Jump to content

Complainterator for Linux


efa

Recommended Posts

I post also here, a version of Complainterator crossplatform, thinked to work on Linux, but work on every platform with a complete GNU/Posix environment.

As example I also test it with Cygwin on WinXP, but should work on Solaris or MacOS X.

It is written as a Bash scri_pt, so you have no GUI.

The scri_pt is written under the GNU/GPL license so, as everytime other developer are wellcomed.

My thanks to tembow for the idea and many explanations on domain name system

In my experience, it cutted my spam from 20 a day, to 5 a day. It carry my time around spam to near 0.

Invocation:

If run with a parameter, will be interpretated as a URL, and complaint for this.

It recover Registrar, Name Servers, Registrar Name Server, and send all the complaints emails for the spammed domain.

If run without parameter, it download all the spam from an IMAP4 account, from a particular spam folder.

spam should be moved there before by a Bayesian filter like the one included in Mozilla, that after a week of training, indentify 100% of spam with 0% false positive, carrying away from your eyes all the spam.

Then it analyze the spam (decoding as appropriate) to find the URL, and complaint for all the founded URL.

It can follow some simple redirect URL and complaint also for those.

Then it parse again the mail to find scam email, and complaint also for those.

Last, it forward the spam to a configured email like spamcop or knujon.

My suggestion is to use in tandem with Spamcop as are complementary solutions.

This version send complaint emails with domain in obfuscated [dot] format for some Registrars.

Initially are Beijing and Hichina, you can add more in 'RegistrarObfuscated.txt' file.

Take care of configure your user IMAP and SMTP mail account inside the scri_pt.

In particular correctly fill the string 'userMail' with <email>

Example:

userMail="Name <yourEmail[at]domain.tld>"

as some SMTP server require the <>

From this version you can (optional) use an external mail server configuration file.

It must be called 'xComplaintConfig.txt' and should be in this format:

# mail server user configurations:
export userImap="imap.gmail.com"	   # imap4 server
export userUser=""	   # user on imap4 server
export userPass=""	   # pass on imap4 server
export imapSSL="--ssl"   # insert --ssl when IMAP server require (Gmail)
export spamFold="[Gmail]/spam"   # spam folder on IMAP server
export userSmtp=""	   # user smtp server
export userMail=""	   # user email "Name &lt;email[at]domain.tld&gt;"
export forwardEmail=""   # a mail to forward all spams

The Registrar list is exacly the same as:

http://www.spamtrackers.eu/downloads/Compl...lainterator.txt

but with unix style new line, sorted alphabetically, and with no line ending space.

Unfortunately the search algoritm is really slow. Need a new version in C language with a GUI in GTK+.

The scri_pt depend on the following external tools executables:

cat	  # text handling
grep	 # text handling
awk	  # text handling
sed	  # text handling
tr	   # text handling
cut	  # text handling
sort	 # text handling
dos2unix # text handling
wc	   # text handling
read	 # input handling (bash builtin)
base64   # decode base64 encoding
iconv	# international encoding conversion

dig	  # NameServer query
host	 # IP query
whois	# whois query

wget	  # URL html redirect check
telnet	# send emails
fetchmail # receive emails 

On Windows you have to install Cygwin with standard package, plus whois, wget, inettools (for telnet), fetchmail, dos2unix, base64, and iconv.

More you have to install the package 'dig' from:

http://members.shaw.ca/nicholas.fong/dig/

as isn't included in Cygwin.

The package can be downloaded from:

http://www.castlecops.com/p1110770-Complai...ux.html#1110770

Link to comment
Share on other sites

  • 4 weeks later...

I post also here, a version of Complainterator crossplatform, thinked to work on Linux, but work on every platform with a complete GNU/Posix environment.

I was experimenting with V.0.10.20 2008/09/09 and found out that you are using telnet in the scri_pt as in

if (test 0 == "$debug") then

cat sendoutDoma.txt | telnet $userSmtp 25

cat mailoutDoma.txt >> complaints.txt

echo "====================================================" >> complaints.txt

echo Mail sended. Exit.

else

echo Mail not sended. Exit.

fi

Is there no other alternative available (like ssh)? Telnet is supposed to be insecure and not all the Linux systems I know have telnet installed.

hth

raju

Link to comment
Share on other sites

  • 3 weeks later...

Is there no other alternative available (like ssh)? Telnet is supposed to be insecure and not all the Linux systems I know have telnet installed.

the problem is the SMTP server.

Most I know, at ISO/OSI level 5, use simple un-encripted, un-autenticated, telnet connection on TCP port 25.

Exist ESMTP, SMTP/TLS and SMTP-AUTH (ESMTPA) protocol, but which provider use it?

Most provider check only the domain part of the sender email, and the direct connection to block relaing, but no real autentication or encription are used.

Try your SMTP server, it accept ssh connection? If yes, surely you can substitute telnet with ssh in the scri_pt.

Let me know if it work. If yes, please tell me which kind of SMTP server is.

Another solution may be to use 'exim' (or 'ssmtp' or 'msmtp') available everywhere. At simple level they do a telnet on port 25, but can also support all types of encription.

Link to comment
Share on other sites

  • 7 months later...

hi all,

it's ready a new bugfix version of xComplaint bash scri_pt.

This include a speedup written in C, stolen from the compiled counterpart that is slowly growing. Now the Registrar contact search is 60 times faster.

The report now include the Domain creation data, usefull to add evidence of just registered domain

You can now pass an argument with a file as raw spam mail, usefull for mail web access.

The complaint now are more similar to Complainterator V22.8

You now can send complaints with a different account from the one you are receiving spam. The xComplaintConfig.txt file has changed the name of some variables to handle this little complex configuration.

The scri_pt do an external command dependancy compliance check before start

Next version will support SSL/TLS SMTP authenticated encripted send (using 'msmtp'), usefull for Gmail account.

Here the changelog:

# V.0.10.22 2009/05/24
# Add: use a C compiled Registrar searchEmail engine to speedup bash bottleneck
#	  really faster now!
# Add: Parse Whois report for Creation and Update Date for Domains
# Add: put domain creation date in email body
# Add: now you can pass a parameter with a text spam file
# Add: often scam email are just registered email, with lot of char before [at]
# Add: create complaint mails more like Complainterator V22.8 do
# Add: create SMTP query after email confirmation (usefull to add EVIDENCE)
# Add: added evidence in Domain complaints
# Add: check for external dependancy compliance before start
# Fix: better check of external contact/data files
# Fix: reworked mail server account, to let different server for receive&amp;send
#	  changed xComplaintConfig.txt file variables requirements
# Fix: handle base64 encoded spam with 4 lines separator, with or without ""
# Fix: skip domain without a dot in the last 5 letter
# Fix: set imap server timeout to 20 seconds
# Fix: remove subdirectories from argument URL before complaint
# Fix: remove ending dot and comma from spamvertized links
# Fix: find Registrar when is marked 'Registrar Name:' (some .ws domain)
# Fix: if traversal on A record fail, try use DNS cache
# Fix: always get Name Server IP address
# Fix: always get Domain IP address
# Fix: skip other domain less often used for scam emails:
#	  september11victims.com, right-thoughts.us, jonathanforeman.com,
#	  sptimes.com, msn.co.uk, ya.com, ft.com, fundaciongsr.es, fedex.com,
#	  guardian.co.uk, ftc.gov, paypal.com
# Fix: updated contact files

The new format of 'xComplaintConfig.txt' configuration file is:

# insert here the user configurations:
# ------------------------------------
# receive section account 1
export userImap="imap.gmail.com"	   # imap4 server
export mailImap="user[at]gmail.com"	   # user email for imap4 server
export userPass=""	   # pass on imap4 server
export imapSSL="--ssl"   # insert --ssl when required by IMAP server (Gmail)
export spamFold="[Gmail]/spam"   # spam folder on IMAP server

# send section account 1
export userSmtp="smtp.gmail.com"	   # user smtp server
export mailSmtp="user[at]gmail.com"		# user email for smtp server
export userName="Name Surname"   # user name and surname

# receive section account 2
export userImap="imap.domain.tld"	   # imap4 server
export mailImap="user[at]domain.tld"	   # user email for imap4 server
export userPass=""	   # pass on imap4 server
export imapSSL=""		# insert --ssl when required by IMAP server (Gmail)
export spamFold="spam"   # spam folder on IMAP server

# send section account 2
export userSmtp="smtp.domain.tld"	   # user smtp server
export mailSmtp="user[at]domain.tld"		# user email for smtp server
export userName="Name Surname"   # user name and surname

# list of emails to forward all spam to
export forwardEmail="user[at]wantspam.tld"   # a mail to forward all spams

The scri_pt can be downloaded from:

http://sharebee.com/677aa0b1

Link to comment
Share on other sites

  • 1 month later...

hi,

it's time for a major update, as I added lot of new functionalities.

The most interesting one is support for Google/Gmail account SSL/TLS encripted+authenticated complaint emails SMTP send, via 'msmtp'.

(I again little changed the format of xComplaintConfig.txt file to support encription+authentication).

Another interesting new funzionality, add redirected links to email body before forward, this to cheat spammer, and to keep track of spamvertized redirections.

Let manually add a domain for uncatched redirections.

xComplaint now ask one more confirmation, when domain/NS creation date is older than 7 months (configurable)

The links and email estraction is reworked. Is now easy add fake scam email and trusted web site to external config files.

Do not complaint for domain with IP 22.22.22.22 or 44.44.44.44

When found more than one "Registrar:" show a WARN, and get the last (and not the first), this work correct on most domains

General speedup, lot of bug fixes, lot of updated in contact files

Here the complete change log:

# V.0.11.23 2009/07/10
# Add: support Gmail SMTP SSL/TLS authenticated+encripted send using 'msmtp'
#	  changed/added xComplaintConfig.txt file variables names
# Add: parse Whois for Creation date of NS, put it in complaints
# Add: parse Whois for domain/NS Status, show it in the query log
# Add: ask one more confirmation, when creation date is older than 7 months
# Add: add domain creation date in complaint only when younger than 7 months
# Add: add redirected html URL to email body tail before forward
# Add: skip complaint 4 sign.out_me, out_of_the_list, get.me_out_now,
#	  get.out_of_the_list, get.out_from_list[at]yahoo.com
# Add: build file xComplaintMyEmails.txt, to skip reporting personal emails
# Add: rework the scam domain engine, using an external text file
# Add: reworked the email parsing engine, now work on real body of spam
# Add: if DNS traversal fail, but domain is OK, complaint for domain only
# Add: skip complainting for domain/NS suspended with 22.22.22.22
# Add: skip complainting for domain/NS suspended with 44.44.44.44
# Add: now put in complaints the Domain IP address
# Add: evidenced redirections link catch or not
# Add: let manually add a domain for uncatched redirections
# Fix: reworked domain extraction, some was wrong: [xxx.]domain.com.cn
# Fix: find domain for some ccTLD name servers: discountwatch.com.cn
# Fix: when main RegistrarNameServer, sometimes complaint 4 previous spam NS
# Fix: get last Registrar: when there is more than one in whois report
#	  evidence a WARN to optionally manually check the whois report
# Fix: find Registrar when is marked 'REGISTRAR:' (some .pl domain)
# Fix: find CreationDate when is marked 'registered:' (some .hu domain)
# Fix: cygwin/andLinux only: doesn't found some China/UTF-8 Registrar:
#	  abcompany.com.cn,ootraffic.com.cn
# Fix: remove innocent Bcc: Field from list of complaint emails
# Fix: skip try to complaining for URL with IP address only
# Fix: better parse of creation/updated date for domain/NameServer
# Fix: consider domains and redirected links as case insensitive
# Fix: reduce dig timeout to the minimum on IP query
# Fix: reworked some debug and print style part
# Fix: added tail and touch to the dependancies
# Fix: lot of updates in contact files

Here the new format of 'xComplaintConfig.txt':

## xComplaintConfig file. For V.0.11.23 2009/07/10 or next
# receive section
imapHost="imap.gmail.com"	   # user IMAP4 server
imapPort="993"	   # default to 143 or 993 with SSL
imapSSL="--ssl"   # insert --ssl when required by IMAP4 server (Gmail)
imapAuth=""	   # use when authentication is required
imapMail=""	   # user email for IMAP4 server
imapPass=""	   # pass on IMAP4 server
imapSpam="[Gmail]/spam"   # spam folder on IMAP4 server
# send section
smtpHost="smtp.gmail.com"	   # user SMTP server
smtpPort="587"	   # default to 25 or 465 with SSL
smtpSSL="--tls=on --tls-starttls=on"		# insert --tls=on --tls-starttls=on when required
smtpAuth="--auth=on"	   # insert --auth=on when required by SMTP server (Gmail)
smtpTrust="/etc/ssl/certs/Thawte_Premium_Server_CA.pem"	  # trust path/file issued by CA
smtpMail=""	   # user email for SMTP server
smtpPass=""	   # pass on SMTP server
userName=""	   # user name and surname
replyMail=""	  # email for "Reply-To:" field
forwardEmail=""   # a mail to forward all spams

The new version can be downloaded from:

http://sharebee.com/6b6e04a1

Link to comment
Share on other sites

Another interesting new funzionality, add redirected links to email body before forward, this to cheat spammer, and to keep track of spamvertized redirections.

This sounds an awful lot like a violation of the Reporting Rules .... specifically, "adding data to the spam content that the parser would not discover on its own" Please see Material changes to spam

Link to comment
Share on other sites

  • 3 weeks later...
"adding data to the spam content that the parser would not discover on its own"

if you do not want this functionality, simply delete lines from 2193 to 2225 in xComplaint V.0.11.23 2009/07/10,

there are comments explaining this in the code.

The scri_pt is in GNU/GPL opensource license, so you are invited (and encouraged) to modify

the sources for your needs, with two unique requisite: that you pubblish the modified version again in GPL license, and attribute the original author.

Link to comment
Share on other sites

  • 1 month later...

hi,

I integrated the hard follow redirection and so a new major update: xComplaint V.0.12.24a 2009/09/23

It download html, parse the code to find redirection to real spammer web site.

Support for no check of SMTP server certificate with "--tls-certcheck=off"

Configurable retry times on SMTP send failure

xComplaint now use OpenDNS when other dig queries fail

finished to write and integrate the manual pages. See it with --help

Officially support for andlinux.org as preferred solution against cygwin on Win32

Obfuscation is now with -dot- as work with [at]reg.ru

Sources of emailSearch binary are provided in the package

Now domain age calculation work as expected, lot of date format supported!

Synch of contact files with xComplaint 22.15

Here the complete changelog:

# V.0.12.24a 2009/09/23
# Add: integrated more aggressively follow redirection
# Add: let skip (hard) follow redirection (silent to firewall)
# Add: skip URL ending with .gif, .jpg or .png
# Add: spam domain max age carried to 9 months
# Add: base64 decode application/octet-stream as used for phish .html attach
# Add: support for no check of SMTP server certificates "--tls-certcheck=off"
# Add: use OpenDNS when other dig queries fail
# Add: call xClean before everything when debug is off
# Add: finished to write and integrate man pages
# Add: show version with -V, syntax with -h and man with --help
# Add: tested and work on AndLinux.org a Win32 port of Ubuntu+CoLinux
# Add: obfuscation is now with "-dot-" and not "[dot]" as work with [at]reg.ru
# Add: let easily skip add redirected/manualURL to spam body
# Add: remove ending /?... part from the links
# Add: package sources of "emailSearch.tgz" together xComplaint
# Add: support for many more date format for domain/NS
# Fix: often error in domain age extraction with many different format
# Fix: sometimes unrecoverable error on age calculation
# Fix: find Registrar when is marked 'organization:' (some .ua domain)
# Fix: find CreationDate when is marked 'Created Date:' (some .th domain)
# Fix: find CreationDate when is marked 'Created:' (some .it domain)
# Fix: find UpdatedDate when is marked 'Last Update:' (some .it domain)
# Fix: find DomainStatus when is marked 'state:' (some .ru domain)
# Fix: remove redirect/HardFollowed fakeUrl, like with direct link
# Fix: when all scam links, show: cat: links91.txt: Nessun file o directory
# Fix: with ctrl-c on HardFollow redirect to past url
# Fix: some rare case of error 'sed -e need a regular expression'
# Fix: sometimes msmtp error: TLS certificate verification failed. Retry
# Fix: remove ending; from URL
# Fix: removed WARN: Trace on Domain/NS IP failed. Using Provider DNS cache ...
# Fix: sometimes obfuscation is not complete: ns5.0m5.ru
# Fix: updates in contact and fakeurl files

You can download this version here:

http://sharebee.com/16c64d2e

Link to comment
Share on other sites

Thanks efa! You probably don't get the recognition you deserve but I'm sure many Linux users are grateful.

I see that previous version was downloaded 55 times, and this is enough.

Hoping someone else want to collaborate enhancing the scri_pt, maybe with "unique domain sorting" and not unique url sorting as is now. This avoid to ask for reporting for every url when the spamvertized domain is the same. Now I'm developing an anti-phish application

Link to comment
Share on other sites

  • 3 months later...

hi,

50 download for V.0.12.24a, so as a gift for new year,

a new minor version V.0.12.25 2009/12/30 with lot of news:

Some refinement in hard follow redirection, now find all the redirections

Some fake url are used 4 redirection (msn groups,..). List in xComplaintRedir.txt

For ccTLD when do not found the Registrar, write to CERT.cc adding a note

Skip complaint for Domains already suspended with HOLD, but continue for NS

Do not complaint for domains suspended with IP 4.4.4.4

Now the links are unique sorted for domain and not for url

More than one Links can be added, also when no links are found in body

Lot of new Registrar, Status and CreationDate format supported

Some factorization functions in source code

Lot of bug fixes, lot of updates in contact files

Here the complete changelog:

# V.0.12.25 2009/12/30
# Add: when do not found a Registrar for ccTLD, use cert/csirt or nic.cc
# Add: added a note in the complaint about why writing to CERT
# Add: let manually add a link when no links are found
# Add: let manually add more than one URLs, space separated
# Add: skip complaint for Domains with Status: Hold. (does not apply to NS)
# Add: for domain Status not on HOLD, list other status
# Add: complaint only once 4 domain repeated in different urls
# Add: follow HardRedirection with: "&lt;a href="http://", "&lt;a href='http://",
#	  "src="http://", "src=http://", "&lt;META HTTP-EQUIV="refresh" CONTENT="0;URL=http://",
#	  "window.location = "http://", "window.location="http://", "location = 'http://"
# Add: show all the HardRedirections and not the last
# Add: hardRedirection with fakeUrl listed in xComplaintRedir.txt too
# Add: limit redirections to a max value set by 'redirMax'
# Add: skip IPonly and Scam links in single redirections
# Add: skip complainting for domain/NS suspended with 4.4.4.4
# Add: added .biz to the list of TopLevelDomains
# Add: skip URL ending with .GIF, .JPG or .PNG
# Add: spam domain max age carried to 13 months
# Add: factorized NS and Registrar emails extraction
# Fix: get the right contact for email domain (hotmail.ru and mail.ru)
# Fix: can decode multi-part messages enconded as base64
# Fix: extract phish links from attached html file encoded as base64
# Fix: decode (phish) email with base64 block (html attach) after an 8bit block
# Fix: extraction of domain from emails now use the real domain
# Fix: sometimes do not extract email from body because think was a binary file
# Fix: find Registrar when is marked 'REGISTRAR:' on next line (some .pl domain)
# Fix: find Registrar when is marked 'Last Updated by Registrar:' (some .us domain)
# Fix: find Registrar when is marked 'Authorized Agency :' (some .kr domain)
# Fix: find Registrar when is marked 'org:			org_name_hun:' (some .hu domain)
# Fix: support for updated/creation date format 24/01/2008
# Fix: support for updated/creation date format 1998. 02. 23. (some .kr domain)
# Fix: support for updated/creation date format 2007-May-11. (some .tr domain)
# Fix: support for updated/creation date preceded by email (some .lv domain)
# Fix: support for updated/creation date ending with .0 (some .kz domain)
# Fix: find CreationDate when is marked 'Approval date:' (some .ca domain)
# Fix: find CreationDate when is marked 'Registered on:' (some .uk domain)
# Fix: find CreationDate when is marked 'Registered:' (some .dk domain)
# Fix: find CreationDate when is marked 'activated on:' (some .bg domain)
# Fix: find CreationDate when is marked 'Domain created:' (some .kz domain)
# Fix: find CreationDate when is marked 'Registered Date :' (some .kr domain)
# Fix: find CreationDate when is marked 'Created on..............:' (some .tr domain)
# Fix: find CreationDate when is marked 'Domain Registration Date:' (some .us domain)
# Fix: find UpdatedDate when is marked 'Domain Last Updated Date:' (some .us domain)
# Fix: find UpdatedDate for NS when is marked 'Changed' (some .de domain)
# Fix: find UpdatedDate when is marked 'last modified' (some .pl domain)
# Fix: find UpdatedDate when is marked 'Last updated on' (some .ru domain)
# Fix: find UpdatedDate when is marked 'Last Modified:' (some .au domain)
# Fix: find UpdatedDate when is marked 'Last modified :' (some .kz domain)
# Fix: find UpdatedDate when is marked 'Last updated Date :' (some .kr domain)
# Fix: find Status when is marked: 'Domain status :' (some .kz domain)
# Fix: convert NS to lowercase before unique sorting needed for some .us domain
# Fix: complaint email body for NS, check to add creation date but with the domain one
# Fix: in some cases NS date extraction recover domain creation date
# Fix: in some cases NS registrar/status recover suspended NS info
# Fix: in some cases NS traversal extract root.local SOA record
# Fix: extract the Subject when miss the space after ':'
# Fix: sometimes report twice an hard followed links
# Fix: xClean delete some other temp files
# Fix: changed absolute to relative path in xClean
# Fix: lot of updates in contact and fakeurl files

You can download this version here:

http://sharebee.com/4f07a427

Link to comment
Share on other sites

  • 2 months later...
what exactly does this program do?

Also does it have a home page?

There's a thread on it here - http://forum.spamcop.net/forums/index.php?showtopic=7930

The final post of the above points to the forum (below) where users congregate, by various clues that points to the Windows version download page which is currently http://www.spamtrackers.eu/downloads/files.php?fid=21 and that includes

Complainterator version 22.18 (Feb 27 2010)

Complaint template generator for illegal spammed domains, released November 27 Version 22.18 of the Complaint Generator that has been successful in suspending hundreds of thousands of criminal web sites

Details can be found at http://spamtrackers.eu/wiki/index.php/Complainterator

Support is available from the forum at http://inboxrevenge.com/

Complainterator generates a complaint template ready to email to the registrar responsible for a spammed domain name. Better still, it prepares a template message ready to send to the registar or registrars of the spammed domain's name servers.

Complainterator helps to encourage registrars to cancel their contract to provide services to Internet cyber-criminals.

Its users have accounted for the termination of hundreds of thousands of illegal domain names and their name servers.

All of which is a little off-topic here (but yes, detail of purpose and location of general support is a useful supplement) - anyway, for future visitors, please refer to the other topic for any updates on those details.
Link to comment
Share on other sites

  • 1 month later...
what exactly does this program do?

The manual for the program is included with the scri_pt, it explain all the details.

I attach you the man pages for the program:

xComplaint(8)													 xComplaint(8)

NAME
xComplaint - Automatic spam/scam complaint generator

SYNOPSIS
xComplaint
xComplaint spamFileName
xComplaint [http://]URL[/]
xComplaint -V
xComplaint -h
xComplaint --help

DESCRIPTION
xComplaint works on the concept that you have to bill spammer for spamming you.
xComplaint can suspend hundreds of spammer domains, and this costs about 5 euro for domain, making less attractive to spammers keeping your e-mail in them spam list.
In my experiece one month of use on a bait email results in lowering spam rates from 30 to 5 a day. On some mailboxes the spam e-mails were completely zeroed.
xComplaint was born as a version of Complainterator but it is crossplatform, i.e. it was written to run on Linux, but it works on every platform with a complete GNU/Posix environment.
For example I also tested it with andLinux.org and Cygwin on WinXP, but should work also on MacOS X and Solaris.

It is written as a Bash scri_pt, so you have no GUI. The scri_pt can work in background, so that you can use your computer while xComplaint works.
It's mostly automatic, recovers all the required information, composes the complaint e-mails, asks for some confirmation only, and sends them.
All this aims to spend nearly no time for spam.
Before running xComplaint, the spams should be moved to a 'spam' folder by means of a Bayesian filter like the one used by many provider or included in Mozilla Seamonkey/Thunderbird, that, after an one-week training, is able to indentify 100% of spam with 0% false positives.

THREE INVOCATION WAYS
xComplaint can be called in three different ways:

xComplaint [http://]URL[/]
If the first argument is an URL, it does a Whois query on domain, recovers creation date, domain Status and Registrar. Then by means of a DNS traversal, it recovers all the Name Servers for the domain, and, for each, creation date, NS Status and Registrar. Then it composes the complaint e-mails, and asks for a confirmation before sending. More or less the things that Complainterator does on Windows.

xComplaint spamFileName
If first argument is a local text file, it parses the file looking for URLs, discards scam links, then processes them in the way described above.
It can follow redirection URL and complains also for them.
Then it re-scans the file for scam e-mails, composes complaint e-mails, and waits for confirmation. spamFile is useful if you have e-mail web access only.
Finally, it can forward the spam to a configured e-mail like Spamcop or Knujon.

xComplaint
If run without arguments, it downloads spam mails from the IMAP server in a configurable 'spam' folder, then for each spam it does the processing described before.

OPTIONS
-V displays version number, copyright and author information then exit
-h displays a brief command syntax
--help displays this complete manual

PROCESS FLOW DETAILS
First of all, the scri_pt starts, checks if the mail server configuration is done, then checks for the presence of some needed external data files, and finally it does an external commands dependancy compliance check.
Then, depending on the specified parameters, it can process single spammed url rather than single spamFile or it downloads spams from the imap server.
After downloading spam files, it splits the spam in many single e-mails.
Then for each spam, it decodes them as quoted-printable or base64 if needed.
Then it parses each spam looking for URL, and follows URL redirections.
For each URL, it recovers the Domain, Registrar and Domain Status. After that it makes a DNS-traversal recovering the Registrar and Domain Status for all Name Servers. Then it composes the complaints for the Domains and all Name Servers.
Then it can forward the spam to a configurable email, like Spamcop or Knujon.
Finally it parses again the spam looking for scam mail, and complaints also for those to the Provider.

xComplaint does not complaint for domain with IP 22.22.22.22, 44.44.44.44 or 61.61.61.61 as they are used by some China Registrars to temporary suspend domain, because they claim their management systems do not allow using a private lan IP address or an invalid one like 0.0.0.0

The report includes the Domain Creation Data, useful to add evidence of just registered domain uniquely for spamming.
xComplaint asks for one additional confirmation, when domain/NS creation date is older than 9 months (configurable).
The generated complaints e-mails are very similar to Complainterator V22.8

xComplaint can add redirected links to the e-mail body before forwarding it, in order to trace spamvertized redirections and sure, to cheat spammer.
Moreover it permits to add manually a domain for uncatched redirections.

You can send complaints from an account different from the one you are receiving spam. The file xComplaintConfig.txt can handle this configuration.

Since version V.0.11.23 xComplaint uses 'msmtp' to support complaint e-mail SMTP sending from Google/Gmail accounts which are SSL/TLS encripted+authenticated.
xComplaintConfig.txt file supports encription+authentication commands.

It is easy to add fake scam e-mails and trusted web sites by using external config files:
xComplaintFakeEmails.txt for trusted e-mails
xComplaintFakeUrls.txt for trusted domains

xComplaint can use updated Registrar contact file from:
http://www.spamtrackers.eu/downloads/Complainterator/contacts.complainterator.txt
take care of renaming it to 'xComplaintUrlContact.txt'

NOTES
'fetchmail' and 'msmtp' can be configured to download and send e-mails automatically, without asking for password each time. Refer to their documentations.

Since version V.0.10.22 xComplaint includes a speedup written in C, coming from the compiled counterpart DamageSpammer http://damagespammer.sourceforge.net that is slowly growing. In this way the Registrar contact search is 60 times faster.

When it founds more than one "Registrar:" in Whois report, xComplaint gets the last one and not the first one; this works correctly on most domains.

CONFIGURATION
Take care of configuring your user IMAP and SMTP e-mail account inside the scri_pt.
In particular you need to fill the following strings:
'imapHost' with your IMAP server address
'imapMail' with your receiving spam mailbox
'imapSpam' with your IMAP server spam mailbox
'smtpHost' with your SMTP server address
'smtpMail' with your email used to send complaint

Since version V.0.10.18 you can use an external e-mail server configuration file named 'xComplaintConfig.txt'. If present, the configuration data in that file have priority on internal configuration. The file must be in the form:

# receive section
imapHost="imap.gmail.com" # user IMAP4 server
imapPort="993"			# default to 143 or 993 with SSL
imapSSL="--ssl"		   # insert --ssl when required by IMAP4 server (Gmail) otherwise leave it blank (i.e. "")
imapAuth=""			   # use when authentication is required
imapMail=""			   # user e-mail for IMAP4 server
imapPass=""			   # password on IMAP4 server
imapSpam="[Gmail]/spam"   # spam folder on IMAP4 server
# send section
smtpHost="smtp.gmail.com"				# user SMTP server
smtpPort="587"						   # default to 25 or 465 with SSL
smtpSSL="--tls=on --tls-starttls=on"	 # insert --tls=on --tls-starttls=on when required
smtpTrust="Thawte_Premium_Server_CA.pem" # trust path/file issued by CA
smtpTrust="--tls-certcheck=off"		  # use when you haven't a server certificate
smtpAuth="--auth=on"					 # insert --auth=on when required by SMTP server (Gmail)
smtpMail=""							  # user e-mail for SMTP server
smtpPass=""							  # password on SMTP server
userName=""							  # user name and surname
replyMail=""							 # e-mail for "Reply-To:" field
forwardEmail=""						  # forward all spams to this e-mail

Moreover xComplaint needs the following external data/contact files:
xComplaintConfig.txt			  user configuration account data
xComplaintFakeEmails.txt		  list trusted e-mails
xComplaintFakeUrls.txt			list trusted domains
xComplaintRegistrarDns.txt		list Registrar main Name Servers
xComplaintRegistrarObfuscated.txt list Registrar that need obfuscation
xComplaintRegistrarWantSpam.txt   list Registrar that want complete spam
xComplaintEmailContact.txt		list Provider contact e-mails
xComplaintUrlContact.txt		  list Registrar contact e-mails
xComplaintMan.txt				 man pages for xComplaint
all are provided in the package, and easily customizable.

DEPENDENCIES
The scri_pt depends on the following external binary tools:
awk, base64, cat, cut, dig, dos2unix, fetchmail, grep, host, iconv, less, msmtp, sed, sort, tail, telnet, touch, tr, uname, wc, wget, whois.

INSTALLATION
On Unix/Linux simply untar the package: $ tar xvfa xComplaint0MMmm.tgz
On Windows you can choose to install:
1 - Cygwin with base packages, plus whois, wget, inettools (for telnet), fetchmail, dos2unix, base64, and iconv.
Moreover you have to install the package 'dig' from:
http://members.shaw.ca/nicholas.fong/dig/
as it isn't included in Cygwin.
2 - andLinux.org (preferred) a complete Ubuntu+CoLinuxKernel distribution for Win32. Check with Synaptic if you have all the dependencies, then untar the package.

EXIT STATUS
Return 0 on "complaint send success", or -1 on error.

COPYRIGHT
Copyright © 2008, 2009 Author: 
My thanks to RedDwarf for the idea and many explanations on domain name system.

This is free software; see the source for copying conditions. There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

The scri_pt is written under the GNU/GPL license so, as always, other developers and testers are welcome.

BUGS
See xComplaint source for ToDo/Fix features

SEE ALSO
fetchmail and msmtp manpages

xComplaint 0.11.23				 2009-09-xx					 xComplaint(8)
---------

Also does it have a home page?

not at the moment for the Linux/Unix/MacOSX Bash scri_pt version of Complainterator (called 'xComplaint').

I'm writing an opensource C (sources and compiled) version, that will be crossplatform and GUI based.

That version as now is in alpha state, and so doesn't work. It can be downloaded from Sourceforge:

http://sourceforge.net/projects/damagespammer/

http://damagespammer.sourceforge.net/

If you prefer I can upload also the 'xComplaint' Bash scri_pt there.

Which Operative System are you using?

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...