On Wed, Oct 25, 2017 at 11:52:17AM -0500, David Jones wrote: > I have a script (see below) watching a "SpamCop" folder that sends it to my > custom SpamCop address as an attachment using mutt. All I have to do is > drag-n-drop into that folder and the submission is automated. I wait a > couple of minutes for the SpamCop submission email with it's link to the > spam report then click it to confirm the submission. > > > We're still seeing tons of those "payment enclosed" emails with the > > short body and compromised URLs that automatically download a docx. > > I'd like to report the spam, but really would like to see the URLs > > blacklisted, and at the time I receive them, they are not. > > > > Spammers tend to batch these up and blast them out in waves so they can get > maximum usage for each compromised web server. They only get a few hours or > so before that URL is blocked or taken down (hopefully) so again these > zero-hour spam are going to hard to block. We still need to report them. > The feedback does help. > > Coincidentally, I am seeing a ton of new spam today from compromised > accounts all around the Internet. The subjects have "from" or "to" and the > recipients name along with a URL containing the recipients name. Many are > abusing .webcam URLs so the bad guys must have found new exploits of webcams > and have saved up a bunch of compromised accounts to burn through today. > > > Ideally I'd like something where I can pass an email as a filename as > > an argument to a shell script. If submitting to spamcop by email is > > the only way, what is the format? As an attachment? In-line? Does > > anyone have a command-line shell script that can be used to send this > > email? > > > > If you have access to the filesystem and cron on your mail server then you > can run something simple like this directly on your mail server: > > cd /var/vmail/vmail1/.../Maildir/.Spamcop/new > mv * ../cur > cd ../cur > > for FILE in *; do > echo "Spam attached." | mutt -e 'my_hdr From:some...@example.com' -a > "$FILE" -s "Spam Submission" -- submit.special.addr...@spam.spamcop.net > sleep 9 > done > > I have an iRedMail Dovecot spamtrap server that stores the emails in maildir > format where I can run this from cron every 5 minutes. I am also able to > release emails from my MailScanner servers to this spamtrap mailbox > retaining the original headers. > > If you don't have direct access to your server and it's a remote POP or > IMAP, collect the spam via fetchmail or something to get it into a local > folder then use mutt to send it as an attachment. > > -- > David Jones
You might also be able to set up something using imapsieve to do the same thing as the mail gets copied to that folder. I have my SpamAssassin getting trained for messages in and out of my spam folder. -- Larry Rosenman http://www.lerctr.org/~ler Phone: +1 214-642-9640 E-Mail: l...@lerctr.org US Mail: 5708 Sabbia Drive, Round Rock, TX 78665-2106
signature.asc
Description: PGP signature
