K
Karlheinz klingbeil
I have read quite a few mails recently with the question how to get rid of
spam using a python script...
As I was flooded with Spam-Mails in the past 2 weeks i wrote a python-script
which kills spam in a new more-than-1 stage manner. You can download script
and Doc at
http://www.lunqual.de/poppers.zip
Note that the script was developed on a Linux box, but should work just fine
under any other OS
here's the readme
-------------------------------------------------------snip------------------------------------------------
poppers 0.2 Readme
Copyright 2003 by Karlheinz Klingbeil (lunqual)
PopClean is a small script in python language which checks any
pop3 mailbox and deletes contents based on regular expression
matching in header and checking attachments before you have
to download more junk than you can affort
Requires
popclean requires Python 2.2+ to be installed on your machine
How to use:
1. edit the poppers.py script
in line 27 enter a proper path for your .poppers.conf file
in line 31 enter a proper path for your .poppers.log file
2. edit the .poppers.conf file
- enter your user data in the list of users
- set testmode to 1 if you don't want any messages on the
server deleted. set testmode to 0 if you want the real thing
)
3. start poppers.py directly in a shell (after chmod +x)
or by the command line 'python poppers.py'
The .poppers.conf file has extensive information about configuration
options, but here is short how it works:
poppers has several stages
Stage 1 : check if mail has a subject line
if no , mark to delete
Stage 2-1(deny) : check regular expressions for header
lines to deny mails
(it may be useful at this stage to
deny _ALL_ mails by specifiying the
line 'deny=from,to,subject:.*' Dont
be afraid, read on)
Stage 2-2(allow): check regular expression for header
lines to allow mails (even if denied
in Stage 2-1 )
If you did the above mentioned killaction
you can allow here mails to your own address
only with the line 'allow=to:[email protected]'
if you do this, you will get rid of a fair amount of
spam, for me this can be half to 2/3 of the Inbox
Stage 3 : will be applied to all mails who are not still marked
to delete.
If a Mail contains a 'content-type: multipart' header
it may contain an attachment.
And if a mail _may_ contain an attachment a number of
lines (specified by 'read_body=x' command will be
downloaded and checked.
therefore you can check a part of the mails body in
this stage with a_deny and a_allow rules
for example, the rule
'a_deny=.*<atb>.*content-type.*name.*\.exe'
will catch an exe attachment and deny this mail, but
you can also allow certain attachments:
'a_allow=.*<atb>.*content-type.*name.*\.pdf' will let
a pdf attachment through.
As you check rules against a part of the message body
this is not limited for catching attachments only, but
however, the part of the mailbody will only get downloaded
if poppers assumes that there must be an attachment in it...
if poppers searches for an attachment and doesnt find it
within the specified number of lines you can delete the mail
with the command 'delete_not_found_attachments=1' or
let them undisturbed by 'delete_not_found_attachments=0'
Stage 4 : final Stage, see Documentation for Stage 2, as the same rules
can be applied. this is the point where you define rules
based on subject,from or to headers. for example
'f_deny=from,to,subject:.*microsoft' will delete all mails
which contain the string 'microsoft' (case insensitive !)
somewhere in the from,to or subject headerline
Stage 4-1 : Final deny rules. Applied to all Mails which arent marked for
deletion yet to give you a chance to catch them now
Stage 4-2 : Final allow rules. Applied to all Mails which _ARE_ marked for
deletion. this is the point where you can make rules for
mails that _have_ to get through for some reasons. for
example 'f_allow=from:.*mygirlfriend@the_neighbourhood.com'
will allow mails from your girlfriend no matter what they
contain.
-------------------------------------------------------snip------------------------------------------------
spam using a python script...
As I was flooded with Spam-Mails in the past 2 weeks i wrote a python-script
which kills spam in a new more-than-1 stage manner. You can download script
and Doc at
http://www.lunqual.de/poppers.zip
Note that the script was developed on a Linux box, but should work just fine
under any other OS
here's the readme
-------------------------------------------------------snip------------------------------------------------
poppers 0.2 Readme
Copyright 2003 by Karlheinz Klingbeil (lunqual)
PopClean is a small script in python language which checks any
pop3 mailbox and deletes contents based on regular expression
matching in header and checking attachments before you have
to download more junk than you can affort
Requires
popclean requires Python 2.2+ to be installed on your machine
How to use:
1. edit the poppers.py script
in line 27 enter a proper path for your .poppers.conf file
in line 31 enter a proper path for your .poppers.log file
2. edit the .poppers.conf file
- enter your user data in the list of users
- set testmode to 1 if you don't want any messages on the
server deleted. set testmode to 0 if you want the real thing
)3. start poppers.py directly in a shell (after chmod +x)
or by the command line 'python poppers.py'
The .poppers.conf file has extensive information about configuration
options, but here is short how it works:
poppers has several stages
Stage 1 : check if mail has a subject line
if no , mark to delete
Stage 2-1(deny) : check regular expressions for header
lines to deny mails
(it may be useful at this stage to
deny _ALL_ mails by specifiying the
line 'deny=from,to,subject:.*' Dont
be afraid, read on
)Stage 2-2(allow): check regular expression for header
lines to allow mails (even if denied
in Stage 2-1 )
If you did the above mentioned killaction
you can allow here mails to your own address
only with the line 'allow=to:[email protected]'
if you do this, you will get rid of a fair amount of
spam, for me this can be half to 2/3 of the Inbox
Stage 3 : will be applied to all mails who are not still marked
to delete.
If a Mail contains a 'content-type: multipart' header
it may contain an attachment.
And if a mail _may_ contain an attachment a number of
lines (specified by 'read_body=x' command will be
downloaded and checked.
therefore you can check a part of the mails body in
this stage with a_deny and a_allow rules
for example, the rule
'a_deny=.*<atb>.*content-type.*name.*\.exe'
will catch an exe attachment and deny this mail, but
you can also allow certain attachments:
'a_allow=.*<atb>.*content-type.*name.*\.pdf' will let
a pdf attachment through.
As you check rules against a part of the message body
this is not limited for catching attachments only, but
however, the part of the mailbody will only get downloaded
if poppers assumes that there must be an attachment in it...
if poppers searches for an attachment and doesnt find it
within the specified number of lines you can delete the mail
with the command 'delete_not_found_attachments=1' or
let them undisturbed by 'delete_not_found_attachments=0'
Stage 4 : final Stage, see Documentation for Stage 2, as the same rules
can be applied. this is the point where you define rules
based on subject,from or to headers. for example
'f_deny=from,to,subject:.*microsoft' will delete all mails
which contain the string 'microsoft' (case insensitive !)
somewhere in the from,to or subject headerline
Stage 4-1 : Final deny rules. Applied to all Mails which arent marked for
deletion yet to give you a chance to catch them now
Stage 4-2 : Final allow rules. Applied to all Mails which _ARE_ marked for
deletion. this is the point where you can make rules for
mails that _have_ to get through for some reasons. for
example 'f_allow=from:.*mygirlfriend@the_neighbourhood.com'
will allow mails from your girlfriend no matter what they
contain.
-------------------------------------------------------snip------------------------------------------------