Monday, August 14, 2006

Retrospective Spam Filter

As a good spamcop user, I like to report all the spam that slips through the black lists and filters. That way, making sure the network admins know about any open relays they might have while building the black lists. However, a lot of spam comes through over night and I get a full inbox in the morning. When I report most of these, they have already been black listed. So, I thought it would be best to write a script that would check to see if these had already been listed and filter based on this. This way, even if the spam slipped through the black list on the first try, eventually it would be listed and filtered out of the inbox after the fact. This code seems to be working well for my inbox so I thought I should share it for all Lotus Notes and Ruby users:

require 'win32ole'
require 'socket'

@application ='Notes.NotesSession')

def check_file(server, mail)
@database = @application.GetDatabase(server, mail)
@database.Open(server, mail) unless @database.IsOpen
@view = @database.GetView('($InBox)')

dnsbls = %w{}

count = @view.TopLevelEntryCount
count.times do |index|
doc = @view.GetNthDocument(index+1)
spamdocs = []

doc.GetReceivedItemText.each do |t|
start = t.split(/[()]/)
start[1] =~ /(\d+).(\d+).(\d+).(\d+)/
dnsbls.each do |dnsbl|
var = Socket.getaddrinfo "#$4.#$3.#$2.#$1.#{dnsbl}", 0
puts var[0][2]

if var[0][2] =~ /127.0/
puts "Access denied for #{start[1]} by #{dnsbl}"
spamdocs << doc

spamdocs.each do |doc|



Saturday, August 12, 2006

Happy birthday and anniversary Dowds

We went out to Ecco for dinner with the Dowds to celebrate 38 year anniversary and Tack's birthday.
We all had a wonderful night and thanks to the staff at Ecco for making it such a pleasant night.