Blowback Spam Filter
Update: I've been using Blowback for several months now, and
overall I'm very happy with it; in fact I don't know what I would
do without it, since I would get about 30 spams a day. I do keep
making small improvements and fixing minor bugs along the way.
For example, I recently added a hack to deal with spam posted to
mailing lists I'm legitimately subscribed to.
This is a new implementation of an e-mail filtering idea I got
Sleator. It's essentially a whitelist filter, that is, it
allows only messages from "approved" senders to get through.
However, it makes it easy for people to add themselves to the
whitelist. All they have to do is reply to the automated message
sent out by Blowback. In the case of Spammers, they won't even
read the message, let alone reply to it. Presto! No more SPAM.
My implementation of Blowback is designed to work with
maildelivery, so it should be easy for computer-savvy CMU
people (and perhaps others) to install and use.
Once Blowback is operational, the flow of spam to your inbox
should halt abruptly. If you have edited your whitelist well, the
flow of real e-mail should continue uninterrupted. Whenever a
message arrives from an unrecognized source, the message will be
saved in your ~/.blowback/queue directory and an
automated reply will be sent to the sender. If the sender replies
to the automated reply, they will be added to the whitelist and
their message(s) will be delivered and deleted from the queue.
You can of course check on your queue manually.
Occasionally a legitimate message will be queued, but the sender
will not reply to your automated message, either because they are
too busy, or they think it's spam, or their message was automated
but you wanted it anyway. In the latter case, you should use a
temporary address (see the section on temporary.txt
below). If you find an address in your queue which you would like
to add to your whitelist, you can do this by running the script
local-approve.perl with the address to be approved as the
command-line parameter. This will add the address to your
whitelist and deliver any queued messages, while editing the
whitelist directly will leave queued messages undelivered. Of
course, if you want to dis-approve a previously approved address,
just delete it from the whitelist.
Periodically you will want to clean out your queue, so the spam
doesn't pile up to deep and use up your afs quota. While you
could just delete everything in your queue directory, this runs
the risk of losing incoming messages that are in the process of
being approved. It is safer to use the purge.perl
script, which lists those senders which have been sitting in the
queue for a certain number of days or more. The follow command
deletes any messages from senders who have been in the queue for
7 days or more:
rm -r `purge.perl 7`
- Download this tarball and
unpack it from your home directory. It will create a
subdirectory called .blowback. It's important that
this be installed in a location accessible to the mail server
that runs maildelivery on your incoming messages, so I
recommend your afs home directory. If you're not in afs-land,
then use your home directory on the mail server, and you'll
probably need to tweak a few paths to get it to work.
- If your home directory on the mail server that runs
maildelivery is in afs (which is the case for
CMU CS people using the ux*.sp.cs.cmu.edu mail servers)
you need to create a maildelivery kerberos instance so
that maildelivery can write to your
~/.blowback directory. If you use IMAP in a way that
bypasses maildelivery altogether, you'll have to make
sure you have a POP account and change your forwarding so that
it uses maildelivery on its way to your IMAP inbox.
In the following script, replace UUUU with your username, and
XXXX with your user number from your /etc/passwd file.
telnet -x jeeves
kerberos create UUUU.maildelivery
telnet -x jeeves
afs account define UUUU.maildelivery
ksrvutil add -f /usr/adm/autoauth/XXXX
- Then you need to give your maildelivery instance access to
your ~/.blowback directory and its queue
fs sa /afs/cs/user/UUUU/.blowback UUUU.maildelivery rlidwk
fs sa /afs/cs/user/UUUU/.blowback/queue UUUU.maildelivery rlidwk
- I haven't made an install script yet, so you'll need to
edit each of the perl scripts (local-approve.perl,
process-message.perl, purge.perl, process-approval.perl,
process-temporary.perl) and replace each occurrance UUUU with
your username. This should do the trick:
foreach f (*.perl)
mv $f $f~
sed s/UUUU/yourusername/g < $f~ > $f
- Now you will probably want to do some customization. Edit
each of the *.txt files as you like. Here's what
- whitelist.txt is the list of "approved"
senders. You probably want to dump your address list into
here. It should contain one e-mail address per line, with
no extra stuff. By the way, anything ending in
.edu is approved by default, so you don't need to
- temporary.txt allows you to
define temporary addresses of the form
UUUU+tempAAAA@cs.cmu.edu by adding the line
AAAA to temporary.txt. Mail sent to the
temporary address will always be delivered, without the
sender having to be in the whitelist. This is especially
useful for signing up on web sites or mailing lists where
you want to get their mail but you don't know what address
they'll send it from. If you start getting spammed
at that address, just remove it from temporary.txt.
- response-template.txt is a template for the
messages the agent will be sending out to anyone who sends
you e-mail from an unapproved addresss. It contains
instructions for gaining "approved" status. It's nice to
add your name to this file.
expired-template.txt This is a template for
messages sent to a temporary addresses that is not listed in
temporary.txt. In this file, the string
(TO) will automatically be replaced at runtime with
the address in question. Again, it's nice to add your name
to this file.
- Finally, you need to edit your .maildelivery file
to activate e-mail filtering. Before you do this, make sure you
are willing to test this software at your own risk! It's
worked pretty well for me, but there is absolutely no guarantee,
and there is a risk of losing incoming messages. You can use this .maildelivery file and
replace each UUUU with your username. The moment the
file arrives in your afs home directory, the system is active!
Additional warning: don't try this if your afs quota is
almost full! Spam messages will be saved temporarily and may
fill it completely. A full quota may result in lost e-mail.
- Please let me know if you try this out, and how well it
works for you. I've been using it for a few months with
virtually no spam, and only one or two (known) missed real
messages. My address is pvenable at cs.cmu.edu.
back to my home page