Tagspam and Wblist anti-spam programs


Tagspam is a program which adds the word: SPAM into the subject line of a mail message which it identifies as spam. Identification is done by tracing Received: mail headers to identify the origin. The origin is then looked up in DNS black and whitelists. With version 0.4 CSV processing based on CSV/CSA v.1 (draft-ietf-marid-csv-csa-02) is also included ( using pyCSV.py # csv-0.3x.py David MacQuigg (c) 8/19/05 ), enabling domain owners to publish records enabling forgeries claiming mail HELO greetings misusing their domain to be rejected.

Tagspam is useful for situations where you need to filter spam to individual users and where you don't have the ability to tag the spam at the MTA (Message Transport Agent) e.g. due to virtual hosting arrangements, or because you need to use a backup MX mail relay for when your own server is down which you don't administrate yourself, to improve mail delivery. Other situations where tagspam is useful include where you wish to test a DNS blacklist to see if it tags spam accurately, but are not willing to risk message rejection based on this blacklist.

Alternatively, if like me you receive very many spams each day, you might decide to use very low false-positive probability DNSBLs at the MTA rejection level, and more agressive DNSBLs at the tagging and filtering level in order to achieve an acceptable level of mail filtering. You should do this only if you are willing to risk delayed viewing of occasional false positives in filtered mail directed to a spam folder which you check manually, but more occasionally and faster than messages in your normal inbox.

I also use SpamAssassin together with Tagspam, which is intended to complement other programs, as part of a more effective overall anti-spam solution. For example, I reject messages at the MTA with SpamAssassin scores of 10 or greater, and filter messages with SpamAssassin scores of between 7.5 and 9.9 into my spam folder, as I do with messages tagged by Tagspam.

Tagspam is written in Python, and is known to run on a Linux computer running the MTA or or on similar machine which uses Fetchmail to obtain mail from a POP server, and Sendmail to distribute the mail locally. It will probably also run on any other operating system on which you can install Python, assuming you can figure out for yourself how to install filter programs which pre-process your mail input stream.

The latest download including DNSBL and CSV checks MS-Windows users please note: the correct download filename is tagspam_0.4.tgz. Internet Explorer has an unfixed bug resulting in downloads ending in .tgz being renamed .tar and then you will be unable to open it, because the download is a gzip compressed tar ( .tgz ) not an uncompressed .tar file. If you experience this problem please either save and rename the downloaded file to tagspam.tgz before trying to open it or install another browser which isn't braindead e.g. Mozilla Firefox .

The documentation .

Author: Richard Kay <rich AT copsewood dot net>

Wblist White/Blacklisting Program

Wblist is intended for use with mail processed by Tagspam. Wblist needs to read mail files where the spam and ham has been seperated manually. It might also be run in automatic mode on mail sent to spamtrap addresses. Wblist compiles reputation scores for messages processed. Based on a scoring algorithm, message origin addresses are added to or removed from DNS white and blacklists output in TinyDNS format. You are invited to download this program from here. Wblist is written in Python and should run on any platform with Python installed. As it uses the Mailman Lockfile import, Wblist is distributed under the same license as Python. A mail processing script is included for automating spamtrap processing. This script is written in Bash so should run on any likely Linux or Unix system.