Index of /code/esec

      Name                    Last modified       Size  Description


[DIR] Parent Directory        13-May-2008 00:14      -  
[TXT] Artistic                23-Nov-2003 20:01     6k  
[TXT] ChangeLog               02-Feb-2007 18:46     7k  
[TXT] FAQ                     01-Mar-2006 20:49     4k  
[TXT] INSTALL                 17-Feb-2004 04:00     2k  
[TXT] TODO                    08-Aug-2006 02:08     1k  
[TXT] UPGRADING               07-Feb-2004 12:13     1k  
[DIR] contrib/                11-Oct-2006 23:47      -  
[   ] esec-beta.tgz           14-Aug-2007 01:43    40k  GZIP compressed tar ar>
[TXT] setup                   14-Sep-2006 16:34    13k  
[DIR] src/                    11-Oct-2006 22:34      -  

ESec: Email Secretary
Copyright (c) 2003-2006 Jeremy Kister
Author: Jeremy Kister <esec <dash> devel <dash> 1 @t jeremykister <dot> com>
Function:  Challange Response system to deter spam

ESec may be copied and distributed under the terms found in the
Perl "Artistic License".  A copy of this license may be found in the
standard Perl distribution, or in the file "Artistic".

######################################################################
This farraginous code is in it's infancy, and may exhibit unexpected
behavior.
I use it and it's being tested elsewhere with no [major] bug reports).
######################################################################

* Function
1 an unknown sender sends mail to your mailbox, reviewed by ESec.
2 if the sender is not in your whitelist, ESec responds saying that it
  does't know who he is; he must confirm himself before ESec will give
  you the message. 
3 unknown sender must click the hyperlink contained within the
  confirmation email, and must answer a simple, dynamic, question that
  he is presented with.  once he gives the right answer, his email
  address is confirmed, and the original message is delivered to your
  mailbox
4 if sender does not click the hyperlink within 7 days 2 hours, ESec
  nukes the message without further notice.

* Notes
1 all known senders' mail is immediately delivered
2 you may create/modify your whitelist (known sender list) ahead of
  time, for people who will obviously be sending you mail via a web gui
3 you may create your blacklist ahead of time via a web gui
4 you can whitelist fields in the header via a web gui (useful for
  getting ebay/shutterfly notices)
5 you can blacklist fields in the header via a web gui (useful for
  future anti-spam laws)
6 you must be careful not to let any mailing-lists you are subscribed
  to be answered by esec; you would be highly criticized for sending
  thousands of confirmation messages throughout the list.  ESec takes
  special care not to do this, but it's only best effort -- not a
  guarantee.  any lists you are on should be subscribed to with a
  coyote email address which can be aliased to your main account,
  bypassing ESec.
7 leave your pending queue ALONE for the most part.  don't babysit
  the queue by deleting messages that you're sure are no good -- you
  will do more harm than good.



* Caveats:
1 whitelists/blacklists do not deal with multi-line fields in header
2 sorting by date doesnt quite work with eseccgi.pl
3 some bounces that esec should pick up may end up in your inbox --

Pre-Requisites:
qmail 1.03
vpopmail (any of the 5.x series should work fine)
database server (with just about any DBI compatible driver)

ESec is known to behave correctly using MSSQL (freetds 0.62.1
with dbd::Sybase 1.02) and MySQL, and should work with just about any
DBI driver; Simply set the $dsn variable appropriately.

Future versions of eseccgi.pl will display the question with each
letter displayed in an image with a random font on top of a random
background (take that, spammers!).

It is Highly recommended that you add the following entry in your
default header_whitelist:
X-Habeas-Swe-3: like Habeas SWE (tm)
X-TMDA.*
X-Delivery-Agent: TMDA\/.+

and to your default header_blacklist:
Subject: ADV.*

Future versions of ESec may do something special with TMDA signed 
messages, but for now (since spammers arent forging the fields), the
whitelist is good enough.

Note: all whitelists and blacklists are case insensive.

Note: All whitelists are honored over all blacklists.

main account must be in 'accounts' table.  This account must also have
a vpasswd entry.

A typical installation example:
   ~vpopmail/bin/vadduser username@example.com
   echo '|/usr/local/script/esec.pl username@example.com' > ~vpopmail/domains/example.com/.qmail-username:
   
   put username@example.com into the accounts and aliases table, I
   highly not using low security mode (1), as spammers will start to
   get their wares through.  High security mode is the default
   behavior.
 
   if you have more addresses that you want mail delivered to the
   username@example.com mailbox, simply:
   echo '|/usr/local/script/esec.pl username@exmaple.com' > ~vpopmail/domains/example.com/.qmail-alias:
   
An example where you dont want your main account filtered, but want
the alias accounts to be delivered to the main account's mailbox:
   put mainaccount@example.com into the accounts table.

   echo '|/usr/local/script/esec.pl mainaccount@example.com' > ~vpopmail/domains/example.com/.qmail-alias: