The most recent update is March 26/1999. People with recent
versions of SpamDunk need only download
http://www.interlog.com/~waltdnes/spamdunk/sdfiles/NOTLIST.TXT
and upload as "isnotlist". Reasons for update...
- Hopefully my last major bug for Exim email squashed, i.e.
false-positives for the open-relay-hijcking filter. My
apologies for the problem. When I wrote the first, sendmail-only,
version of SpamDunk, I had it on my account for a few weeks with
daily tweaking before even the beta version went public. I did
not have this luxury when my ISP cut over to Exim as a replacement
for Sendmail. I will continue to keep SpamDunk compatable with
sendmail, because
a) I want my filters to work for as many people as possible
b) I still have to deal with email from sendmail-using sites
even though my ISP uses Exim.
- False positive open-relay-hijcking flagging of Hotmail email
fixed. This required special handling for one non-standard
header that Hotmail puts out.
- In my previous update, I included a filter to reject email from
SMI-8.6. It was brought to my attention that there are good
internet citizens out there who do go to the effort of setting up
a non-relaying firewall machine in front of the SMI-8.6 machine.
To avoid punishing them I've tweaked my filter to only flag email
where the SMI-8.6 header occurs on the first header physically
below (i.e. chronologically before) the handoff from the external
system to your ISP's server. If there is an intervening header
from another machine in the sender's system, it's considered to
be a firewall.
--------------------------------------------------------------------
Known issues that can't be resolved, due to the nature of SpamDunk.
--------------------------------------------------------------------
- The open-relay-hijacking filter can't tell the difference between
authorized and unauthorized 3rd-party relaying. Workarounds are...
a) Whitelist trusted correspondents, who use relays, in the
"procvars" file, or
b) Delete or comment out lines 102 through 125 in "NOTLIST.TXT"
before uploading it as "isnotlist". WARNING, this will eliminate
all checking for open-relay-hijacking.
- Certain Microsoft mail clients generate their own weird
"Message Id:" headers that throw SpamDunk for a loop, generating
false positives all over the place. They're the only people who do
this. But of course, they're the same outfit who's email clients
default to sending out HTML, RFT, or MS-Word files instead of
regular ascii text. MS doesn't seem to have a clue about standard
internet practices. Workarounds are...
a) Whitelist trusted correspondents, who use the offending MS
products, in the "procvars" file, or
b) Delete or comment out lines 52 through 167 in "NOTLIST.TXT"
before uploading it as "isnotlist". *WARNING*, this will
eliminate all checking for
- invalid "Message Id:" headers. This test catches a lot of
spamware output.
- email with no "Message Id:" headers generated by the sending
system, where your ISP's mailserver will probably insert its
own header. This test also catches a lot of spamware output,
especially RFMS spew.
- open-relay-hijacking in general
- Your ISP receiving email direct from an insecure SMI-8.6
mailserver
- email with forged "From:" headers claiming to be from
commonly-forged domains like earthlink, freeyellow, juno,
hotmail, wowmail, yahoo, not to mention others that you can
add manually.
--
Walter Dnes <waltdnes(_at_)interlog(_dot_)com> procmail spamfilter
http://www.interlog.com/~waltdnes/spamdunk/spamdunk.htm
Why a fiscal conservative opposes Toronto 2008 OWE-lympics
http://www.interlog.com/~waltdnes/owe-lympics/owe-lympics.htm