Free spam software for linux

spam.pl is a perl script that extracts all relaying hosts from the headers of a spam mail and sends a complaint mail to all the responsible mail server administrators.
spam.pl is free software released under the GPL license.
There is no warranty, neither expressed nor implied, that spam.pl would do what it is said to do. It is up to you to use it.
Main features:
- Use your own complaint message
- Enter your own list of friendly hosts (probably the friendly hosts that relayed the mail to you)
- You should also instruct spam.pl what email-address it should put in the From: line when it mails its complaints.
- Run the script without sending any mail to see what receivers it could extract.
- Run the script with only one specified receiver, so that you can mail yourself and see what it looks good.
- Invoke the script from inside your favorite mail program. Just pipe the whole mail including headers into this script. You can of course just save the whole mail first and then pipe it manually into this script.
- Complain through the abuse.net service.
- Resolves IP-only addresses
- Optionally extract host names to complain to from the mail bodys http:// links.
- Can be made to use the whois.abuse.net lookup service.

DSPAM is a server-side statistical anti-spam agent for Unix email servers.
DSPAM masquerades as the email servers local delivery agent and effectively filters spam using a combination of de-obfuscation techniques, specialized algorithms, and statistical analysis.
The result is an administratively maintenance-free, self-learning anti-spam tool. DSPAM has yielded real-world success rates beyond 99.9% accuracy with less than a 0.01% chance of false positives.
The DSPAM project attempts to set itself apart from other filters by focusing on the following areas:
- DSPAM has a strong drive for research. Many new algorithms and approaches to fighting spam have come out of the DSPAM project. Some of the approaches deployed in DSPAM include Concept Identification, Neural Networking, Message Inoculation , advanced de-obfuscation techniques, and a new noise reduction algorithm called Bayesian Noise Reduction. Were always looking for new approaches to improving the accuracy of DSPAM.
- A strong focus on large-scale implementation support. The largest implementation of DSPAM weve heard about to-date involves 350,000 users, with the next largest being around 125,000, then 100,000. DSPAM has been designed to run with a very short execution time (between 0.01s - 0.03s real time for classification and between 0.03s - 0.10s real time for training, on average hardware), and has been equipped with a storage driver API allowing several different storage mechanisms to be used. Depending on disk space constraints, accuracy can be traded off for additional disk space or vice-versa.
- Usability. DSPAM was designed with "grandma" in mind. Users can retrain by either forwarding any spam they receive to a spam address, or (in v3.4.2+) use the history function of the included web interface to quickly mark spam and deliver false positives. End-users dont need to know any commandline utilities or other complexities plaguing some other such tools. Functions such as whitelisting and keyword inventory are automatic (based on statistical functions) and therefore require no user intervention.
Main features:
- System-wide administratively-maintenance free filtering. The DSPAM agent can integrate into just about any network and can even be implemented as an SMTP gateway.
- A simple-to-use learning mechanism. DSPAM allows users to simply forward their spam to their "spam email address" for learning, eliminating any learning curve necessary to make it usable by your customers. The information used in every calculation is temporarily stored on the server, enabling DSPAM to relearn the original message by looking for a small signature in the forwarded spam. As a result, users dont have to be trained to bounce messages around, and administrators dont have to worry about incompatible mail clients.
- Support for a variety of storage implementations. DSPAMs storage driver API allows the administrator to choose how they wish to store data. Currently supported drivers include SQLite, Berkeley DB3, Berkeley DB4, MySQL, PostgreSQL and Oracle.
- Written in C for speed, performance, and scalability. Unlike Python or PERL solutions DSPAM is written in a low-level compiled language, meaning there is very little overhead. DSPAM runs fast, efficient, and doesnt depend on any third-party language interpreters.
- MTA support. DSPAM works great with Sendmail, Postfix, Qmail, Courier, and Exim, and should work well with many other MTAs. In the event you happen to run something like Exchange, DSPAM can be implemented on your network as an SMTP gateway. Just point your MX at it and configure it to relay to your mail server.
Enhancements:
- This is an unofficial release, but significant.
- Several significant bugfixes have been made.
- Bill Yerazunis Orthogonal Sparse Bigram (OSB) tokenizer algorithm has been added.
- The code has been significantly optimized to run much faster and with fewer resources.

eximspamy is a spam filter framework that uses exims perl extension.

It is supposed to be solution which requires no maintenance and will use only very little cpu power. I am using this on a pentium 100 Mhz server with no problems.

eximspamy processes or rejects the mail in one go. That is: the mail does not run twice through exim as with most other mail filter systems.

Exim offers the possibility to execute perl subroutines from filter files.

To use this feature you must specify a file which contains perl subroutines in the exim.conf file:

perl_startup = do /etc/exim/exim.pl

and you need to have a version of exim which had perl support enabled at compile time
in the file:

add the line

EXIM_PERL=perl.o

in

Local/Makefile

of the exim source tree.

In the system filter (normally system_filter.exim) you can use those perl subroutines
to execute various tests on any line of the header (e.g $header_subject: $header_from:) or even the message body ($message_body)

eximspamy uses the following idea to catch the spam: you need to setup one user to which you re-direct all spam-traps.

That is old accounts which are no longer used and catch only spam or special seeds which you spread on webpages to catch only spam (use e.g white font on white background so that normal users do not see them).

All mail which is sent to the spamtrap is run through a filter which will take a checksum on the subject line. Those checksums are stored in a file (/usr/local/spamy/tmp/sums.txt)

Any mail coming into your system will then be checked against the known "spam" checksums in /usr/local/spamy/tmp/sums.txt.

In other words you compute again a checksum on the subject line and then you check if this checksum is already known. If it is known then you consider it spam.

Spammer is an anti-spam mail filter for the popular MTA Sendmail.

Spammer checks all IP-Addresses found in the mail header against a DNS blacklist (such as the one from Easynet, Spamcop or Osirusoft).

Depending on the configuration, Spammer rejects mails from well-known spam sources or tags them with an additional line in the header and a special prefix in the subject.

Spammer requires Sendmail to be compiled with milter support. If youre using Debian Linux you need to install the libmilter-package.

SpamBayes is a Bayesian anti-spam classifier written in Python. The major difference between this and other, similar projects is the emphasis on testing newer approaches to scoring messages.

While most anti-spam projects are still working with the original graham algorithm, we found that a number of alternate methods yielded a more useful response.

Thats great, but whats SpamBayes?

SpamBayes will attempt to classify incoming email messages as spam, ham (good, non-spam email) or unsure. This means you can have spam or unsure messages automatically filed away in a different mail folder, where it wont interrupt your email reading. First SpamBayes must be trained by each user to identify spam and ham. Essentially, you show SpamBayes a pile of email that you like (ham) and a pile you dont like (spam). SpamBayes will then analyze the piles for clues as to what makes the spam and ham different. For example; different words, differences in the mailer headers and content style. The system then uses these clues to examine new messages.

For instance, the word "Nigeria" appears often in spam, so you could use a spam filter which identifies anything with that word in it as spam. But what if your business involves writing a guidebook on Nigerian Wildlife Conservation? Clearly a more flexible approach is necessary. Additionally spammers will adapt their content over time and will no longer use the word "Nigeria" (or the words "Lose Weight Fast", or any number of other common lines). Ideally the software will be able to adapt as the spam changes.

So, that is what SpamBayes does. It compares the spam and the ham and calculates probabilities. For instance, for me, the word "weight" almost never occurs in legitimate email, but it occurs all the time in lose weight fast spam. SpamBayes can then look at incoming email, extract the most significant clues and combine the probabilities to produce an overall rating of "spamminess". It flags the messages so that your mailer can handle the different message types. You might set it up so that ham goes straight through untouched, spam goes to a folder that you ignore (or delete without checking) and the unsure messages go to another folder which you can review for errors.

mod_antispam is an apache module which can control referer spam.

By using this module, you can control referer spam accesses. As you know, sometimes you can see referer spam access in your log files. their purpose is to lead you to spam website by recording their website address in your log files.

Spammers always use bots/tools to connect your website with invalid referer.
when http server gets some HTTP_REFERER from clients, mod_antispam will connect to that website and try to find link to your website from the target.

If address is not found, module will update blacklist file automatically not to connect there later. and if your address found, update whitelist automatically not to connect here later.

Also you can edit white/black lists by hands using regular expressions.

The most important thing is HTTP_REFERER in your log files is generated from clients web browser. therefore, people who knows referer mechanism can fake their HTTP_REFERER using some tools or by hands.

When this module finds any spam URI, you can choose some actions.

(1) [Test]
record spam address into blacklist and access is allowed (test mode)
(2) [Replace]
Rejectrecord spam address into blacklist and rewrite HTTP_REFERER to none and access allowd.
by this method, access is allowed and spam address is not added in your logfile
(3) [Reject]
record spam address into blacklist and return HTTP_FORBIDDEN (access denied)
(4) [ReplaceReject]
record spam address into blacklist and rewrite HTTP_REFERER to none and access denied.

By this method, access is denied and spam address is not added in your logfile
in some case (3) or (4) is dangerous. because some websites need cookie to display their website, some site is protected by authentication. (e.g. BBS in the groupware) or some HTTP_REFERER maybe intranet address.

(e.g. http://127.0.0.1/bookmark.html, http://intranet/bookmarks.html)

This module doesnt support cookie and cant connect to authorized website, because module doesnt know that username or password.

First you should use Test or Replace mode and choose another methods when you can analyze spam URI if you need.

Spamresponder provides a simple and radical spam filter using DNS validation and challenge/response.

Spamresponder is a very simple and radical spam filter, combining DNS validation with the challenge/response approach. It will go through all mail messages in /var/mail/$USER, looking for specific "trusted" strings in the header and body parts of the mail.

It will delete and send an automatic reply to messages which have no "trusted" strings inside them. Those replies will include one of the "trusted" strings, so the recipient just needs to reply to this confirmation message.

The MailFrom-address of an email containing a trusted string becomes a trusted string itself.