TechRepublic writer Sterling Camden created a configurable email spam filter of his own. Here are the details on how you can get it and configure it for your own needs.
TechRepublic writer Sterling Camden created an email filter. Here are the details.
Fellow TechRepublic contributor Sterling "Chip" Camden has recently made the move from MS Windows to FreeBSD for his primary workstation OS. Pretty much every time I talk to him these days, he feels compelled to share how much he's enjoying the benefits of his new working environment, and every time it puts a smile on my face, hearing about the joy of discovery.
He has also sought my advice about software choices on the new platform, system configuration, and various other matters, knowing that I use FreeBSD as my own primary workstation OS. While his ultimate choices don't strictly mirror mine, I see from what he's selecting that many of his tastes are running in directions very similar to my own. He is using XMonad as his window manager where I'm using AHWM, but they are both primarily keyboard driven, and XMonad is something I've been meaning to try out myself (some day).
One area where he has ended up using the same piece of software for common tasks that I use is email. We are both using a mail setup that involves Mutt as the Mail User Agent (MUA), sSMTP (Simple SMTP) as the SMTP client, and getmail as the POP client, on our laptops.
Both of us are quite wary of the problem of false positives when dealing with spam email. It would be great to never get another piece of spam in my inbox, but the danger of false positives — of legitimate email that I actually want to get being misidentified as spam by an email filter — is enough to make us both shy away from most spam filtering software.
Mutt makes it so easy to deal with email en masse that, considering my IT Security writing commitment at TechRepublic, it actually makes sense for me to get some spam in my inbox just so I can see current spam trends. I skim through my email to see what has started to appear for spam and phishing email, then use Mutt's vaguely vi-like powerful sorting and managing functionality to eliminate large numbers of spam emails very quickly. It still requires my direct intervention, though, so it comes as no surprise that Sterling chooses another approach, whereby he minimizes the amount of spam he sees as much as is reasonably possible.
Sterling's approach was to write a spam filter of his own. In his own words at Chip's Tips, in Script email filtering with Ruby, he says:
I've used all sorts of email filters since my very first internet email account in the early 90s — and none of them have been quite right. I'd like to be able to block anything about Viagra, but not when a friend or family member uses the word. Pure Bayesian filters always seem to block something from someone I know, while letting a few of the real spam messages through. But whitelists and blacklists suffer from a "which rule comes first" problem.
The result of his decision to write his own spam filter is called "getlessmail", because it was originally designed to work with getmail. His approach involved creating an embedded domain-specific language (EDSL) that is used to configure a filter for his own purposes. This also means that others who want to use getlessmail can use this same EDSL to create simple configurations for email filtering that are easy to compose and read. The sample configuration he provides is:
keep if from "firstname.lastname@example.org"
spam if from "@example.com"
spam if subject "viagra|cialis"
spam if body "(?m:\bnude\b.*\bpics\b)"
I have skimmed the README, and it looks like a quite capable little tool. I will probably even use it for one of the email accounts for which I use Mutt as my MUA. I do not need to get spam and phishing samples in multiple email accounts, after all. It appears to be better suited for some types of email accounts (a private account for which only known entities have the address) than for others (a public account where any random person on the Internet might have a legitimate email to send you), of course — but that appears to be a problem that no email filter has yet solved. In addition to its other benefits, this email filter is even distributed under the terms of the Open Works License (OWL), a copyfree license, which my regular readers should recognize as my choice for the right licensing model for security software.
The Chip's Tips article about getlessmail offers, at this time, a bzipped tarball download that includes documentation in a
README file, a
license.txt file with the text of the OWL in it, a sample
getmailrc file demonstrating how to configure getmail to use getlessmail as an email filter, and of course the
getlessmail.rb program file itself.
With Sterling's blessing, I have created a BitBucket project for getlessmail where he can manage the project and anyone with the Mercurial (also known as
hg) version control system installed can use it to mirror the repository to hack on it or use as he or she desires. He tells me that he "will have some supporting scripts and updates" for getlessmail in the future, and those should become available within the Mercurial repository at BitBucket as he releases them.