD>If set to <CODE>yes</CODE>, tells the SpamBouncer to check the <STRONG><CODE>rfc-ignorant.org</CODE></STRONG> list for domains with no valid abuse@ address. Lack of an abuse@ address makes it difficult to report spamming or other abuse from a domain, and is often a sign of a badly-managed domain or a domain owned by a spammer.</DD></DL></P> |
| 1602 | |
| 1603 | <P><DL><DD>This variable is set to <CODE>no</CODE> by default. To enable the <STRONG><CODE>rfc-ignorant.org</CODE></STRONG> abuse blocklist, set RFCABUSECHECK=yes in your <CODE>.procmailrc</CODE> file.</DD></DL></P> |
| 1604 | |
| 1605 | <P><DL><DT><STRONG><A NAME="varRFCDSNCHECK">RFCDSNCHECK</A></STRONG></DT> |
| 1606 | |
| 1607 | <DD>If set to <CODE>yes</CODE>, tells the SpamBouncer to check the <STRONG><CODE>rfc-ignorant.org</CODE></STRONG> list for domains that do not accept bounced messages. Domains that fail to accept bounced messages can engage in dictionary attacks and other kinds of extremely abusive spamming practices without consequences, since they do not have to accept notifications when they send to an address that does not exist. Failing to accept bounces is often a sign of a badly-managed domain or a domain owned by a spammer.</DD></DL></P> |
| 1608 | |
| 1609 | <P><DL><DD>This variable is set to <CODE>no</CODE> by default. To enable the <STRONG><CODE>rfc-ignorant.org</CODE></STRONG> DSN blocklist, set RFCDSNCHECK=yes in your <CODE>.procmailrc</CODE> file.</DD></DL></P> |
| 1610 | |
| 1611 | <P><DL><DT><STRONG><A NAME="varRFCIPWHOISCHECK">RFCIPWHOISCHECK</A></STRONG></DT> |
| 1612 | |
| 1613 | <DD>If set to <CODE>yes</CODE>, tells the SpamBouncer to check the <STRONG><CODE>rfc-ignorant.org</CODE></STRONG> list for IP blocks with no valid whois information. Lack of such information makes it difficult or impossible to contact the person responsible for a netblock to report abuse. </DD></DL></P> |
| 1614 | |
| 1615 | <P><DL><DD>This variable is set to <CODE>no</CODE> by default. To enable the <STRONG><CODE>rfc-ignorant.org</CODE></STRONG> IP whois blocklist, set RFCIPWHOISCHECK=yes in your <CODE>.procmailrc</CODE> file.</DD></DL></P> |
| 1616 | |
| 1617 | <P><DL><DT><STRONG><A NAME="varRFCPOSTMASTERCHECK">RFCPOSTMASTERHECK</A></STRONG></DT> |
| 1618 | |
| 1619 | <DD>If set to <CODE>yes</CODE>, tells the SpamBouncer to check the <STRONG><CODE>rfc-ignorant.org</CODE></STRONG> list for domains with no valid postmaster@ address. Lack of an postmaster@ address means that it is not possible to contact the person responsible for a domain's mail system. Domains that lack a postmaster address are often badly-managed or owned by a spammer.</DD></DL></P> |
| 1620 | |
| 1621 | <P><DL><DD>This variable is set to <CODE>no</CODE> by default. To enable the <STRONG><CODE>rfc-ignorant.org</CODE></STRONG> postmaster blocklist, set RFCPOSTMASTERCHECK=yes in your <CODE>.procmailrc</CODE> file.</DD></DL></P> |
| 1622 | |
| 1623 | <P><DL><DT><STRONG><A NAME="varRFCWHOISCHECK">RFCWHOISCHECK</A></STRONG></DT> |
| 1624 | |
| 1625 | <DD>If set to <CODE>yes</CODE>, tells the SpamBouncer to check the <STRONG><CODE>rfc-ignorant.org</CODE></STRONG> list for domains with invalid whois information. Invalid whois information is often a sign of a badly-managed domain or a domain owned by a spammer.</DD></DL></P> |
| 1626 | |
| 1627 | <P><DL><DD>This variable is set to <CODE>no</CODE> by default. To enable the <STRONG><CODE>rfc-ignorant.org</CODE></STRONG> whois blocklist, set RFCWHOISCHECK=yes in your <CODE>.procmailrc</CODE> file.</DD></DL></P> |
| 1628 | |
| 1629 | <P><DL><DT><STRONG><A NAME="varRM">RM</A></STRONG></DT> |
| 1630 | |
| 1631 | <DD>Tells the SpamBouncer the path and filename of your system's <STRONG><CODE>rm</CODE></STRONG> program -- the program which deletes files. You need to set this only if rm is not in your path (the list of directories which your system will search for a program) or if you have an alias set up for rm on your account. If you aren't having trouble with the SpamBouncer leaving temporary files on your system, you can leave this alone.</DD></DL></P> |
| 1632 | |
| 1633 | <P><DL><DT><STRONG><A NAME="varRSLCHECK">RSLCHECK</A></STRONG></DT> |
| 1634 | |
| 1635 | <DD>If set to <CODE>yes</CODE>, tells the SpamBouncer to check the Relay Stop List (RSL) at <STRONG><A HREF="http://relays.visi.com"><http://relays.visi.com></A></STRONG>, to see if an IP address belongs to an open relay. This list contains the IP addresses of open relays, insecure SMTP servers that allow any user on the Internet to send email to any other user via this SMTP server. This list expires entries after 90 days, or automatically on request by anyone, so it is a very conservative list. That means it is unlikely to block much legitimate email, but that it is also likely to fail to block spam that other lists would block.</DD></DL></P> |
| 1636 | |
| 1637 | <P><DL><DD>This variable is set to <CODE>no</CODE> by default.</DD></DL></P> |
| 1638 | |
| 1639 | <P><DL><DT><STRONG><A NAME="varRSSCHECK">RSSCHECK</A></STRONG></DT> |
| 1640 | |
| 1641 | <DD>If set to <CODE>yes</CODE>, tells the SpamBouncer to check the MAPS Relay Spam Source (RSS) |
| 1642 | blocklist, which lists IP addresses associated with mail servers which are open relays, and through which spam has been sent at least once. As of August 1, 2001 you must subscribe to MAPS to use the RSS. If you want to use the RSS, contact MAPS <STRONG><A HREF="http://www.mail-abuse.org"><http://www.mail-abuse.org></A></STRONG> and become a subscriber.</DD></DL></P> |
| 1643 | |
| 1644 | <P><DL><DD>A relay listed in the RSS is not just an open relay; it is an open |
| 1645 | relay known to spammers which has been used to spam. The RSS blocklist is generally considered less aggressive than the other open relay blocklists, although they both list open relays. As such, it should block less legitimate email than the other blocklists, but will also miss spam sent through relays which have not been abused previously.</DD></DL></P> |
| 1646 | |
| 1647 | <P><DL><DD>This variable is set to <CODE>no</CODE> by default. To enable RSS-based filtering, set RSSCHECK=yes in your <CODE>.procmailrc</CODE> file.</DD></DL></P> |
| 1648 | |
| 1649 | <P><DL><DT><STRONG><A NAME="varRUSSIAN">RUSSIAN</A></STRONG></DT> |
| 1650 | |
| 1651 | <DD>Set RUSSIAN to <CODE>yes</CODE> if you receive email in Russian. Otherwise leave it set to no (the default), and the SpamBouncer will send any email in Russian to the BLOCKFOLDER.</DD></DL></P> |
| 1652 | |
| 1653 | <P><DL><DT><STRONG><A NAME="varSBDEBUG">SBDEBUG</A></STRONG></DT> |
| 1654 | |
| 1655 | <DD>Set <STRONG><CODE>SBDEBUG=yes</CODE></STRONG> if you want to run the SpamBouncer in debugging mode. In this mode, the SpamBouncer runs all filters on all incoming email; it does not quit filtering email after it is already classified as spam or as a virus. It also generates verbose Procmail logs. Running in this mode can be useful for diagnosing problems with the SpamBouncer or your configuration. Otherwise, do not turn on debugging mode; it eats up system resources.</DD></DL></P> |
| 1656 | |
| 1657 | <P><DL><DT><STRONG><A NAME="varSBDELIVERY">SBDELIVERY</A></STRONG></DT> |
| 1658 | |
| 1659 | <DD>Sets the SpamBouncer's delivery mode. The valid options are:</DD></DL></P> |
| 1660 | |
| 1661 | <P><DL><UL><LI><STRONG><CODE>FILE.</CODE></STRONG> Delivers email to flat files, as used by most Unix-based email programs. This is the SpamBouncer's default behavior. This option is set by default if you do not explicitly set another option in your <STRONG><CODE>.procmailrc</CODE></STRONG> file.</LI></UL></DL></P> |
| 1662 | |
| 1663 | <P><DL><UL><LI><STRONG><CODE>FILTER.</CODE></STRONG> Filters and tags email, and then returns all email (including viruses and spam) to the mail stream. You must then write your own procmail recipes to deliver your email. This setting means exactly the same thing as <STRONG><CODE>FILTER=yes</CODE></STRONG>; the two are interchangeable.</LI></UL></DL></P> |
| 1664 | |
| 1665 | <P><DL><UL><LI><STRONG><CODE>MH.</CODE></STRONG> Delivers email to MH Mail folders using the appropriate MH mail delivery utility.</LI></UL></DL></P> |
| 1666 | |
| 1667 | <P><DL><DT><STRONG><A NAME="varSBSHELL">SBSHELL</A></STRONG></DT> |
| 1668 | |
| 1669 | <DD>Sets the SpamBouncer's internal shell appropriately. Unless your Bourne shell program (sh) is not on your system path (highly unlikely), you do not need to set this variable.</DD></DL></P> |
| 1670 | |
| 1671 | <P><DL><DT><STRONG><A NAME="varSBTEMP">SBTEMP</A></STRONG></DT> |
| 1672 | |
| 1673 | <DD>Set SBTEMP=yes if you want the SpamBouncer to put its temporary files in a specific location. Otherwise, the SpamBouncer will use your system's <CODE>/tmp</CODE> directory. (You do not normally need to set this.)</DD></DL></P> |
| 1674 | |
| 1675 | <P><DL><DT><STRONG><A NAME="varSBTRAP">SBTRAP</A></STRONG></DT> |
| 1676 | |
| 1677 | <DD>Set SBTRAP=yes if you want a copy of all email that the SpamBouncer classifies either as blocked or as spam to be sent to a particular email address. Useful for debugging a systemwide installation; otherwise, leave this unset.</DD></DL></P> |
| 1678 | |
| 1679 | <P><DL><DT><STRONG><A NAME="varSCRIPTCHECKING">SCRIPTCHECKING</A></STRONG></DT> |
| 1680 | |
| 1681 | <DD>Tells the SpamBouncer whether to check for email with embedded JavaScript, to block any email containing such active content. To disable this feature, set <CODE>SCRIPTHECKING=no</CODE> in your <CODE>.procmailrc</CODE> file.</DD></DL></P> |
| 1682 | |
| 1683 | <P><DL><DD>SCRIPTCHECKING is set to <CODE>yes</CODE> by default.</DD></DL></P> |
| 1684 | |
| 1685 | <P><DL><DT><STRONG><A NAME="varSENDMAIL">SENDMAIL</A></STRONG></DT> |
| 1686 | |
| 1687 | <DD>The full path to your system's copy of sendmail. The default value is <CODE>/usr/sbin/sendmail</CODE>, which will work on some systems, but not all. On almost all systems which use sendmail, however, this variable is set correctly as a global default by the system administrators. It does not hurt to check and be sure, though. If SENDMAIL is not set correctly, the SpamBouncer will be unable to send any autoreplies.</DD></DL></P> |
| 1688 | |
| 1689 | <P><DL><DT><STRONG><A NAME="varSORBSCGICHECK">SORBSCGICHECK</A></STRONG></DT> |
| 1690 | |
| 1691 | <DD>If set to <CODE>yes</CODE>, tells the SpamBouncer to check the SORBS Insecure Web Sites blocklist, described at at <STRONG><A HREF="http://www.dnsbl.us.sorbs.net/"><http://www.dnsbl.us.sorbs.net></A></STRONG>, to see if an IP address is listed as a web server that hosts insecure CGI scripts, is known to be infected with Code Red, NIMDA, or a similar virus, or has other vulnerabilities that allow spammers to send spam.</DD></DL></P> |
| 1692 | |
| 1693 | <P><DL><DD>This variable is set to <CODE>no</CODE> by default.</DD></DL></P> |
| 1694 | |
| 1695 | <P><DL><DT><STRONG><A NAME="varSORBSDYNCHECK">SORBSDYNCHECK</A></STRONG></DT> |
| 1696 | |
| 1697 | <DD>If set to <CODE>yes</CODE>, tells the SpamBouncer to check the SORBS Dynamic IP Ranges blocklist, described at at <STRONG><A HREF="http://www.dnsbl.us.sorbs.net/"><http://www.dnsbl.us.sorbs.net></A></STRONG>, to see if an IP address is listed as part of a dynamic IP range.</DD></DL></P> |
| 1698 | |
| 1699 | <P><DL><DT><STRONG><A NAME="varSORBSPROXYCHECK">SORBSPROXYCHECK</A></STRONG></DT> |
| 1700 | |
| 1701 | <DD>If set to <CODE>yes</CODE>, tells the SpamBouncer to check the SORBS HTTP Proxy Servers blocklist, described at at <STRONG><A HREF="http://www.dnsbl.us.sorbs.net/"><http://www.dnsbl.us.sorbs.net></A></STRONG>, to see if an IP address is listed as an open HTTP proxy.</DD></DL></P> |
| 1702 | |
| 1703 | <P><DL><DD>This variable is set to <CODE>no</CODE> by default.</DD></DL></P> |
| 1704 | |
| 1705 | <P><DL><DT><STRONG><A NAME="varSORBSPROXY2CHECK">SORBSPROXY2CHECK</A></STRONG></DT> |
| 1706 | |
| 1707 | <DD>If set to <CODE>yes</CODE>, tells the SpamBouncer to check the SORBS Other Open Proxy Servers blocklist, described at at <STRONG><A HREF="http://www.dnsbl.us.sorbs.net/"><http://www.dnsbl.us.sorbs.net></A></STRONG>, to see if an IP address is listed as an open proxy of any type other than an HTTP proxy or a Socks proxy.</DD></DL></P> |
| 1708 | |
| 1709 | <P><DL><DD>This variable is set to <CODE>no</CODE> by default.</DD></DL></P> |
| 1710 | |
| 1711 | <P><DL><DT><STRONG><A NAME="varSORBSRELAYCHECK">SORBSRELAYCHECK</A></STRONG></DT> |
| 1712 | |
| 1713 | <DD>If set to <CODE>yes</CODE>, tells the SpamBouncer to check the SORBS Open SMTP Relays blocklist, described at at <STRONG><A HREF="http://www.dnsbl.us.sorbs.net/"><http://www.dnsbl.us.sorbs.net></A></STRONG>, to see if an IP address is listed as an open SMTP relay.</DD></DL></P> |
| 1714 | |
| 1715 | <P><DL><DD>This variable is set to <CODE>no</CODE> by default.</DD></DL></P> |
| 1716 | |
| 1717 | <P><DL><DT><STRONG><A NAME="varSORBSSOCKSCHECK">SORBSSOCKSCHECK</A></STRONG></DT> |
| 1718 | |
| 1719 | <DD>If set to <CODE>yes</CODE>, tells the SpamBouncer to check the SORBS Open Socks Proxy Servers blocklist, described at at <STRONG><A HREF="http://www.dnsbl.us.sorbs.net/"><http://www.dnsbl.us.sorbs.net></A></STRONG>, to see if an IP address is listed as an open Socks Proxy server.</DD></DL></P> |
| 1720 | |
| 1721 | <P><DL><DD>This variable is set to <CODE>no</CODE> by default.</DD></DL></P> |
| 1722 | |
| 1723 | <P><DL><DT><STRONG><A NAME="varSORBSSPAMCHECK">SORBSSPAMCHECK</A></STRONG></DT> |
| 1724 | |
| 1725 | <DD>If set to <CODE>yes</CODE>, tells the SpamBouncer to check the SORBS Open Socks Proxy Servers blocklist, described at at <STRONG><A HREF="http://www.dnsbl.us.sorbs.net/"><http://www.dnsbl.us.sorbs.net></A></STRONG>, to see if an IP address is listed as a spam source, host of web sites advertised by spam, or provider of other spam support services.</DD></DL></P> |
| 1726 | |
| 1727 | <P><DL><DD>This variable is set to <CODE>no</CODE> by default.</DD></DL></P> |
| 1728 | |
| 1729 | <P><DL><DT><STRONG><A NAME="varSORBSZOMBIECHECK">SORBSZOMBIECHECK</A></STRONG></DT> |
| 1730 | |
| 1731 | <DD>If set to <CODE>yes</CODE>, tells the SpamBouncer to check the SORBS Zombie IP Ranges blocklist, described at at <STRONG><A HREF="http://www.dnsbl.us.sorbs.net/"><http://www.dnsbl.us.sorbs.net></A></STRONG>, to see if an IP address is listed as having been hijacked and no longer under the control of the registered owner.</DD></DL></P> |
| 1732 | |
| 1733 | <P><DL><DD>This variable is set to <CODE>no</CODE> by default.</DD></DL></P> |
| 1734 | |
| 1735 | <P><DL><DT><STRONG><A NAME="varSPAMCOPCHECK">SPAMCOPCHECK</A></STRONG></DT> |
| 1736 | |
| 1737 | <DD>If set to <CODE>yes</CODE>, tells the SpamBouncer to check the SpamCop blocklist, described at at <STRONG><A HREF="http://www.spamcop.net/"><http://www.spamcop.net></A></STRONG>, to see if an IP address or domain name is on the main spamcop.org blocklist. This list contains the IP addresses of all sorts of sites that have spammed, host sites that are advertised by spamming, or that the maintainers believe are involved in spamming in some other way. </DD></DL></P> |
| 1738 | |
| 1739 | <P><DL><DD>This variable is set to <CODE>no</CODE> by default.</DD></DL></P> |
| 1740 | |
| 1741 | <P><DL><DT><STRONG><A NAME="varSPAMFOLDER">SPAMFOLDER</A></STRONG></DT> |
| 1742 | |
| 1743 | <DD>Where to store messages tagged as spam by the filter. If you want to just delete spam, set SPAMFOLDER to /dev/null. If you want to put the stuff in a backup folder, set SPAMFOLDER to a filename, perhaps spam.incoming. POP mail users whose client programs have the ability to filter mail into separate folders (like Eudora and Pegasus mail) can also set this to DEFAULT, and let their mail filters sort it into the trash folder or a special spam folder, if they want to engage in some spam tracking. :) Users of MAILDIR may set BLOCKFOLDER to a directory rather than a filename, or you may forward this email to a different address using normal sendmail syntax.</DD></DL></P> |
| 1744 | |
| 1745 | <P><DL><DT><STRONG><A NAME="varSPAMHAUSORGCHECK">SPAMHAUSORGCHECK</A></STRONG></DT> |
| 1746 | |
| 1747 | <DD>If set to <CODE>yes</CODE>, tells the SpamBouncer to check Steve Linford's <STRONG><A HREF="http://www.spamhaus.org"><http://www.spamhaus.org></A></STRONG> blocklist to see if an IP is listed. These sites are mostly unrepentant and aggressive spammers. You are very unlikely to get legitimate email from any of them.</DD></DL></P> |
| 1748 | |
| 1749 | <P><DL><DD>This variable is set to <CODE>yes</CODE> by default. To disable spamhaus.org filtering, set SPAMHAUSORGCHECK=no in your <CODE>.procmailrc</CODE> file, but I recommend leaving it enabled.</DD></DL></P> |
| 1750 | |
| 1751 | <P><DL><DT><STRONG><A NAME="varSPAMLEVEL">SPAMLEVEL</A></STRONG></DT> |
| 1752 | |
| 1753 | <DD>Tells the SpamBouncer which score to use as the threshold for considering email definitely spam. Email that scores at this level or above is considered spam. It receives an X-SBClass: Spam header, and unless you have <STRONG><CODE>FILTER=yes</CODE></STRONG> in your <CODE>.procmailrc</CODE>, puts that email in the SPAMFOLDER.</DD></DL></P> |
| 1754 | |
| 1755 | <P><DL><DD>SPAMLEVEL is set to <CODE>10</CODE> by default. Increase this score to loosen the SpamBouncer's criteria for considering email spam; decrease it to tighten the SpamBouncer's criteria.</DD></DL></P> |
| 1756 | |
| 1757 | <P><DL><DT><STRONG><A NAME="varSPAMREPLY">SPAMREPLY</A></STRONG></DT> |
| 1758 | |
| 1759 | <DD>How to handle mail which the SpamBouncer tags as definitely spam, and which should contain no valid mail whatsoever. Valid values are <STRONG><CODE>SILENT</CODE></STRONG>, which simply files the mail in the SPAMFOLDER; <STRONG><CODE>BOUNCE</CODE></STRONG>, which sends a simulated MAILER-DAEMON bounce message to the spammer in hopes that |
| 1760 | he will think your address is no good and remove it from his list; <STRONG><CODE>COMPLAIN</CODE></STRONG>, which sends a |
| 1761 | complaint and copy of the spam to the spammer's postmaster for spammers which the SpamBouncer knows about and has this information, and in most cases also the upstream ISPs; and <STRONG><CODE>BOTH</CODE></STRONG>, which (not surprisingly) both sends a bounce and complains.</DD></DL></P> |
| 1762 | |
| 1763 | <P><DL><DD>New users should set this to SILENT until they're sure everything is working properly.</DD></DL></P> |
| 1764 | |
| 1765 | <P><DL><DT><STRONG><A NAME="varSPEWSCHECK">SPEWSCHECK</A></STRONG></DT> |
| 1766 | |
| 1767 | <DD>If set to <CODE>yes</CODE>, tells the SpamBouncer to check the SPEWS blocklist, described at at <STRONG><A HREF="http://www.spews.org"><http://www.spews.org></A></STRONG>, to see if an IP address or domain name is on the SPEWS Level 1 or Level 2 blocklist. The SPEWS blocklists used by the SpamBouncer are maintained by SORBS, at <STRONG><CODE>l1.spews.dnsbl.sorbs.net</CODE></STRONG> and <STRONG><CODE>l2.spews.dnsbl.sorbs.net</CODE></STRONG>. These blocklists contain the IP addresses of all sorts of sites that the SPEWS maintainers believe are likely to be sources of spam, whether they have actually spammed or not as of the time of listing. Most of the entries appear to be of long-time spammers and providers of spam support services, in addition to sites that are actively spamming or hosting spammers and refusing to shut them down. Entries to this list are from trusted users only; SPEWS does not accept submissions for listing from the public.</DD></DL></P> |
| 1768 | |
| 1769 | <P><DL><DD>This variable is set to <CODE>no</CODE> by default.</DD></DL></P> |
| 1770 | |
| 1771 | <P><DL><DT><STRONG><A NAME="varTEST">TEST</A></STRONG></DT> |
| 1772 | |
| 1773 | <DD>A variant of Unix <CODE>test</CODE> program, a small program which looks for a file or directory and reports whether it exists or not. This is set to "test" by default, since this program is normally found on the system path.</DD></DL></P> |
| 1774 | |
| 1775 | <P><DL><DD>If NOBOUNCE and LEGITLISTS are working on your system, there is no need to set this variable. If NOBOUNCE is not working, set this variable to point directly to your system's <CODE>test</CODE> program.</DD></DL></P> |
| 1776 | |
| 1777 | <P><DL><DT><STRONG><A NAME="varTHISISP">THISISP</A></STRONG></DT> |
| 1778 | |
| 1779 | <DD><STRONG><FONT="#FF0000">DEPRECATED! Use the LOCALHOSTFILE variable and a text file containing your local hosts instead.</FONT></STRONG> Tells the SpamBouncer the domain name of your domain or ISP.</DD></DL></P> |
| 1780 | |
| 1781 | <P><DL><DD>THISISP is set to <CODE>${HOST}.${DOMAIN}</CODE> by default.</DD></DL></P> |
| 1782 | |
| 1783 | <P><DL><DT><STRONG><A NAME="varTURKISH">TURKISH</A></STRONG></DT> |
| 1784 | |
| 1785 | <DD>Set TURKISH=yes if you receive email in Turkish. Otherwise leave it set to no (the default), and the SpamBouncer will send any email in this language to the BLOCKFOLDER.</DD></DL></P> |
| 1786 | |
| 1787 | <P><DL><DT><STRONG><A NAME="varVIRUSCHECKING">VIRUSCHECKING</A></STRONG></DT> |
| 1788 | |
| 1789 | <DD>Tells the SpamBouncer whether to run its internal virus checking filters. This variable is set to <CODE>yes</CODE> by default, enabling the internal virus checking filters. To disable them, set <CODE>VIRUSCHECKING=no</CODE> in your <CODE>.procmailrc</CODE> file.</DD></DL></P> |
| 1790 | |
| 1791 | <P><DL><DD>I recommend that you turn off virus checking only if you have a good anti-virus program running on your mailserver itself, rather than just on your local computer. The SpamBouncer's virus checking is not a substitute for an anti-virus program, but it can get rid of a lot of virus-laden email before you download it. If you use a local antivirus program instead of a server-based program, the SpamBouncer's virus filters will save time downloading your email, and also CPU cycles on your workstation or PC.</DD></DL></P> |
| 1792 | |
| 1793 | <P><DL><DD><STRONG>NOTE:</STRONG> Setting <CODE>VIRUSCHECKING=no</CODE> will <STRONG>NOT</STRONG> disable the SpamBouncer's filters for dangerous file types and code. The SpamBouncer will always look for and block email with embedded hidden executable attachments, iframes, and scripts. It will also look for and block email with any embedded executable attachments unless you set <CODE>EXECHECKING=no</CODE>, and email with any embedded documents of a type that can contain executable code unless you set <CODE>EXEDOCCHECKING=no</CODE>.</DD></DL></P> |
| 1794 | |
| 1795 | <P><DL><DT><STRONG><A NAME="varVIRUSFOLDER">VIRUSFOLDER</A></STRONG></DT> |
| 1796 | |
| 1797 | <DD>Where to store messages that the SpamBouncer tags as viruses. This is set by default to the SPAMFOLDER. After you have tested your setup and are certain it works, you may want to change this to /dev/null. Virus-infected email is almost always email the user has no idea he/she sent. It contains nothing most people would want to see, and if you retrieve it into most of the popular Windows-based email programs, you might infect your system.</DD></DL></P> |
| 1798 | |
| 1799 | <P><DL><DD>AHBLRELAYCHECK is set to <CODE>no</CODE> by default.</DD></DL></P> |
| 1800 | |
| 1801 | <P><DL><DT><STRONG><A NAME="varWOTCHECK">WOTCHECK</A></STRONG></DT> |
| 1802 | |
| 1803 | <DD>If set to <CODE>yes</CODE>, tells the SpamBouncer to check the Web-O-Trust whitelist to see if an IP belongs to a computer on it, and whitelist email sent to your system via one of these IP addresses. See the <STRONG><A HREF="#AboutWOTCHECK">Web-O-Trust entry</A></STRONG> for more information about this whitelist and how to use it.</DD></DL></P> |
| 1804 | |
| 1805 | <P><DL><DD>WOTCHECK is set to <CODE>no</CODE> by default.</DD></DL></P> |
| 1806 | |
| 1807 | <P><DL><DT><STRONG><A NAME="varZIPCHECKING">ZIPCHECKING</A></STRONG></DT> |
| 1808 | |
| 1809 | <DD>If set to <CODE>yes</CODE>, tells the SpamBouncer to block email with attached files in the ZIP archive format. A number of viruses are using this format to bypass virus filters that block email with active content. If you do not normally receive email with ZIP archive attached files, you can enable this feature and block any virus that tries this trick. Otherwise, do not enable it or legitimate email may be blocked.</DD></DL></P> |
| 1810 | |
| 1811 | <P><DL><DD>This variable is set to <CODE>no</CODE> by default. To enable ZIP archive filtering, set <STRONG><CODE>ZIPCHECKING=yes</CODE></STRONG> in your <CODE>.procmailrc</CODE> file.</DD></DL></P> |
| 1812 | |
| 1813 | <H2><FONT COLOR="#800000"><A NAME="Upgrades">Upgrading the SpamBouncer</A></FONT></H2> |
| 1814 | |
| 1815 | <P>Upgrading is easy. You just check the "What's New" notice to see if |
| 1816 | there are any new variables you should set or features you should be aware |
| 1817 | of, and then ftp the new version (or grab it with your WWW browser) and |
| 1818 | copy it over the old version. If you prefer, you can subscribe to the |
| 1819 | SpamBouncer Updates mailing list to get automatic notifications of updates |
| 1820 | via email. The mailing list is described in the next section.</P> |
| 1821 | |
| 1822 | <P>That's all there is to it.</P> |
| 1823 | |
| 1824 | <P>The SpamBouncer should be upgraded regularly -- weekly if you are |
| 1825 | using it with SPAMREPLY set to COMPLAIN and monthly otherwise. Spammers |
| 1826 | move around a lot. Prolific spammers tend to get disconnected quite a |
| 1827 | bit, even by spam-friendly providers, because they cause their providers |
| 1828 | so much trouble. This means that the complaint addresses in the Spam |
| 1829 | Bouncer's complaint lists must be updated constantly or complaints will |
| 1830 | go to the wrong place.</P> |
| 1831 | |
| 1832 | <P>Providers get annoyed when they get complaints about a problem they've |
| 1833 | already fixed, or at least done everything they can to fix. Once they've |
| 1834 | kicked a spammer off their system, there is very little else they can |
| 1835 | do, and sending complaints to them just wastes their time and resources.</P> |
| 1836 | |
| 1837 | <P>I do my part by updating the addresses, but that helps only if you do |
| 1838 | yours by keeping your copy of the SpamBouncer up to date.</P> |
| 1839 | |
| 1840 | <P>So, if you can't upgrade frequently or don't want to bother updating |
| 1841 | all the time, please set SPAMREPLY and BLOCKREPLY to SILENT. That way |
| 1842 | you'll still get the benefits of the filter, but you won't risk causing |
| 1843 | trouble for an ISP that has already kicked its spammers off.</P> |
| 1844 | |
| 1845 | <P>In addition, today's rogue ISP may be tomorrow's good guys. An example of |
| 1846 | that is erols.com, which a few years ago was the source of a huge amount of |
| 1847 | spam and which today is one of the leaders in the fight against it. |
| 1848 | (Erols also has one of the most entertaining "abuse@" people in the business -- |
| 1849 | Afterburner.) I regularly review the sites on the blocked list and retire |
| 1850 | those who have adopted and enforced solid no-spamming policies. That |
| 1851 | reduces the size of the filter and the resources it takes while keeping |
| 1852 | it as efficient as possible.</P> |
| 1853 | |
| 1854 | <P>So, please keep up to date! :)</P> |
| 1855 | |
| 1856 | <P ALIGN=CENTER><EM><A HREF="#Contents">Return to Table of Contents</A></EM></P> |
| 1857 | |
| 1858 | <H2><FONT COLOR="#800000"><A NAME="Trouble">How to Troubleshoot and Report Trouble</A></FONT></H2> |
| 1859 | |
| 1860 | <P>If you are having trouble with the SpamBouncer, first please |
| 1861 | make sure you:</P> |
| 1862 | |
| 1863 | <UL> |
| 1864 | |
| 1865 | <P><LI>Installed it according to the instructions, and particularly |
| 1866 | set your Procmail variables according to instructions.</LI></P> |
| 1867 | |
| 1868 | <P><LI>Have the Unix file permissions for your copy of the Spam |
| 1869 | Bouncer set properly. As long as the file owner has read, write |
| 1870 | and execute privileges, and has execute privileges to the |
| 1871 | directory in which it is located, all should be well.</LI></P> |
| 1872 | |
| 1873 | <P><LI>Are running Procmail 3.11pre7 or later.</LI></P> |
| 1874 | |
| 1875 | <P><LI>Included at least one email address in your LEGITLISTS, LOCALHOSTFILE, |
| 1876 | MYEMAIL, and NOBOUNCE files, for each of these files that exists on |
| 1877 | your system, and do not have any blank lines in any of these files.</LI></P> |
| 1878 | |
| 1879 | </UL> |
| 1880 | |
| 1881 | <P>The SpamBouncer is set up to avoid |
| 1882 | replying to bounced messages and autoreplies to its own bounces, |
| 1883 | but some spammers set their adminstrative accounts to autoreply |
| 1884 | to spam complaints and misconfigure their autoresponders to remove |
| 1885 | the "X-Loop" header, which should <STRONG>NEVER</STRONG> be removed by |
| 1886 | any autoreply script. In general, it is not a good idea to autoreply |
| 1887 | to mail from administrative accounts at all, so the SpamBouncer is |
| 1888 | set up to filter it out first.</P> |
| 1889 | |
| 1890 | <P>I commonly hear from new users who examine the log that Procmail |
| 1891 | keeps, and are concerned when they see lines like the following:</P> |
| 1892 | |
| 1893 | <PRE> |
| 1894 | *** host.domain.tld can't find 000.000.000.000.list.dsbl.org: Non-existent host/domain |
| 1895 | *** host.domain.tld can't find 000.000.000.000.blackholes.five-ten-sg.com: Non-existent host/domain |
| 1896 | *** host.domain.tld can't find 000.000.000.000.relays.ordb.org: Non-existent host/domain |
| 1897 | *** host.domain.tld can't find 000.000.000.000.ipwhois.rfc-ignorant.org: Non-existent host/domain |
| 1898 | *** host.domain.tld can't find 000.000.000.000.sbl.spamhaus.org: Non-existent host/domain |
| 1899 | </PRE> |
| 1900 | |
| 1901 | <P>Please note that these are <STRONG>normal</STRONG> and simply |
| 1902 | indicate that your system did not find the IP address in question on |
| 1903 | that blocklist. All is well; do not worry. :)</P> |
| 1904 | |
| 1905 | <P>Please report spam which the SpamBouncer does not catch to |
| 1906 | <STRONG><A HREF="mailto:spamtrap@spambouncer.org"> |
| 1907 | <spamtrap@spambouncer.org></A></STRONG> so that I can |
| 1908 | modify the SpamBouncer to catch it. Many spammers have gotten wise |
| 1909 | to me -- I'm on their remove lists even if they won't put you or |
| 1910 | others there. <wry grin> So I depend on my users to keep me |
| 1911 | up-to-date on what kind of spam is out there.</P> |
| 1912 | |
| 1913 | <P>Report any problems to me at <STRONG> |
| 1914 | <A HREF="mailto:ariel@spambouncer.org">ariel@spambouncer.org</A></STRONG>, and |
| 1915 | I'll get to work on fixing them ASAP.</P> |
| 1916 | |
| 1917 | <P ALIGN=CENTER><EM><A HREF="#Contents">Return to Table of Contents</A></EM></P> |
| 1918 | |
| 1919 | <H2><FONT COLOR="#800000"><A NAME="SBUpdates">The SpamBouncer Updates Mailing List</A></FONT></H2> |
| 1920 | |
| 1921 | <P><STRONG><FONT COLOR="#FF0000" SIZE=+1>Unfortunately this list is down at present. I'll announce it here when it returns from the dead.</FONT></STRONG></P> |
| 1922 | |
| 1923 | <P>Updates to the SpamBouncer are announced via the SpamBouncer Updates |
| 1924 | mailing list, in addition to this Web page. The list is a low-volume |
| 1925 | announcements-only list that gets less than one email per week. I keep |
| 1926 | it this way so that people who hate getting spammed :) can subscribe |
| 1927 | without being overwhelmed with email. (If you want to discuss spam and |
| 1928 | how to fight it, I recommend the SPAM-L mailing list, described in the |
| 1929 | following section.)</P> |
| 1930 | |
| 1931 | <P>The SpamBouncer Updates list runs on a Majordomo list server, a |
| 1932 | widely used mailing list management program. If you are unfamiliar with |
| 1933 | Majordomo, the instructions below should explain how to subscribe to and |
| 1934 | unsubscribe from the SpamBouncer Updates list. For more information on |
| 1935 | Majordomo and how to use it, refer to <STRONG> |
| 1936 | <A HREF="http://guinan.cc.rochester.edu/ATS/Documentation/Majordomo/commands.html"> |
| 1937 | Majordomo Mailing List User Commands</A></STRONG> at the University of |
| 1938 | Rochester. For more information on Majordomo itself and how it works, |
| 1939 | refer to the <STRONG><A HREF="http://www.greatcircle.com/majordomo/FAQ.html"> |
| 1940 | Majordomo FAQ</A></STRONG>.</P> |
| 1941 | |
| 1942 | <P>I must approve all subscriptions to the mailing list, so I suggest you |
| 1943 | <STRONG><A HREF="mailto:ariel@spambouncer.org">send me email</A></STRONG> |
| 1944 | letting me know who you are and why you are subscribing before you |
| 1945 | subscribe to the list. :) (Where possible, I would prefer to keep |
| 1946 | spammers off of it.)</P> |
| 1947 | |
| 1948 | <H3>Subscribing</H3> |
| 1949 | |
| 1950 | <P><OL START=1 TYPE=1><LI>Send email to |
| 1951 | <STRONG><A HREF="mailto:updates-request@lists.spambouncer.org"> |
| 1952 | updates-request@lists.spambouncer.org</A></STRONG>, with any |
| 1953 | subject line you like (the list server will ignore it), and |
| 1954 | the following text in the message body:</LI></OL></P> |
| 1955 | |
| 1956 | <BLOCKQUOTE><BLOCKQUOTE><CODE>subscribe <EM><your email address></EM><BR> |
| 1957 | end</CODE></BLOCKQUOTE></BLOCKQUOTE> |
| 1958 | |
| 1959 | <BLOCKQUOTE>This will tell the Majordomo list server that you want to subscribe |
| 1960 | to the SpamBouncer Updates mailing list.</BLOCKQUOTE> |
| 1961 | |
| 1962 | <BLOCKQUOTE>The list server will then send you two messages: a notice to the email address |
| 1963 | from which your subscription was sent and a confirmation message to the email |
| 1964 | address that you asked to have subscribed to the list. The notice explains that |
| 1965 | the subscription must be confirmed from the address that was subscribed to the |
| 1966 | list. The confirmation message asks you to copy a line of text from it, paste |
| 1967 | that line of text in a new email, and send the email back to the list server. The message |
| 1968 | will read like this:</BLOCKQUOTE> |
| 1969 | |
| 1970 | <BLOCKQUOTE><BLOCKQUOTE>Someone (possibly you) has requested that your email address be added |
| 1971 | to or deleted from the mailing list "spambouncer-updates@aziz.devnull.net".</BLOCKQUOTE></BLOCKQUOTE> |
| 1972 | |
| 1973 | <BLOCKQUOTE><BLOCKQUOTE>If you really want this action to be taken, please send the following |
| 1974 | commands (exactly as shown) back to "Majordomo@aziz.devnull.net":</BLOCKQUOTE></BLOCKQUOTE> |
| 1975 | |
| 1976 | <BLOCKQUOTE><BLOCKQUOTE><PRE>auth 3de6896e subscribe spambouncer-updates someone@example.com</PRE></BLOCKQUOTE></BLOCKQUOTE> |
| 1977 | |
| 1978 | <BLOCKQUOTE><BLOCKQUOTE>If you do not want this action to be taken, simply ignore this message |
| 1979 | and the request will be disregarded.</PRE></BLOCKQUOTE></BLOCKQUOTE> |
| 1980 | |
| 1981 | <BLOCKQUOTE>The text you need to copy is the line beginning with <CODE>auth</CODE>. |
| 1982 | The jumble of letters and numbers after <CODE>auth</CODE> is called a <EM>token</EM>, |
| 1983 | and will be different for each person. Because it is different for each person, |
| 1984 | if you send back the exact token, the mailing list knows you really asked to |
| 1985 | subscribe. That prevents others from subscribing you to the mailing list without |
| 1986 | your permission.</BLOCKQUOTE> |
| 1987 | |
| 1988 | <P><OL START=2 TYPE=1><LI>Copy the line of text beginning with <CODE>auth</CODE> and |
| 1989 | containing the token from the message the Majordomo list server sends to you into |
| 1990 | a new email, and send the new email back to <STRONG><A HREF="mailto:updates-request@lists.spambouncer.org"> |
| 1991 | updates-request@lists.spambouncer.org</A></STRONG>. </LI></OL></P> |
| 1992 | |
| 1993 | <TABLE ALIGN=CENTER BORDER=5 WIDTH=80%> |
| 1994 | <TR> |
| 1995 | <TH WIDTH=20% ALIGN=CENTER VALIGN=CENTER><FONT FACE="Arial,Helvetica,Geneva" SIZE=+5><STRONG>!</STRONG></FONT><BR> |
| 1996 | <FONT FACE="Arial,Helvetica,Geneva"><STRONG>CAUTION!</STRONG></FONT></TH> |
| 1997 | <TD ALIGN=LEFT VALIGN=TOP WIDTH=80%><FONT FACE="Arial,Helvetica,Geneva" SIZE=-1><STRONG> |
| 1998 | <P><UL><LI>Do <EM>NOT</EM> copy the line |
| 1999 | of text from the example shown above -- it is just an example and will not work |
| 2000 | for you. You must copy the line of text from the confirmation email sent to |
| 2001 | you.</LI></UL></P> |
| 2002 | </STRONG></FONT></TD> |
| 2003 | </TR> |
| 2004 | </TABLE> |
| 2005 | |
| 2006 | <P>If you followed these instructions correctly, the Majordomo list server will |
| 2007 | send you two more messages. The first is a short, machine-generated message showing |
| 2008 | that your subscribe command worked. The second is a message welcoming you to the |
| 2009 | SpamBouncer Upgrades list.</P> |
| 2010 | |
| 2011 | <H3>Unsubscribing</H3> |
| 2012 | |
| 2013 | <P>Send email to <STRONG><A HREF="mailto:updates-request@lists.spambouncer.org"> |
| 2014 | updates-request@lists.spambouncer.org</A></STRONG>, with any subject line you like (the list server will ignore it), and the following text in the message body:</P> |
| 2015 | |
| 2016 | <BLOCKQUOTE><BLOCKQUOTE><CODE>unsubscribe <EM><your email address></EM><BR> |
| 2017 | end</CODE></BLOCKQUOTE></BLOCKQUOTE> |
| 2018 | |
| 2019 | <P>This will tell the Majordomo list server that you want to unsubscribe |
| 2020 | from the SpamBouncer Updates mailing list. Majordomo will send you a message confirming |
| 2021 | that you have unsubscribed from the list. If you no longer have access to your old |
| 2022 | address, send me email and I will unsubscribe your old address manually.</P> |
| 2023 | |
| 2024 | <H3>Switching your Subscription to a Different Email Address</H3> |
| 2025 | |
| 2026 | <P>To switch your subscription to a new email address, you must unsubscribe your old |
| 2027 | address and subscribe the new one, following the instructions above.</P> |
| 2028 | |
| 2029 | <P ALIGN=CENTER><EM><A HREF="#Contents"> |
| 2030 | Return to Table of Contents</A></EM></P> |
| 2031 | |
| 2032 | <H2><FONT COLOR="#800000"><A NAME="Acknowledgments"> |
| 2033 | Acknowledgments</A></FONT></H2> |
| 2034 | |
| 2035 | <P>First, I would like to thank Stephen van den Berg, the creator |
| 2036 | of procmail, for his wonderful tool. It is truly the friend of |
| 2037 | those who hate email spam and want it out of their lives. (It is |
| 2038 | also the friend of anyone who gets a <EM>lot</EM> of email.)</P> |
| 2039 | |
| 2040 | <P>I would also like to thank the readers of the Procmail |
| 2041 | Mailing List for answering lots of often elementary |
| 2042 | questions, especially at the beginning, as I learned the |
| 2043 | program. I highly recommend the list for people who use the |
| 2044 | SpamBouncer. You can subscribe at |
| 2045 | <A HREF="Mailto:procmail-request@Informatik.RWTH-Aachen.DE"> |
| 2046 | procmail-request@Informatik.RWTH-Aachen.DE</A>.</P> |
| 2047 | |
| 2048 | <P>Finally, I'd like to thank one of the best sets of users anyone |
| 2049 | ever had -- you guys do a <STRONG>superb</STRONG> job keeping me up |
| 2050 | to date on what spammers are doing. I couldn't do it without you, |
| 2051 | seriously.</P> |
| 2052 | |
| 2053 | <P>These filters are the result of several years of work and |
| 2054 | learning about Procmail. I hope the results will be as useful to |
| 2055 | others as they have been to me.</P> |
| 2056 | |
| 2057 | <P ALIGN=CENTER><EM><A HREF="#Contents"> |
| 2058 | Return to Table of Contents</A></EM></P> |
| 2059 | |
| 2060 | <HR> |
| 2061 | |
| 2062 | <P ALIGN=CENTER><SMALL>©1996-2004 by Catherine A. Hampton |
| 2063 | <STRONG><A HREF="mailto:ariel@spambouncer.org"><ariel@spambouncer.org></A></STRONG>. |
| 2064 | All rights reserved.</SMALL></P> |
| 2065 | |
| 2066 | </BODY> |
| 2067 | |
| 2068 | </HTML> |