Freedom from spam...

He who would give up freedom for security deserves neither


The Whitelist

If you're like me, you already have a ton of contacts in your address book, and you'd like them to automatically be white-listed.  To add contacts from your address book to your whitelist, go to your contact list, and do a "File/Save Address Book As VCard".  This will create a list.vcf text file that has your e-mails listed in it.  The perl script "evo-strip-vcf.pl" can be used to help extract the e-mails from this file.  To use it, save your list.vcf file, and type:

    evo-strip-vcf.pl < list.vcf | sort -u >> ~/.whitelist

You should maintain your .whitelist file carefully to allow your real contacts through.  By default, Evochallenge will create a .whitelist file in your home directory that looks like:

# The maximum number of days we hold mail.
#max-age 30.0

# If you want to truely verify that a real person is trying to contact you,
# uncomment the question and awnser fields, and make up your own.
# The user will have to reply with an e-mail containing the answer
# to get white-listed.
#question The stuff we breathe is called what?
#answer air
#answer oxygen

# This example allows mail from bill@billrocks.org through.
#from bill@billrocks.org
# This example allows mail sent to sourforge.net lists to get through.
#to .sourceforge.net
# This example blocks mail sent from bad@guy.com.
#not bad@guy.com

# Set these options in order for your mail to be forwarded to you
# when authorised.  You must at least set the SMTP host.
smtp-host your_SMTP_host        #Host name or address of the SMTP server.
#smtp-port 25                   #Port where the SMTP server is listening.
#smtp-hello-host EHLO           #String to use in the EHLO/HELO command.
#smtp-disable-ehlo              #Don't use ESMTP EHLO command, only HELO.
#smtp-force-ehlo                #Use EHLO even if server doesn't say ESMTP.
#smtp-disable-starttls          #Don't use encryption even if the remote
                                #host offers it.
#smtp-enable-auth               #Enable all methods of SMTP authentication.
#smtp-auth-login                #Enable only AUTH LOGIN method.
#smtp-auth-plain                #Enable only AUTH PLAIN method.
#smtp-auth-cram-md5             #Enable only AUTH CRAM-MD5 method.
#smtp-user username             #Username for SMTP authentication.
#smtp-pass password             #Corresponding password.

Be sure to set your smtp-host, and if required, your smtp user and password.

If the "TO:" or "FROM:" lines in an e-mail are matched by a "to" or "from" declaration, they will be allowed.  Otherwise, a challenge e-mail is sent to the sender.  If he replies, his e-mail will be added to the .whitelist file, and future e-mails will come right through.  Otherwise, the filter will move his e-mails to your "Holding" directory (or whatever you called it).  The patterns listed in "to" and "from" declarations match if they are are found as a substring in an e-mail address, and matching is case insensitive.  So, "from @billrocks.org" matches anyone from billrocks.org, and "IBM.com" matches tom@ibm.com, but also fred@i_am_not_ibm.com.

By default, Evochallenge holds mail in ~/.heldmail for 30 days while waiting for authorization.  After that, the e-mails are deleted.  If you want to change the default, use the max-age declaration.

Some spammers are now generating automatic responses to challenges.  I get about one such spam responder per day.  To filter these goofballs out, uncomment the "question" and "answer" lines above.  You can use your own custom challenge if you like, and list all the reasonable answers you would accept.

SourceForge.net Logo






Dumb Ideas

Copyleft 2006 All rights approved.