Codebase for Sale!
In order to focus more tightly on our core business, we are offering the
SPAMbaffle codebase and domain name for sale.
Contact Antone via our
contact form with questions or to make an offer.
Blacklister
A spam email blocker for qmail
© 2004 Antone Roundy
Introduction
Blacklister is an automated email blacklist generator.
To use it, set up a fake email address and publish it on the internet where spammers will pick it up.
Set up qmail to add the addresses of anyone who sends email to the fake address to a blacklist.
Then, set up qmail to use that list to protect your other addresses.
System Requirements
To use Blacklister, you must have the following software installed on your mail server:
- qmail
- mySQL
- Perl
- The Perl DBI interface for mySQL
License
Blacklister may be freely used at no charge.
However, it may not be redistributed without a prior agreement with the owner.
Donations
Donations (of a dollar or more) are gladly accepted.
To donate, use
this form (and just change the desciption to say that it's for Blacklister).
Thanks!
Installation
- Create the database:
Execute the commands in the "mysql commands" file, or do the equivalent actions in your database control panel.
Note the following:
- You can ignore the line "create database blacklister;" if you want to store your blacklist in a table within an existing database.
- You will need to change "sqlwrite" to your usernameon the line "grant SELECT,INSERT,UPDATE,DELETE,FILE on blacklister.* to sqlwrite@localhost;"
- Prepare the scripts:
Change the following lines near the top of both scripts (blacklister.pl and checkblacklist.pl) as needed for your system:
$database='blacklister';
$table='blacklister';
$username='';
$password='';
- Install the scripts:
Copy blacklister.pl and checkblacklist.pl to your server.
Set the permissions on both files to make them executable--for example, you might use the command
"chmod 755 blacklister.pl checkblacklist.pl".
- Create a fake email address:
Create a fake email address which you will use to collect blacklist entries.
If you cannot create an entirely new address, you can use a variant of your existing address.
For example, if your email address is joe@somedomain.com, you could use joe-black@somedomain.com as your fake address.
If you haven't yet told people your email address, you could even use joe@somedomain.com as your fake address and joe-smith@somedomain.com as your real email address.
- Tell qmail to call blacklister.pl whenever a message is received for your fake address:
Put the following on the first line of the .qmail file for your fake address (changing the path of course, so that it leads to the place where you installed blacklister.pl).
There should be nothing else in this file:
|/path/to/blacklister.pl
Notes about your .qmail file:
- Since the filename starts with a period, it is a hidden file.
- If you created a new account to create the new email address, it will be in the home directory of the new address (if the file exists--it may not).
- If you want your fake address to be something like joe-black@somedomain.com, the file will need to be named ".qmail-black" instead of ".qmail".
- Tell qmail to call checkblacklist.pl whenever a message is received for your real address or addresses:
Add the following line of code to the top of the .qmail file for your real email address.
Leave everything else that already exists in the file, if the file already exists.
If you don't already have a .qmail file, you'll need to find out from your system administrator what should be on the following line or lines.
Otherwise, your email will NOT be delivered!
|/path/to/checkblacklist.pl
- Test it out:
Send an email to your fake address and check to verify that your email address got added to the database.
Then send an email to your email address and verify that it gets bounced.
Then delete your email address from the database, or leave it there, but change the value of the "status" field to 2.
- Publish your fake email address:
Put it on your website in a place that regular visitors won't find it, but automated tools that look for email addresses will.
Include a note indicating that messages sent to that address won't be read by anyone--the automated systems won't see that, but real people will.
Notes
- When a new address is added to the blacklister table, it's status is set to "0".
- If you wish to whitelist someone, add their address to the database and set their status to "2".
- If you wish to periodically check for new addresses, you can mark all of the old addresses by setting their status to "1".
They'll be blocked the same as if their status is "0".
Just be careful not to accidentally change people whose status is "2" to "1", or they'll go from your white list ot your black list!
- You may want to periodically check the database for old addresses who you'r not receiving any email from.
I may eventually build tools to help with this.
Till then, you can tell the first and last time (UNIX timestamp) that a person sent a message to your fake address, as well has how many times they've done so, and how many times they've emailed your real address by looking at the database.
- You can change the bounce message near the top of checkblacklist.pl.
- You can list domain names that don't get checked against the blacklist near the top of checkblacklist.pl.
Blacklister is no longer available for download because it turns out the technique is flawed.
Since most spam is sent from "spoofed" email addresses, tracking sender addresses has little value.
The technique could be useful if you have software that analyzes the mail sent to an address and generates a fingerprint used to eliminate similar spam from legitimate email addresses,
but I'm not going to build such a tool.