SpamTestBuddy 0.95 - A simple, light-weight, multiple-input spam scoring tool
Language: C with POSIX function calls
License: Open source, some restrictions. See README
Download source: spamtestbuddy-0.95.tar.gz [12 K]
SpamTestBuddy is a simple, light-weight, multiple-input spam scoring tool. It is standalone and can be used with simple procmail rules without root access or daemons. Features built-in support for simple DNS checks including DNSBL (DNS-based blocklist) queries, and can scan headers from filters such as SpamProbe, QSF, DSPAM that you already use.
Use SpamTestBuddy to adjust the score from your statistical filter, to reduce both false positives and false negatives with the benefit of extra spam tests. The configuration is flexible and easy to edit in a human readable file. Different tests can add or remove from the total score.
(I am not trying to re-invent SpamAssassin. That is a very powerful piece of software with all the features you need. It is also somewhat large and is a greater challenge to install. SpamTestBuddy will just help you bring together existing scores from filters you already use, with a few useful extra tests thrown in. For an all-in-one solution, try SpamAssassin).
Tested under Linux 2.4 and 2.6, Mac OS X 10.4.10 (Darwin), FreeBSD, NetBSD
Supported Tests in 0.95
After defining the tests below in a configuration file (add or subtract scores on match), SpamTestBuddy is used as a procmail filter. Tests are performed on information found in the input email headers, such as statistical test outputs from other filters. The results of the tests are added to new X-SpamTestBuddy headers.
One of the key purposes of SpamTestBuddy is to parse the IP address from Received: headers; this is the IP address of the host which connected to your mail system and sent the mail. Some of the following tests will use this IP address.
- TestDnsProblems - For the IP address, check the existence of reverse DNS and consistency with forward DNS (quick but effective spammer test)
- TestFileIP - Check if IP address is in local text file, useful for blacklisting
- TestHeaderSubstr - Check for header substring match
- TestHeaderYes - Check for header with right hand side "Yes/True/Spam"
- TestHeaderFloat - Check for header containing value [0,1] and add/subtract from score
- TestDNSBL - Check if IP address is in DNS based real-time blacklist (extremely effective when used properly)
1) Combining more than one external filter:
If you have a number of filters that output a numeric probability or score, you can combine them together using +TestHeaderFloat and make a decision on the total (floating point) score. Examples of filters which integrate seamlessly are SpamProbe, QSF, DSPAM, CRM114.
2) Querying DNSBL (DNS based blocklists, real time lists) or local IP files:
Typically this is done by mail servers at the time of mail receipt. However, there are advantages to doing these "RBL" lookups later. SpamTestBuddy will let you query multiple real-time lists for fresh data on known spam sources, abusive networks, etc. You can combine the results with your other statistical body-reading filters. You can also use TestFileIP to look up the IP in a local text file, such as a custom whitelist or blacklist.
3) Reducing false positives from other filters:
You can use SpamTestBuddy as a secondary filter to interpret existing scores differently. Alternatively, you can make a more conservative configuration by combining scores. This may be helpful for revisiting classification errors
4) Parsing the IP address of the sender
The IP address of the SMTP server which relayed mail is always visible in the Received headers, but parsing and extracting the correct IP address is hard to do reliably with procmail recipes alone. SpamTestBuddy can pick out the correct address by applying SkipReceived, a list of networks you define to consider local and ignore. The resulting IP address is conveniently displayed in the new X-SpamTestBuddy header, simplifying your procmail recipes.