Using RBLs to combat spam with Hamster

Are you getting ever more unsolicited emails (AKA spam or UBE)? Are you marred that the *nix guys have a slew of good tools to filter out UBE while there does not seem to be anything available for the average Joe that uses a Windows™-based system to download his or her mails via POP3 from the ISP's server? Well, here is a solution to help you keep your Inbox clean. Best of all, it's FREE. Everything you need to know is right on this page.

OK, what do I need to do?

You need to have a copy of the open source program Hamster, version 1.3.23.180 or later. You can get it for FREE from the Maintainer. If you have not used Hamster before, I strongly recommend it. There is good documentation and support available for it. Please complete your general setup of Hamster before continuing.

Once Hamster is up and running, please create the script rblcheck.hsc. Open the Hamster window by double-clicking on its icon in the tray. Press "F4" to get into the script window. Click the "New" button and name the script "rblcheck.hsc" in the window that is opening up. Delete the text that is already there and replace it with


#!load hamster.hsm

###################################################################################
# Script     : rblcheck.hsc                                                       #
# Description: Check incoming mails against an RBL to filter out spam             #
# Maintainer : Rolf Leggewie                                                      #
# URL        : http://leggewie.biz/hamster.htm                                    #
# Version    : 2002-10-07                                                         #
# Thanx2     : Thomas G. Liesner for mail.getheader                               #
#              Joern Weber for making the header changes permanent                #
# Disclaimer : use at your own risk - be sure to know what you are doing          #
###################################################################################


var ( $FileName, $HeaderList, $line, $IP, $octet1, $octet2, $octet3, $octet4, $RE_MyHosts )
varset ( $i, 0 )    # counter

# The hosts you receive mail at in RegExp notation (i.e. "mail\.domain\.tld|mail.domain2\.tld")
# Can be left blank as is.  Then the IPs in all Received-Headers will be tested.
$RE_MyHosts = ""

$FileName = paramstr(2)
$HeaderList = ListAlloc
ListLoad ( $HeaderList, $FileName )

while( $i < ListCount($HeaderList) )
 $line = ListGet( $HeaderList,$i )

 # Header unfolding
 if ( RE_Match( ListGet( $HeaderList,$i+1 ), "^(\t|\s)" ) )
  $line = $line + ListGet( $HeaderList,$i+1 )
  inc( $i )
  if ( RE_Match( ListGet( $HeaderList,$i+1 ), "^(\t|\s)" ) )
   $line = $line + ListGet( $HeaderList,$i+1 )
   inc( $i )
  endif
 endif

 # extract IP by octects, check RBL
 RE_parse ($line, "^Received:.+from.+\b(\d{1,3})\.(\d{1,3})\.(\d{1,3})\.(\d{1,3})\b.+by.+" + _
           $RE_MyHosts, $octet1, $octet2, $octet3, $octet4 )
 if ( !( $octet1 = "" || $octet2 = "" || $octet3 = "" || $octet4 = "" ) )
  if ( int($octet1) < 256 && int($octet2) < 256 && int($octet3) < 256 &&  int($octet4) < 256  )
   RBL_Check ("relays.ordb.org") # check mails against ordb.org
   # RBL_Check ("relays.osirusoft.com") # uncomment this line to also check against osirusoft.com
   # RBL_Check ("put.another.rbl.here") # uncomment this line to also check against some other RBL
  endif
 endif

 inc( $i )
endwhile

ListFree( $HeaderList )

quit

sub RBL_Check ( $RBL )
 var ( $RBL_result )

 $RBL_result = lookuphostaddr ( $octet4 + "." + $octet3 + "." + $octet2 + "." + $octet1 + "." + $RBL )
 if ( RE_Match( $RBL_result, "^127\.0\.0\." ) )
  if ( $RBL = "relays.osirusoft.com" )
   $RBL_result = $RBL_result + icase ( $RBL_result, _
                                       "127.0.0.2", " (open relay)", _
                                       "127.0.0.3", " (DynIP)", _
                                       "127.0.0.4", " (Confirmed Spam Source)", _
                                       "127.0.0.6", " (Spamware)", _
                                       "127.0.0.7", " (unconfirmed opt-in)", _
                                       "127.0.0.8", " (formmail.pl)", _
                                       "127.0.0.9", " (open proxy)", _
                                       else, "" )
  endif
  ListAdd ( $HeaderList, "X-RBL-Warning: " + $RBL + " returned " + $RBL_result + _
            " for " + $octet1 + "." + $octet2 + "." + $octet3 + "." + $octet4 )
  ListSave ( $HeaderList, $FileName )
 endif
endsub

Save the script and close the script window.

We're already almost there. What is left to do is to tell Hamster to run this script every time all headers for a mail have been received. To do so, open the Hamster menu Configuration - Automation - Actions and go to the item Mails - Process - Header of incoming mails. Select rblcheck.hsc from the drop-down menu titled Run script and click OK to close the window.
From now on, incoming mails that are listed in one of the block lists will have an X-RBL-Warning-Header that you can filter on. You can use either your mail program to sort such mail into a special folder or you can tell Hamster by way of the file MailFilt.hst to either ignore or kill the message directly on the server. You will then not have to download the message at all. WARNING: Please be sure you know what you are doing before you kill any mail.

You can use all the full blown features that Hamster offers to ignore or kill your mail. But that is up to you to decide and configure since people's tastes and needs differ on this subject. I refer you to the Hamster documentation and the Usenet newsgroup hamster.en.scripts.

Features

Just to give you a general idea of how powerful and flexible this filtering method is.

You can use any block list you like.
You can use more than one block list in parallel.
You can sort mail only (use your mail program) OR
You can ignore mail and leave it on the server (Hamster's MailFilt.hst) OR
you can kill it directly on the server (again Hamster's MailFilt.hst)
For ignored or killed mail you can specify circumstances under which you want to receive a short notification about the killed or ignored mail.
You can tell Hamster to choose whether to sort, ignore or kill based on the name of the RBL issuing the warning. For example, I would not have a problem with killing mails based on ordb.org but I cannot say the same for spews.com. But I might want to ignore based on a spews.com listing coupled with a notification.
You can tell Hamster to choose whether to sort, ignore or kill based on the number of RBLs issuing a warning.
You see, the possibilities with Hamster are only limited by your imagination. They can be tailored to your specific needs and tastes. Help is always available in the Hamster community in Usenet.

Soon to come ...

Discussion of various block lists and the necessary configuration changes. For now, I can offer you a link where you can find some documentation on the various RBLs. The site aims to list all RBLs.

Please drop me a line at hamster(a)rolf.leggewie.biz if you use the script. I appreciate it.