yaspi - Yosi's Anti-Spam POP3 fIlter bot
yaspi is a POP3 mail-scanner and abuse reporter.
I did it to work with my yahoo account but it will do with any POP3 accessible account.
yaspi inspects the mails in your POP3 server and uses some configurable heuristics to detect mails with big attachments infected by viruses that could be flooding your mailbox.
Then it deletes those messages. It can also use ricochet to report
them to adequate abuse addresses obtained from
http://www.abuse.net.
If you select to report the infected mails I advice you to:
ricochet to send a BCC to you, this way you know what has
been send in your behalf and to who.
You will get lots of automatic responses back, do not ignore
them!. Classify them and try to follow which ISP are honoring your
requests and which ones are ignoring them.
You will also get some human-made responses, usually from small ISPs or companies. You can drop a thank you message to them.
If after some days you are still getting infected mails from some specific ISP, try looking for some staff e-mail address on RIPE http://www.ripe.net/whois, IANA http://whois.iana.org, etc. or from the ISP web site and write a polite mail explaining the problem and how your reports are being ignored.
Some ISPs use mail-scanners to filter their abuse addresses and virus reports are dropped because they look like real viruses (most mail-scanners are really silly!). In those cases, try resending the report without any rest of attachments or references to .bat, .exe, .pid, etc. files from the original message. Add a note also, explaining why filtering its abuse address with a silly antivirus is a bad idea and that better they use it with its outgoing mail!. At any time remember that ISP staffs are your friends. They hate viruses as much as you do because they overload their mail systems and their networks, waste their time and cost money to their companies.
yaspi is called with the following options:
yaspi [-s] [-v] [-l] [-r<delay>]
$delay minutes. By default, yaspi runs once and exits.
To install yaspi under windows unpack the archive and edit the
configuration files bot.cfg in the yaspi directory to suit your
preferences (you can also customize the templates if you want to).
installation procedure for Unix users is as follow:
LWP Net::POP3 Net::DNS Net::SMTP Net::XWhois Date::Format Mail::Internet Text::Template Config::Properties::Simple
Some of this modules will also require other modules to work!
You can install them easily with the CPAN module:
perl -MCPAN -eshell $ install Net::POP3 ... $ install Mail::Sendmail ... $ install Config::Properties::Simple ... $ etc.
cp yaspi /usr/local/bin chmod 755 /usr/local/bin/yaspi
cp -r unix_config ~/.yaspi vi ~/.yaspi/bot.conf
the included configuration file has comments explaining how you can set it to meet your particular configuration.
But you can customize ricochet templates inside yaspi configuration directory to meet your preferences.
yaspi -lvs
and see from the output and the save file (usually yaspi.save)
which messages would become deleted. If unwanted messages would be
deleted adjust the forbid rules in the configuration file and test
again.
Then run the real one
yaspi -lv
5,25,45 * * * * /usr/local/bin/yaspi
... to your crontab to run it every 20 minutes.
Copyright (c) 2003 Salvador Fandiņo Garcia <sfandino@yahoo.com>
This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version.
This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.
You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA