on Fri, Dec 21, 2001 at 03:39:48AM -0500, k l u r t ([EMAIL PROTECTED]) wrote: > On Friday 21 December 2001 02:16 am, [EMAIL PROTECTED] wrote: > > Hey everyone, > > > > Ever wanted to party with your favorite porn stars?? > > relay for spam.... > geez.. what a waste of a good FreeBSD box..
I've got a few systems for trapping spam. A modified set of Lars
Wirzenius's procmail filters ("spamfilter" in Debian), an asian-language
trap, and a few scripts to help automate the response process.
I'll post the whole mess at some point, but it's a bit unweildy (ugly,
but it works ;-).
I'm attaching one script I've been polishing over the past few days. It
scans a message (or attachments) for URLs, gets the IP, then runs a
WHOIS query, extracts email addresses, and converts them to
"[EMAIL PROTECTED]" form. abuse.net is a remailer run by John Levine, it
sends mail to known (or guessed) abuse reporting addresses for sites, as
well as sharing information with other services. Spamcomp.net is a
similar service. Substitute as appropriate.
My process in mutt is to pipe the message (or if it's encoded, an
attachment) through my script, paste the addresses into the "To:" line,
and send. Results from ISPs are moderately impressive. If nothing
else, ISPs will find they're getting massive complaints to spam.
The script isn't perfect. It doesn't handle some obfuscated URL
(@-encoded, big-number URLs, though I'm working on it). But it handles
most cases well. I somewhat prefer the semi-auto nature of it as I have
some control over the actual execution and triggering.
The '-v' flag increases verbosity.
Peace.
--
Karsten M. Self <[EMAIL PROTECTED]> http://kmself.home.netcom.com/
What part of "Gestalt" don't you understand? Home of the brave
http://gestalt-system.sourceforge.net/ Land of the free
We freed Dmitry! Boycott Adobe! Repeal the DMCA! http://www.freesklyarov.org
Geek for Hire http://kmself.home.netcom.com/resume.html
#!/bin/sh
PATH=/bin:/usr/bin
function get_urls () {
# Extract a set of distinct URLs from stdin.
awk '
BEGIN { FS = "\t <>,.=\"" }
/http:/ {
for( i=0; i <= NR; i++ ) {
URL = ""
if ( match( $i, "http:")) {
URL = substr($i, index ($1, "http:") + 7 )
split( URL, aURL, "[^-.A-z0-9_]" )
URL = aURL[1]
if ( length(URL) > 0 ) printf( "%s\n", URL )
}
}
}
' | sort -u
}
function NicFILTER () {
# Extract email addresses from WHOIS NIC data and post as
# "[EMAIL PROTECTED]" format.
awk '
/@/ {
for( i = 1; i <= NF; i++ ) {
if ( $i ~ /@/ ) {
host = substr( $i, index( $i, "@" ) + 1 )
gsub( "[^.A-z0-9_-]", "", host )
printf( "[EMAIL PROTECTED]\n", host )
}
}
}' | sort -u
}
# Test for a verbose flag.
VERBOSE=n
if [ x"$1" = x"-v" ]; then
VERBOSE=y
fi
case $VERBOSE in
y) function uniqlist() { cat; } ;;
n) function uniqlist() { sort -u | awk '{ printf( "%s ", $0 ) }'; } ;;
*) echo "Bad VERBOSE value: $VERBOSE" 1>&2; exit 1 ;;
esac
# ------------------------------------------------------------------------
clear
URLLIST=$( get_urls /dev/stdin )
if [ -z "$URLLIST" ];
then
echo "No URLs found"
exit
else
echo "URLs: $URLLIST"
fi
for URL in $URLLIST
do
if [ "$VERBOSE" = "y" ]; then echo -e "$URL: \c"; fi
HOST=$( host $URL 2>&1 )
if echo "$HOST" | grep -q "does not exist"; then
echo "No IP found for host $URL"
continue
elif echo "$HOST" | grep -q " A "; then
IPS=$( echo "$HOST" | awk '/ A / {print $3}')
if [ "$VERBOSE" = "y" ]; then echo -e "$IPS \c"; fi
else
IPS=$( echo "$HOST" | awk '/^Address:/ {print $2}' )
if [ "$VERBOSE" = "y" ]; then echo -e "$IPS \c"; fi
fi
for IP in $IPS
do
# We want a few specific bits from WHOIS
# Several forms of this:
# InterNIC ARIN: US: check for "NETBLK"
# RIPE: EU.
# APNIC KRNIC: Asia. Read from
# First, find the netblock:
# echo "Searching whois"
WHOIS=$( whois $IP )
if echo "$WHOIS" | grep -q InterNIC; then
REGISTRY=InterNIC
elif echo "$WHOIS" | grep -q "ARIN Registration Services"; then
REGISTRY=ARIN
elif echo "$WHOIS" | egrep -q '(RIPE|DENIC)'; then
REGISTRY=RIPE
elif echo "$WHOIS" | grep -q KRNIC; then
REGISTRY=KRNIC
elif echo "$WHOIS" | grep -q APNIC; then
REGISTRY=APNIC
else :
fi
# Check to see if we're referencing a netblock...
if echo "$WHOIS" | grep -q "NETBLK"; then
NETBLOCK=$(
echo $WHOIS |
sed -ne '/^.*\(NETBLK[-A-Z0-9]*\).*/s//\1/p' |
tail -1
)
if [ "$VERBOSE" = y ]; then echo "Netblock: $NETBLOCK"; fi
WHOIS=$( whois $NETBLOCK )
fi
if [ "$VERBOSE" = y ]; then echo "($REGISTRY)"; fi
# Build addresses
echo "$WHOIS" | NicFILTER
done
done 2>/dev/null | uniqlist
echo
msg04872/pgp00000.pgp
Description: PGP signature
