Monday, August 14, 2006

Retrospective Spam Filter

As a good spamcop user, I like to report all the spam that slips through the black lists and filters. That way, making sure the network admins know about any open relays they might have while building the black lists. However, a lot of spam comes through over night and I get a full inbox in the morning. When I report most of these, they have already been black listed. So, I thought it would be best to write a script that would check to see if these had already been listed and filter based on this. This way, even if the spam slipped through the black list on the first try, eventually it would be listed and filtered out of the inbox after the fact. This code seems to be working well for my inbox so I thought I should share it for all Lotus Notes and Ruby users:

require 'win32ole'
require 'socket'

@application = WIN32OLE.new('Notes.NotesSession')

def check_file(server, mail)
@database = @application.GetDatabase(server, mail)
@database.Open(server, mail) unless @database.IsOpen
@view = @database.GetView('($InBox)')


dnsbls = %w{bl.spamcop.net cbl.abuseat.org}

count = @view.TopLevelEntryCount
count.times do |index|
doc = @view.GetNthDocument(index+1)
spamdocs = []

doc.GetReceivedItemText.each do |t|
start = t.split(/[()]/)
start[1] =~ /(\d+).(\d+).(\d+).(\d+)/
dnsbls.each do |dnsbl|
begin
var = Socket.getaddrinfo "#$4.#$3.#$2.#$1.#{dnsbl}", 0
puts var[0][2]

if var[0][2] =~ /127.0/
puts "Access denied for #{start[1]} by #{dnsbl}"
spamdocs << doc
end
rescue
end
end
end

spamdocs.each do |doc|
doc.RemoveFromFolder("($InBox)")
doc.PutInFolder("($JunkMail)")
end

end
end


check_file('www/projectlounge',"mail/iconnor.nsf")

No comments: