Jump to content

auto forwarding/reporting spam with sendmail


QuantumMechanic

Recommended Posts

While this isn't directly answering your question, it sounds as if you're using a "catch-all" address, which many site owners/admins have long since stopped doing. To quote JT, the owner/admin of the SpamCop Email Service (aka Corporate Email Systems):

Catch-alls were fine 10 years ago, but aren't any more

AMEN! I went through the process of giving up mine a long time ago and I urge others to do likewise.

Here's a link to the SpamCop Dictionary entry on the issue:

http://forum.spamcop.net/dict/CatchAll_Account.html

DT

Link to comment
Share on other sites

nope, no catchall addresses in use here. I should have been much clearer, the posting certainly can be read like that. Thank you for your time.

Distinct email addresses, like fo[at]ourdomain.com etc - these are accounts never created nor used yet spammers send email to them - I guess some one generated a list of email addresses at real domains and flogged the list to some spammer or some thing like that.

Anyway, it is not causing a problem these spam, since no-one recieves them - they are all refused delivery currently - yet I would like to autoforward all emails arriving on these bogus accounts to spamcop, since all email arriving to these email accounts are all 100% spam. These accounts are few, yet get alot of attempts to deliver mail to them, dispite them having never existed.

All the source IP addresses for the spam delivery attempts to these non-existant email accounts have been checked against the greater DNSBLs, so they could be a resource for fighting spam - and a relatively labour free one at that.

I suspect that the spam slip through rate for our domains would further reduce significantly if we reported these spam items.

I think I recall that submission via email requires that the response email from spamcop has a link that must be clicked - this would be an acceptable amount of time for me to spend on this issue.

Link to comment
Share on other sites

I think I recall that submission via email requires that the response email from spamcop has a link that must be clicked - this would be an acceptable amount of time for me to spend on this issue.

You can actually go to the reporting web pages without clicking a link in an Email and confirm the spam. But this is a one-at-a-time process. So report 100 spam Emails and you have to confirm 100 times.

You can, though, request quick reporting. Then the spam is processed automatically and you get an Email report to confirm.

You'd have to intercept the incoming mail from SpamCop otherwise your auto-reporting scri_pt would start reporting the Email replies from the SC parser.

Either way, you could, perhaps more effectively arrange for all this junk to be forwarded to a single mailbox and then handle the forwarding manually, say once per day. Or perhaps register for a SpamCop Email account and have the junk forwarded there. The Email account gives you a paid reporter status so you have more control on your interaction with the SpamCop parser.

Quick reporting is automatically available for SpamCop Email users through a web page.

Andrew

Link to comment
Share on other sites

http://www.spamcop.net/fom-serve/cache/402.html

http://www.spamcop.net/fom-serve/cache/166.html (how do I use these scripts?)

I would like to individually (or enmass) autoforward as attachments all emails sent to my 'spamtrap' addresses to my spamcop personal reporting address using sendmail. The spamcop responses would go to my registered email address.

I am not a spamcop email user, so for me alot of clicking is the name of the game it seems.

Not so bad as there is as you mention a link on the front page stating:

"Unreported spam Saved: Report Now

You have submitted spam which has not yet been reported. etc.."

does anyone know how to configure sendmail to do this forwarding? Perhaps using a scri_pt of some sort?

Link to comment
Share on other sites

I think I know what you are asking (although I don't know how to do it or if it is possible to do). There was another thread - possibly in the geeks/software forum - of someone trying to do something similar.

However, quick reporting only involves selecting the spam and sending it. It is subject to the rules of size for submissions so only about 10 (that's conservative) can be selected at a time. You do need to set up mailhosts first.

Miss Betsy

Link to comment
Share on other sites

I am not a spamcop email user, so for me alot of clicking is the name of the game it seems.

Not so bad as there is as you mention a link on the front page stating:

"Unreported spam Saved: Report Now

You have submitted spam which has not yet been reported. etc.."

does anyone know how to configure sendmail to do this forwarding? Perhaps using a scri_pt of some sort?

What I'm suggesting is that you could avoid having to write a scri_pt...

It would involve a SpamCop Email subscription (US$30 pa). You can alias your problem addresses to your SpamCop Email address. Then you could access the mailbox through a webmail interface and report your spam in three clicks.

So no scri_pt involved but with a small annual charge.

Link to comment
Share on other sites

Interesting to know approximately the size limit / number limit to the email submissions.

Mailhosts are all set up suitably. The process of manualy forwarding single or multiple items as attachments to my spamcop reporting address works very well currently.

I have searched about the entire forum.spamcop.net and the geek/software section, but there is nothing so far found by me covering the issue (using commonly used words and their combination such as spamtrap, perl, sendmail, atachment, forward in the search box)

I would prefer a scri_pt for several reasons.

Link to comment
Share on other sites

Interesting to know approximately the size limit / number limit to the email submissions.

If the scri_pt option is your preferred route then I hope you'll find something although nobody seems to be stepping up to offer a solution :-(

I don't know the limit on quick submissions from within the SpamCop webmail interface. I've never faced a problem.

If you use the VER interface which is external to webmail then the submissions are done in groups of 100 Emails.

Andrew

Link to comment
Share on other sites

Auto-forwarding to a quick submission address should work just fine since your registered email address where responses would be sent to would not be the "trap" addresses that you are reporting. I use quick reporting myself, and have never hit the submission limit, even though I will usually report 5-10 message per email submission. In your case, you would only be reporting 1 spam per submission so I don't think it would even be a concern.

Link to comment
Share on other sites

Issue was last discussed in http://forum.spamcop.net/forums/index.php?showtopic=6077 .... As usual, finding it was the hard part, once again due to the way the "action" was described ... as stated in one of my posts there, this is the standard "I want to write an automatic reporting scri_pt/program" scenario .... there are too many problems just waiting to happen in that scenario, which is why it is not something jumped onto with all kinds of support ...

And yet again, the data needed is actually already available within the FAQ (most in both the 'official' and the single-page-access-expanded version found here) .. there is even one that broaches the subject directly titled Can I automatically forward spam from my spamtraps?

Link to comment
Share on other sites

And yet again, the data needed is actually already available within the FAQ (most in both the 'official' and the single-page-access-expanded version found here) .. there is even one that broaches the subject directly titled Can I automatically forward spam from my spamtraps?

The FAQ in question provides some scripts, but it doesn't explicitly tell you how to implement them, so I did some testing on my own system.

  • Set up all of your spamtraps to alias to a single account.
  • Copy one of the scripts to the home directory for that account and make it executable. I called mine forwardmail.
  • For testing, set the to email address in forwardmail to be some other account. I tested with my own postmaster account.
  • Open some random email, view its source and paste it into a file called test.
  • Run "cat test | forwardmail".
  • Fix any errors and check the output. I had to change the path to perl as it was different on my system.
  • Once everything is OK, add the recipe below to .procmailrc for the user, modifying the to addresses to be your spamtraps.
  • Modify forwardmail to send to your subit address instead of a local test account.

 :0:
 * ^TO_.*(\
 spamtrap1[at]example\.invalid|\
 spamtrap2[at]example\.invalid|\
 spamtrap3[at]example\.invalid)
 {
  # First preserve a local copy in our spamtrap folder.
  :0c
  mail/spam-Trap
  # Now forward for quick reporting at Spamcop.
  :0
  | cat | ${HOME}/forwardmail;
 }

The 1st part of the action saves a copy of the mail to a sub-folder of my inbox called spam-Trap. You can remove those lines if you don't want to see what hits the spamtraps. Alternatively, you can remove the local copy lines and change the ":0" to be ":0c", which will deliver a copy of the mail to the inbox of the account.

Hope this helps.

Edit to add:

The BBCode system modified the code when I saved it. Replace "[at]" with the at symbol in the above code.

Link to comment
Share on other sites

Wazoo: :blink:

I had in this thread previously linked already to that support faq page "Can I automatically forward spam from my spamtraps?", and read it several times, and even went though the process of contacting Spamcop via a form found else where on the spamcop.net website in regards to providing spamtrap addresses, but with no response even though a response within 24h was mooted next to the submission form. ( I did ask the same thing as this thread is about)

The link you provide to a similar discussion not vastly useful as that person is using entirely different software. I have endeavoured to contact that user via pm and the actual thread.

~~~~~~~~~~~~~~~~~~~~~~

The Solution!.......

I have found a great link that may be of use for my basic plan of auto submission:

http://www.howtoforge.com/automate_spamcop_submissions

yet it turned out it was only partially suitable, I ended up using just the php scripts on this page.

I then found a link from some lengthy old spamcop.net discussion (a fairly arcane argument about the SC FAQ pages wording) with a slightly corrected and optimised version of the perl scri_pt.

Anyhow here is my solution, please bear in mind that I am running on FreeBSD and am only running sendmail.

I set up two new email addresses on my domain:

spam[at]mydomain.com

spamcop[at]mydomain.com

I aliased all the non-existant email addresses that were recieving attempts at delivery to them from spammers to spam[at]mydomain.com

I made a .forward file for the spam[at]mydomain.com address, it contained:

| /path/to/reporter.pl

I made a .forward file for the spamcop[at]mycomain.com address, it contained:

| /path/to/verifyspam.sh

\spamcop

I set the permissions correctly on these two files.

I put this file here: /path/to/reporter.pl

#!/path/to/perl 
open(SENDMAIL, "|/path/to/sendmail -oi -t") || die "Cannot open sendmail output";

print SENDMAIL  <<"ENDENDEND";
From: whatever\[at]mydomain.com
To: mysubmissionaccount\[at]spam.spamcop.net
Subject: report spam
MIME-Version: 1.0
Content-Type: message/rfc822

ENDENDEND

while (<STDIN>) {
		print SENDMAIL;
}

close (SENDMAIL);

I put this file here: /path/to/verifyspam.sh

URL="http://www.mydomain.com/url/to/index.php"
VARIABLE="http://www.spamcop.net/sc?id="
while read line
do
		if `echo ${line} | grep "${VARIABLE}" 1>/dev/null 2>&1`
	then
				/path/to/lynx -dump $URL?data=$line 
		fi
done

I set the permissions correctly on these two files.

I then went to spamcop.net, and changed my preferences for my email address to spamcop[at]mydomain.com (this does not change your login if you used an email address)

I then got the 2 php scripts from this page:

http://www.howtoforge.com/automate_spamcop_submissions

http://www.howtoforge.com/forums/showthread.php?t=4442

index.php and Snoopy.class.php

and installed them here:

http://www.mydomain.com/url/to/

I then installed lynx.

notes: the spam[at]mydomain.com does not ever keep emails since it does not have a \spam in the .forward file unlike the spamcop[at]mycomain.com .forward file - so responses from isps are kept along with the spamcop.net responses.

The permissions are important on the files - sendmail does not like the permissions to be too open on the .forward files, and sendmail must be able to access the two .sh and the .pl scripts.

Sendmail does not have the inate ability to alias/forward dependant on the incoming email from address.

I hope that is clear enough to perhaps help someone who is searching for a solution similar to what I required.

On another note I submitted 25 spams as attachements to one email and spamcop handled that many without a any problems at all.

Link to comment
Share on other sites

Thank you for documenting this so thoughoughly.

2 comments to help avoid reporting your own ISP's:

1- Assuming you are using quick reporting, please be sure to configure mailhosts for your systems and confirm reporting works correctly for you before setting this up. Perhaps forwarding to submit.x address for a bit to be sure before changing to quick.x.

2- I would suggest not turning off "Quick Data Reports" and making sure to monitor those reports to be sure you are not reporting your own hosts. There is a chance for that anytime the host makes a change to their systems.

Link to comment
Share on other sites

My pleasure.

I do not have quick reporting since this is a feature for paidup users of spamcop, so I get a response email back from spamcop within a few minutes of each email with attachment(s) that is sent to my spam cop reporting address.

The spamcop confirmation emails are parsed by the php scri_pt and automagically completed.

GraemeL suggestion of using a test file before hand is vital.

cat test | /path/to/scri_pt

Mailhosts on spamcop.net configuration and testing before going live would I concurr be important, as this setup if got wrong could bork up some system somewhere.

The order of the instructions is not the optimum order of implementation.

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...