efa Posted September 3, 2008 Share Posted September 3, 2008 I post also here, a version of Complainterator crossplatform, thinked to work on Linux, but work on every platform with a complete GNU/Posix environment. As example I also test it with Cygwin on WinXP, but should work on Solaris or MacOS X. It is written as a Bash scri_pt, so you have no GUI. The scri_pt is written under the GNU/GPL license so, as everytime other developer are wellcomed. My thanks to tembow for the idea and many explanations on domain name system In my experience, it cutted my spam from 20 a day, to 5 a day. It carry my time around spam to near 0. Invocation: If run with a parameter, will be interpretated as a URL, and complaint for this. It recover Registrar, Name Servers, Registrar Name Server, and send all the complaints emails for the spammed domain. If run without parameter, it download all the spam from an IMAP4 account, from a particular spam folder. spam should be moved there before by a Bayesian filter like the one included in Mozilla, that after a week of training, indentify 100% of spam with 0% false positive, carrying away from your eyes all the spam. Then it analyze the spam (decoding as appropriate) to find the URL, and complaint for all the founded URL. It can follow some simple redirect URL and complaint also for those. Then it parse again the mail to find scam email, and complaint also for those. Last, it forward the spam to a configured email like spamcop or knujon. My suggestion is to use in tandem with Spamcop as are complementary solutions. This version send complaint emails with domain in obfuscated [dot] format for some Registrars. Initially are Beijing and Hichina, you can add more in 'RegistrarObfuscated.txt' file. Take care of configure your user IMAP and SMTP mail account inside the scri_pt. In particular correctly fill the string 'userMail' with <email> Example: userMail="Name <yourEmail[at]domain.tld>" as some SMTP server require the <> From this version you can (optional) use an external mail server configuration file. It must be called 'xComplaintConfig.txt' and should be in this format: # mail server user configurations: export userImap="imap.gmail.com" # imap4 server export userUser="" # user on imap4 server export userPass="" # pass on imap4 server export imapSSL="--ssl" # insert --ssl when IMAP server require (Gmail) export spamFold="[Gmail]/spam" # spam folder on IMAP server export userSmtp="" # user smtp server export userMail="" # user email "Name <email[at]domain.tld>" export forwardEmail="" # a mail to forward all spams The Registrar list is exacly the same as: http://www.spamtrackers.eu/downloads/Compl...lainterator.txt but with unix style new line, sorted alphabetically, and with no line ending space. Unfortunately the search algoritm is really slow. Need a new version in C language with a GUI in GTK+. The scri_pt depend on the following external tools executables: cat # text handling grep # text handling awk # text handling sed # text handling tr # text handling cut # text handling sort # text handling dos2unix # text handling wc # text handling read # input handling (bash builtin) base64 # decode base64 encoding iconv # international encoding conversion dig # NameServer query host # IP query whois # whois query wget # URL html redirect check telnet # send emails fetchmail # receive emails On Windows you have to install Cygwin with standard package, plus whois, wget, inettools (for telnet), fetchmail, dos2unix, base64, and iconv. More you have to install the package 'dig' from: http://members.shaw.ca/nicholas.fong/dig/ as isn't included in Cygwin. The package can be downloaded from: http://www.castlecops.com/p1110770-Complai...ux.html#1110770 Link to comment Share on other sites More sharing options...
kamaraju Posted September 25, 2008 Share Posted September 25, 2008 I post also here, a version of Complainterator crossplatform, thinked to work on Linux, but work on every platform with a complete GNU/Posix environment. I was experimenting with V.0.10.20 2008/09/09 and found out that you are using telnet in the scri_pt as in if (test 0 == "$debug") then cat sendoutDoma.txt | telnet $userSmtp 25 cat mailoutDoma.txt >> complaints.txt echo "====================================================" >> complaints.txt echo Mail sended. Exit. else echo Mail not sended. Exit. fi Is there no other alternative available (like ssh)? Telnet is supposed to be insecure and not all the Linux systems I know have telnet installed. hth raju Link to comment Share on other sites More sharing options...
efa Posted October 14, 2008 Author Share Posted October 14, 2008 Is there no other alternative available (like ssh)? Telnet is supposed to be insecure and not all the Linux systems I know have telnet installed. the problem is the SMTP server. Most I know, at ISO/OSI level 5, use simple un-encripted, un-autenticated, telnet connection on TCP port 25. Exist ESMTP, SMTP/TLS and SMTP-AUTH (ESMTPA) protocol, but which provider use it? Most provider check only the domain part of the sender email, and the direct connection to block relaing, but no real autentication or encription are used. Try your SMTP server, it accept ssh connection? If yes, surely you can substitute telnet with ssh in the scri_pt. Let me know if it work. If yes, please tell me which kind of SMTP server is. Another solution may be to use 'exim' (or 'ssmtp' or 'msmtp') available everywhere. At simple level they do a telnet on port 25, but can also support all types of encription. Link to comment Share on other sites More sharing options...
efa Posted May 25, 2009 Author Share Posted May 25, 2009 hi all, it's ready a new bugfix version of xComplaint bash scri_pt. This include a speedup written in C, stolen from the compiled counterpart that is slowly growing. Now the Registrar contact search is 60 times faster. The report now include the Domain creation data, usefull to add evidence of just registered domain You can now pass an argument with a file as raw spam mail, usefull for mail web access. The complaint now are more similar to Complainterator V22.8 You now can send complaints with a different account from the one you are receiving spam. The xComplaintConfig.txt file has changed the name of some variables to handle this little complex configuration. The scri_pt do an external command dependancy compliance check before start Next version will support SSL/TLS SMTP authenticated encripted send (using 'msmtp'), usefull for Gmail account. Here the changelog: # V.0.10.22 2009/05/24 # Add: use a C compiled Registrar searchEmail engine to speedup bash bottleneck # really faster now! # Add: Parse Whois report for Creation and Update Date for Domains # Add: put domain creation date in email body # Add: now you can pass a parameter with a text spam file # Add: often scam email are just registered email, with lot of char before [at] # Add: create complaint mails more like Complainterator V22.8 do # Add: create SMTP query after email confirmation (usefull to add EVIDENCE) # Add: added evidence in Domain complaints # Add: check for external dependancy compliance before start # Fix: better check of external contact/data files # Fix: reworked mail server account, to let different server for receive&send # changed xComplaintConfig.txt file variables requirements # Fix: handle base64 encoded spam with 4 lines separator, with or without "" # Fix: skip domain without a dot in the last 5 letter # Fix: set imap server timeout to 20 seconds # Fix: remove subdirectories from argument URL before complaint # Fix: remove ending dot and comma from spamvertized links # Fix: find Registrar when is marked 'Registrar Name:' (some .ws domain) # Fix: if traversal on A record fail, try use DNS cache # Fix: always get Name Server IP address # Fix: always get Domain IP address # Fix: skip other domain less often used for scam emails: # september11victims.com, right-thoughts.us, jonathanforeman.com, # sptimes.com, msn.co.uk, ya.com, ft.com, fundaciongsr.es, fedex.com, # guardian.co.uk, ftc.gov, paypal.com # Fix: updated contact files The new format of 'xComplaintConfig.txt' configuration file is: # insert here the user configurations: # ------------------------------------ # receive section account 1 export userImap="imap.gmail.com" # imap4 server export mailImap="user[at]gmail.com" # user email for imap4 server export userPass="" # pass on imap4 server export imapSSL="--ssl" # insert --ssl when required by IMAP server (Gmail) export spamFold="[Gmail]/spam" # spam folder on IMAP server # send section account 1 export userSmtp="smtp.gmail.com" # user smtp server export mailSmtp="user[at]gmail.com" # user email for smtp server export userName="Name Surname" # user name and surname # receive section account 2 export userImap="imap.domain.tld" # imap4 server export mailImap="user[at]domain.tld" # user email for imap4 server export userPass="" # pass on imap4 server export imapSSL="" # insert --ssl when required by IMAP server (Gmail) export spamFold="spam" # spam folder on IMAP server # send section account 2 export userSmtp="smtp.domain.tld" # user smtp server export mailSmtp="user[at]domain.tld" # user email for smtp server export userName="Name Surname" # user name and surname # list of emails to forward all spam to export forwardEmail="user[at]wantspam.tld" # a mail to forward all spams The scri_pt can be downloaded from: http://sharebee.com/677aa0b1 Link to comment Share on other sites More sharing options...
efa Posted July 14, 2009 Author Share Posted July 14, 2009 hi, it's time for a major update, as I added lot of new functionalities. The most interesting one is support for Google/Gmail account SSL/TLS encripted+authenticated complaint emails SMTP send, via 'msmtp'. (I again little changed the format of xComplaintConfig.txt file to support encription+authentication). Another interesting new funzionality, add redirected links to email body before forward, this to cheat spammer, and to keep track of spamvertized redirections. Let manually add a domain for uncatched redirections. xComplaint now ask one more confirmation, when domain/NS creation date is older than 7 months (configurable) The links and email estraction is reworked. Is now easy add fake scam email and trusted web site to external config files. Do not complaint for domain with IP 22.22.22.22 or 44.44.44.44 When found more than one "Registrar:" show a WARN, and get the last (and not the first), this work correct on most domains General speedup, lot of bug fixes, lot of updated in contact files Here the complete change log: # V.0.11.23 2009/07/10 # Add: support Gmail SMTP SSL/TLS authenticated+encripted send using 'msmtp' # changed/added xComplaintConfig.txt file variables names # Add: parse Whois for Creation date of NS, put it in complaints # Add: parse Whois for domain/NS Status, show it in the query log # Add: ask one more confirmation, when creation date is older than 7 months # Add: add domain creation date in complaint only when younger than 7 months # Add: add redirected html URL to email body tail before forward # Add: skip complaint 4 sign.out_me, out_of_the_list, get.me_out_now, # get.out_of_the_list, get.out_from_list[at]yahoo.com # Add: build file xComplaintMyEmails.txt, to skip reporting personal emails # Add: rework the scam domain engine, using an external text file # Add: reworked the email parsing engine, now work on real body of spam # Add: if DNS traversal fail, but domain is OK, complaint for domain only # Add: skip complainting for domain/NS suspended with 22.22.22.22 # Add: skip complainting for domain/NS suspended with 44.44.44.44 # Add: now put in complaints the Domain IP address # Add: evidenced redirections link catch or not # Add: let manually add a domain for uncatched redirections # Fix: reworked domain extraction, some was wrong: [xxx.]domain.com.cn # Fix: find domain for some ccTLD name servers: discountwatch.com.cn # Fix: when main RegistrarNameServer, sometimes complaint 4 previous spam NS # Fix: get last Registrar: when there is more than one in whois report # evidence a WARN to optionally manually check the whois report # Fix: find Registrar when is marked 'REGISTRAR:' (some .pl domain) # Fix: find CreationDate when is marked 'registered:' (some .hu domain) # Fix: cygwin/andLinux only: doesn't found some China/UTF-8 Registrar: # abcompany.com.cn,ootraffic.com.cn # Fix: remove innocent Bcc: Field from list of complaint emails # Fix: skip try to complaining for URL with IP address only # Fix: better parse of creation/updated date for domain/NameServer # Fix: consider domains and redirected links as case insensitive # Fix: reduce dig timeout to the minimum on IP query # Fix: reworked some debug and print style part # Fix: added tail and touch to the dependancies # Fix: lot of updates in contact files Here the new format of 'xComplaintConfig.txt': ## xComplaintConfig file. For V.0.11.23 2009/07/10 or next # receive section imapHost="imap.gmail.com" # user IMAP4 server imapPort="993" # default to 143 or 993 with SSL imapSSL="--ssl" # insert --ssl when required by IMAP4 server (Gmail) imapAuth="" # use when authentication is required imapMail="" # user email for IMAP4 server imapPass="" # pass on IMAP4 server imapSpam="[Gmail]/spam" # spam folder on IMAP4 server # send section smtpHost="smtp.gmail.com" # user SMTP server smtpPort="587" # default to 25 or 465 with SSL smtpSSL="--tls=on --tls-starttls=on" # insert --tls=on --tls-starttls=on when required smtpAuth="--auth=on" # insert --auth=on when required by SMTP server (Gmail) smtpTrust="/etc/ssl/certs/Thawte_Premium_Server_CA.pem" # trust path/file issued by CA smtpMail="" # user email for SMTP server smtpPass="" # pass on SMTP server userName="" # user name and surname replyMail="" # email for "Reply-To:" field forwardEmail="" # a mail to forward all spams The new version can be downloaded from: http://sharebee.com/6b6e04a1 Link to comment Share on other sites More sharing options...
Wazoo Posted July 14, 2009 Share Posted July 14, 2009 Another interesting new funzionality, add redirected links to email body before forward, this to cheat spammer, and to keep track of spamvertized redirections. This sounds an awful lot like a violation of the Reporting Rules .... specifically, "adding data to the spam content that the parser would not discover on its own" Please see Material changes to spam Link to comment Share on other sites More sharing options...
efa Posted August 2, 2009 Author Share Posted August 2, 2009 "adding data to the spam content that the parser would not discover on its own" if you do not want this functionality, simply delete lines from 2193 to 2225 in xComplaint V.0.11.23 2009/07/10, there are comments explaining this in the code. The scri_pt is in GNU/GPL opensource license, so you are invited (and encouraged) to modify the sources for your needs, with two unique requisite: that you pubblish the modified version again in GPL license, and attribute the original author. Link to comment Share on other sites More sharing options...
efa Posted September 25, 2009 Author Share Posted September 25, 2009 hi, I integrated the hard follow redirection and so a new major update: xComplaint V.0.12.24a 2009/09/23 It download html, parse the code to find redirection to real spammer web site. Support for no check of SMTP server certificate with "--tls-certcheck=off" Configurable retry times on SMTP send failure xComplaint now use OpenDNS when other dig queries fail finished to write and integrate the manual pages. See it with --help Officially support for andlinux.org as preferred solution against cygwin on Win32 Obfuscation is now with -dot- as work with [at]reg.ru Sources of emailSearch binary are provided in the package Now domain age calculation work as expected, lot of date format supported! Synch of contact files with xComplaint 22.15 Here the complete changelog: # V.0.12.24a 2009/09/23 # Add: integrated more aggressively follow redirection # Add: let skip (hard) follow redirection (silent to firewall) # Add: skip URL ending with .gif, .jpg or .png # Add: spam domain max age carried to 9 months # Add: base64 decode application/octet-stream as used for phish .html attach # Add: support for no check of SMTP server certificates "--tls-certcheck=off" # Add: use OpenDNS when other dig queries fail # Add: call xClean before everything when debug is off # Add: finished to write and integrate man pages # Add: show version with -V, syntax with -h and man with --help # Add: tested and work on AndLinux.org a Win32 port of Ubuntu+CoLinux # Add: obfuscation is now with "-dot-" and not "[dot]" as work with [at]reg.ru # Add: let easily skip add redirected/manualURL to spam body # Add: remove ending /?... part from the links # Add: package sources of "emailSearch.tgz" together xComplaint # Add: support for many more date format for domain/NS # Fix: often error in domain age extraction with many different format # Fix: sometimes unrecoverable error on age calculation # Fix: find Registrar when is marked 'organization:' (some .ua domain) # Fix: find CreationDate when is marked 'Created Date:' (some .th domain) # Fix: find CreationDate when is marked 'Created:' (some .it domain) # Fix: find UpdatedDate when is marked 'Last Update:' (some .it domain) # Fix: find DomainStatus when is marked 'state:' (some .ru domain) # Fix: remove redirect/HardFollowed fakeUrl, like with direct link # Fix: when all scam links, show: cat: links91.txt: Nessun file o directory # Fix: with ctrl-c on HardFollow redirect to past url # Fix: some rare case of error 'sed -e need a regular expression' # Fix: sometimes msmtp error: TLS certificate verification failed. Retry # Fix: remove ending; from URL # Fix: removed WARN: Trace on Domain/NS IP failed. Using Provider DNS cache ... # Fix: sometimes obfuscation is not complete: ns5.0m5.ru # Fix: updates in contact and fakeurl files You can download this version here: http://sharebee.com/16c64d2e Link to comment Share on other sites More sharing options...
Farelf Posted September 25, 2009 Share Posted September 25, 2009 ...I integrated the hard follow redirection and so a new major update: xComplaint V.0.12.24 2009/09/22 ... [numerous other features] ... You can download this version here: http://sharebee.com/16c64d2e Thanks efa! You probably don't get the recognition you deserve but I'm sure many Linux users are grateful. Link to comment Share on other sites More sharing options...
efa Posted September 25, 2009 Author Share Posted September 25, 2009 Thanks efa! You probably don't get the recognition you deserve but I'm sure many Linux users are grateful. I see that previous version was downloaded 55 times, and this is enough. Hoping someone else want to collaborate enhancing the scri_pt, maybe with "unique domain sorting" and not unique url sorting as is now. This avoid to ask for reporting for every url when the spamvertized domain is the same. Now I'm developing an anti-phish application Link to comment Share on other sites More sharing options...
efa Posted January 9, 2010 Author Share Posted January 9, 2010 hi, 50 download for V.0.12.24a, so as a gift for new year, a new minor version V.0.12.25 2009/12/30 with lot of news: Some refinement in hard follow redirection, now find all the redirections Some fake url are used 4 redirection (msn groups,..). List in xComplaintRedir.txt For ccTLD when do not found the Registrar, write to CERT.cc adding a note Skip complaint for Domains already suspended with HOLD, but continue for NS Do not complaint for domains suspended with IP 4.4.4.4 Now the links are unique sorted for domain and not for url More than one Links can be added, also when no links are found in body Lot of new Registrar, Status and CreationDate format supported Some factorization functions in source code Lot of bug fixes, lot of updates in contact files Here the complete changelog: # V.0.12.25 2009/12/30 # Add: when do not found a Registrar for ccTLD, use cert/csirt or nic.cc # Add: added a note in the complaint about why writing to CERT # Add: let manually add a link when no links are found # Add: let manually add more than one URLs, space separated # Add: skip complaint for Domains with Status: Hold. (does not apply to NS) # Add: for domain Status not on HOLD, list other status # Add: complaint only once 4 domain repeated in different urls # Add: follow HardRedirection with: "<a href="http://", "<a href='http://", # "src="http://", "src=http://", "<META HTTP-EQUIV="refresh" CONTENT="0;URL=http://", # "window.location = "http://", "window.location="http://", "location = 'http://" # Add: show all the HardRedirections and not the last # Add: hardRedirection with fakeUrl listed in xComplaintRedir.txt too # Add: limit redirections to a max value set by 'redirMax' # Add: skip IPonly and Scam links in single redirections # Add: skip complainting for domain/NS suspended with 4.4.4.4 # Add: added .biz to the list of TopLevelDomains # Add: skip URL ending with .GIF, .JPG or .PNG # Add: spam domain max age carried to 13 months # Add: factorized NS and Registrar emails extraction # Fix: get the right contact for email domain (hotmail.ru and mail.ru) # Fix: can decode multi-part messages enconded as base64 # Fix: extract phish links from attached html file encoded as base64 # Fix: decode (phish) email with base64 block (html attach) after an 8bit block # Fix: extraction of domain from emails now use the real domain # Fix: sometimes do not extract email from body because think was a binary file # Fix: find Registrar when is marked 'REGISTRAR:' on next line (some .pl domain) # Fix: find Registrar when is marked 'Last Updated by Registrar:' (some .us domain) # Fix: find Registrar when is marked 'Authorized Agency :' (some .kr domain) # Fix: find Registrar when is marked 'org: org_name_hun:' (some .hu domain) # Fix: support for updated/creation date format 24/01/2008 # Fix: support for updated/creation date format 1998. 02. 23. (some .kr domain) # Fix: support for updated/creation date format 2007-May-11. (some .tr domain) # Fix: support for updated/creation date preceded by email (some .lv domain) # Fix: support for updated/creation date ending with .0 (some .kz domain) # Fix: find CreationDate when is marked 'Approval date:' (some .ca domain) # Fix: find CreationDate when is marked 'Registered on:' (some .uk domain) # Fix: find CreationDate when is marked 'Registered:' (some .dk domain) # Fix: find CreationDate when is marked 'activated on:' (some .bg domain) # Fix: find CreationDate when is marked 'Domain created:' (some .kz domain) # Fix: find CreationDate when is marked 'Registered Date :' (some .kr domain) # Fix: find CreationDate when is marked 'Created on..............:' (some .tr domain) # Fix: find CreationDate when is marked 'Domain Registration Date:' (some .us domain) # Fix: find UpdatedDate when is marked 'Domain Last Updated Date:' (some .us domain) # Fix: find UpdatedDate for NS when is marked 'Changed' (some .de domain) # Fix: find UpdatedDate when is marked 'last modified' (some .pl domain) # Fix: find UpdatedDate when is marked 'Last updated on' (some .ru domain) # Fix: find UpdatedDate when is marked 'Last Modified:' (some .au domain) # Fix: find UpdatedDate when is marked 'Last modified :' (some .kz domain) # Fix: find UpdatedDate when is marked 'Last updated Date :' (some .kr domain) # Fix: find Status when is marked: 'Domain status :' (some .kz domain) # Fix: convert NS to lowercase before unique sorting needed for some .us domain # Fix: complaint email body for NS, check to add creation date but with the domain one # Fix: in some cases NS date extraction recover domain creation date # Fix: in some cases NS registrar/status recover suspended NS info # Fix: in some cases NS traversal extract root.local SOA record # Fix: extract the Subject when miss the space after ':' # Fix: sometimes report twice an hard followed links # Fix: xClean delete some other temp files # Fix: changed absolute to relative path in xClean # Fix: lot of updates in contact and fakeurl files You can download this version here: http://sharebee.com/4f07a427 Link to comment Share on other sites More sharing options...
QuantumMechanic Posted March 24, 2010 Share Posted March 24, 2010 what exactly does this program do? Also does it have a home page? Link to comment Share on other sites More sharing options...
Farelf Posted March 24, 2010 Share Posted March 24, 2010 what exactly does this program do? Also does it have a home page? There's a thread on it here - http://forum.spamcop.net/forums/index.php?showtopic=7930 The final post of the above points to the forum (below) where users congregate, by various clues that points to the Windows version download page which is currently http://www.spamtrackers.eu/downloads/files.php?fid=21 and that includes Complainterator version 22.18 (Feb 27 2010) Complaint template generator for illegal spammed domains, released November 27 Version 22.18 of the Complaint Generator that has been successful in suspending hundreds of thousands of criminal web sites Details can be found at http://spamtrackers.eu/wiki/index.php/Complainterator Support is available from the forum at http://inboxrevenge.com/ Complainterator generates a complaint template ready to email to the registrar responsible for a spammed domain name. Better still, it prepares a template message ready to send to the registar or registrars of the spammed domain's name servers. Complainterator helps to encourage registrars to cancel their contract to provide services to Internet cyber-criminals. Its users have accounted for the termination of hundreds of thousands of illegal domain names and their name servers. All of which is a little off-topic here (but yes, detail of purpose and location of general support is a useful supplement) - anyway, for future visitors, please refer to the other topic for any updates on those details. Link to comment Share on other sites More sharing options...
efa Posted April 26, 2010 Author Share Posted April 26, 2010 what exactly does this program do? The manual for the program is included with the scri_pt, it explain all the details. I attach you the man pages for the program: xComplaint(8) xComplaint(8) NAME xComplaint - Automatic spam/scam complaint generator SYNOPSIS xComplaint xComplaint spamFileName xComplaint [http://]URL[/] xComplaint -V xComplaint -h xComplaint --help DESCRIPTION xComplaint works on the concept that you have to bill spammer for spamming you. xComplaint can suspend hundreds of spammer domains, and this costs about 5 euro for domain, making less attractive to spammers keeping your e-mail in them spam list. In my experiece one month of use on a bait email results in lowering spam rates from 30 to 5 a day. On some mailboxes the spam e-mails were completely zeroed. xComplaint was born as a version of Complainterator but it is crossplatform, i.e. it was written to run on Linux, but it works on every platform with a complete GNU/Posix environment. For example I also tested it with andLinux.org and Cygwin on WinXP, but should work also on MacOS X and Solaris. It is written as a Bash scri_pt, so you have no GUI. The scri_pt can work in background, so that you can use your computer while xComplaint works. It's mostly automatic, recovers all the required information, composes the complaint e-mails, asks for some confirmation only, and sends them. All this aims to spend nearly no time for spam. Before running xComplaint, the spams should be moved to a 'spam' folder by means of a Bayesian filter like the one used by many provider or included in Mozilla Seamonkey/Thunderbird, that, after an one-week training, is able to indentify 100% of spam with 0% false positives. THREE INVOCATION WAYS xComplaint can be called in three different ways: xComplaint [http://]URL[/] If the first argument is an URL, it does a Whois query on domain, recovers creation date, domain Status and Registrar. Then by means of a DNS traversal, it recovers all the Name Servers for the domain, and, for each, creation date, NS Status and Registrar. Then it composes the complaint e-mails, and asks for a confirmation before sending. More or less the things that Complainterator does on Windows. xComplaint spamFileName If first argument is a local text file, it parses the file looking for URLs, discards scam links, then processes them in the way described above. It can follow redirection URL and complains also for them. Then it re-scans the file for scam e-mails, composes complaint e-mails, and waits for confirmation. spamFile is useful if you have e-mail web access only. Finally, it can forward the spam to a configured e-mail like Spamcop or Knujon. xComplaint If run without arguments, it downloads spam mails from the IMAP server in a configurable 'spam' folder, then for each spam it does the processing described before. OPTIONS -V displays version number, copyright and author information then exit -h displays a brief command syntax --help displays this complete manual PROCESS FLOW DETAILS First of all, the scri_pt starts, checks if the mail server configuration is done, then checks for the presence of some needed external data files, and finally it does an external commands dependancy compliance check. Then, depending on the specified parameters, it can process single spammed url rather than single spamFile or it downloads spams from the imap server. After downloading spam files, it splits the spam in many single e-mails. Then for each spam, it decodes them as quoted-printable or base64 if needed. Then it parses each spam looking for URL, and follows URL redirections. For each URL, it recovers the Domain, Registrar and Domain Status. After that it makes a DNS-traversal recovering the Registrar and Domain Status for all Name Servers. Then it composes the complaints for the Domains and all Name Servers. Then it can forward the spam to a configurable email, like Spamcop or Knujon. Finally it parses again the spam looking for scam mail, and complaints also for those to the Provider. xComplaint does not complaint for domain with IP 22.22.22.22, 44.44.44.44 or 61.61.61.61 as they are used by some China Registrars to temporary suspend domain, because they claim their management systems do not allow using a private lan IP address or an invalid one like 0.0.0.0 The report includes the Domain Creation Data, useful to add evidence of just registered domain uniquely for spamming. xComplaint asks for one additional confirmation, when domain/NS creation date is older than 9 months (configurable). The generated complaints e-mails are very similar to Complainterator V22.8 xComplaint can add redirected links to the e-mail body before forwarding it, in order to trace spamvertized redirections and sure, to cheat spammer. Moreover it permits to add manually a domain for uncatched redirections. You can send complaints from an account different from the one you are receiving spam. The file xComplaintConfig.txt can handle this configuration. Since version V.0.11.23 xComplaint uses 'msmtp' to support complaint e-mail SMTP sending from Google/Gmail accounts which are SSL/TLS encripted+authenticated. xComplaintConfig.txt file supports encription+authentication commands. It is easy to add fake scam e-mails and trusted web sites by using external config files: xComplaintFakeEmails.txt for trusted e-mails xComplaintFakeUrls.txt for trusted domains xComplaint can use updated Registrar contact file from: http://www.spamtrackers.eu/downloads/Complainterator/contacts.complainterator.txt take care of renaming it to 'xComplaintUrlContact.txt' NOTES 'fetchmail' and 'msmtp' can be configured to download and send e-mails automatically, without asking for password each time. Refer to their documentations. Since version V.0.10.22 xComplaint includes a speedup written in C, coming from the compiled counterpart DamageSpammer http://damagespammer.sourceforge.net that is slowly growing. In this way the Registrar contact search is 60 times faster. When it founds more than one "Registrar:" in Whois report, xComplaint gets the last one and not the first one; this works correctly on most domains. CONFIGURATION Take care of configuring your user IMAP and SMTP e-mail account inside the scri_pt. In particular you need to fill the following strings: 'imapHost' with your IMAP server address 'imapMail' with your receiving spam mailbox 'imapSpam' with your IMAP server spam mailbox 'smtpHost' with your SMTP server address 'smtpMail' with your email used to send complaint Since version V.0.10.18 you can use an external e-mail server configuration file named 'xComplaintConfig.txt'. If present, the configuration data in that file have priority on internal configuration. The file must be in the form: # receive section imapHost="imap.gmail.com" # user IMAP4 server imapPort="993" # default to 143 or 993 with SSL imapSSL="--ssl" # insert --ssl when required by IMAP4 server (Gmail) otherwise leave it blank (i.e. "") imapAuth="" # use when authentication is required imapMail="" # user e-mail for IMAP4 server imapPass="" # password on IMAP4 server imapSpam="[Gmail]/spam" # spam folder on IMAP4 server # send section smtpHost="smtp.gmail.com" # user SMTP server smtpPort="587" # default to 25 or 465 with SSL smtpSSL="--tls=on --tls-starttls=on" # insert --tls=on --tls-starttls=on when required smtpTrust="Thawte_Premium_Server_CA.pem" # trust path/file issued by CA smtpTrust="--tls-certcheck=off" # use when you haven't a server certificate smtpAuth="--auth=on" # insert --auth=on when required by SMTP server (Gmail) smtpMail="" # user e-mail for SMTP server smtpPass="" # password on SMTP server userName="" # user name and surname replyMail="" # e-mail for "Reply-To:" field forwardEmail="" # forward all spams to this e-mail Moreover xComplaint needs the following external data/contact files: xComplaintConfig.txt user configuration account data xComplaintFakeEmails.txt list trusted e-mails xComplaintFakeUrls.txt list trusted domains xComplaintRegistrarDns.txt list Registrar main Name Servers xComplaintRegistrarObfuscated.txt list Registrar that need obfuscation xComplaintRegistrarWantSpam.txt list Registrar that want complete spam xComplaintEmailContact.txt list Provider contact e-mails xComplaintUrlContact.txt list Registrar contact e-mails xComplaintMan.txt man pages for xComplaint all are provided in the package, and easily customizable. DEPENDENCIES The scri_pt depends on the following external binary tools: awk, base64, cat, cut, dig, dos2unix, fetchmail, grep, host, iconv, less, msmtp, sed, sort, tail, telnet, touch, tr, uname, wc, wget, whois. INSTALLATION On Unix/Linux simply untar the package: $ tar xvfa xComplaint0MMmm.tgz On Windows you can choose to install: 1 - Cygwin with base packages, plus whois, wget, inettools (for telnet), fetchmail, dos2unix, base64, and iconv. Moreover you have to install the package 'dig' from: http://members.shaw.ca/nicholas.fong/dig/ as it isn't included in Cygwin. 2 - andLinux.org (preferred) a complete Ubuntu+CoLinuxKernel distribution for Win32. Check with Synaptic if you have all the dependencies, then untar the package. EXIT STATUS Return 0 on "complaint send success", or -1 on error. COPYRIGHT Copyright © 2008, 2009 Author: My thanks to RedDwarf for the idea and many explanations on domain name system. This is free software; see the source for copying conditions. There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. The scri_pt is written under the GNU/GPL license so, as always, other developers and testers are welcome. BUGS See xComplaint source for ToDo/Fix features SEE ALSO fetchmail and msmtp manpages xComplaint 0.11.23 2009-09-xx xComplaint(8) --------- Also does it have a home page? not at the moment for the Linux/Unix/MacOSX Bash scri_pt version of Complainterator (called 'xComplaint'). I'm writing an opensource C (sources and compiled) version, that will be crossplatform and GUI based. That version as now is in alpha state, and so doesn't work. It can be downloaded from Sourceforge: http://sourceforge.net/projects/damagespammer/ http://damagespammer.sourceforge.net/ If you prefer I can upload also the 'xComplaint' Bash scri_pt there. Which Operative System are you using? Link to comment Share on other sites More sharing options...
Farelf Posted April 26, 2010 Share Posted April 26, 2010 efa, as always, thanks. Awesome. Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.