Spambounce is a simple Perl script written by Sylvain Robitaille <syl@alcor.concordia.ca> which accepts an email message on standard input, and as output sends a complaint about the email message to responsible contact addresses for the computer system that handed the message to the local mail server. To determine contact addresses, Spambounce performs a Whois search on the IP address of the sending computer system. It also Cc:'s the contact address from that host's DNS SOA record (or the SOA record that it could find nearest the host).
The outgoing complaint includes a copy of the offending message's headers, but none of its body contents.
Spambounce has evolved, although rather slowly. This latest version includes some corrections to the regular expression that matches a local "Received:" header and the ability to compensate for sites that list their contact addresses as "root@localhost" (for example). There's also an attempt to better handle the RIPE WHOIS data than in previous versions.
When operating in List-Only mode, Spambounce prints the previous hop's hostname (or IP address if the hostname is not available) on standard output. No complaint is sent.
This is useful for users who want to create a list of hostnames from which they have (perhaps recently) received spam. Such a list can then be used in local filtering mechanisms, for example.
This software is free to use in any way by anyone at any time. The only restrictions placed on the software is that none of the code may be claimed to belong to, or have been created by, anyone but the original author. Modifications to the code should be appropriately credited to their corresponding authors.
Users of this software may not hold the author responsible for any loss or damages resulting directly or indirectly from use of this software, whether in its original or any modified form. The author promises that the original code performs as described above, but makes no claims or warranty as to the fitness of this code for any described or implied purpose.
The above is really just a fancy way of saying don't take my word for this software's description. Read the code, and be sure to modify it according to your own requirements. If you use any portion of this software in whole or in part, in any other software product, or as part of a package, commercial or otherwise, I want to be credited for my work. If the resulting software or package is released commercially, a complementary copy would certainly feel like approriate compensation.
Spammers have long ago automated the act of sending spam, and service providers automated the act of responding to complaints about spam, but there seems to be a lack of automated tools to complain about the spam.
A couple of years ago, a certain virus-detection software vendor took it upon themselves to begin selling spam-detection software that automatically sends complaints to the "perceived" originating site, based on trivially forged header information. People are (were?) paying money for software that purports to complain to the correct people about the spam they receive, but the complaints were going to an innocent third-party, who was frankly at least as much a victim of the particular spam message as the recipient was. For what it's worth, at the time of this writing, it has been a fairly long while since I last saw such a misdirected spam complaint.
Still, it was this software that prompted me to endeavor to "do it right". It would certainly have been much simpler to simply parse the message headers for the first one added by a local mail server, then complain to "abuse@" and/or "postmaster@" the site corresponding to the previous hop. In practice, however, I found that many of the service providers that have systems being used by spammers either don't honor these common aliases, or have them directed to a mail box that for some reason or another is perpetually full.
By looking up Whois and DNS contact addresses, we stand a better chance of reaching someone who actually might care that one of their (or their clients') computer systems is being abused by spammers.
This Perl script was written and tested with Perl 5.8.0, but there's nothing in the code that isn't expected to work with just about any version of Perl5. The script was developped on an AlphaServer DS25, running DEC/Compaq Unix 5.1A, with a locally installed Perl, but it should work on any system that can run a Perl interpretter with the two required external modules, and a mail transport agent at least equivalent to Sendmail.
It requires two Perl modules (plus any that are required by these) to function:
Net::DNS provides the DNS lookup for the SOA record of the sending host's IP address, and Net::Whois::IP provides the Whois lookup information. Both of these modules are available via CPAN.
It requires a mail transport application, such as Sendmail, which can determine the recipients of an outgoing message by reading the headers of that message, fed to its standard input.
Other than that, this script is expected to work with just about any reasonably typical Perl installation.
IMPORTANT: If you don't configure this script properly, the complaints it sends out will be meaningless. It will not correctly find the Received: line added by your mail server (which is how it finds the previous hop to your mail server), and will not have a meaningful return address. PLEASE read the script, and adjust configuration items as necessary for your site.
For starters, check and adjust the shebang (#!) line at the top. You'll probably need to adjust the path to the Perl binary (or remove the path altogether and let your shell find the binary by way of your command search path), but please do not remove the '-wT' command-line switches. These help ensure that the script will run as expected and will not try to use any data that it has not verified for sanity, in a dangerous manner.
Next, at line 57, supply a command to a mail program that will deliver the outgoing complaint. By default, this script is configured to use Sendmail with the '-t' option, because it will need to read the outgoing message to find the recipients. Other mail programs may require different command-line options to provide the same functionality.
Line 60 is the subject line of the outgoing complaint.
At line 63, be sure to set a reasonable path for your system. This will most likely require the path to the directory where the mail program you configured at line 57 resides. There isn't any other part of the script that uses the path.
Lines 68, 71, and 74-81 are the key lines to finding the first Received header by a local mail server. In an environment where more than one system might handle an incoming mail message, it's important to find the one that indicates the message being received from "the outside". Lines 74-81 look much worse than they really are. If your mail servers do not use a recent version of Sendmail, you'll probably need to adjust these extensively so that Received: lines added by your mail server(s) match. If your mail servers don't all use the same mail transport software, I wouldn't even know where to begin ...
You might see fit to alter the order of (or add to) the possible contact addresses looked up in the Whois database. See lines 291-293.
Be sure that the email address at line 458 corresponds to a properly received (and read!) email address for your domain, (and that you are the recipient of mail sent to that address!) I strongly recommend that any site which sends email be able to receive email sent to "postmaster@" and "abuse@" for their domain. Unfortunately, use of this script will result in numerous bounces and auto-replies sent to either the email address at line 458, or the user@hostname of the user the script is running as. The addresses the complaints get sent to frequently have mail spools that are over quota, or just plain out of disk space. The bounces and auto-replies should certainly not result in further complaints.
On the odd occasion, you'll hear back from a real human being who appreciates the report, and is letting you know that appropriate action was taken. It's usually worth thanking them ...
That's about all there is to it.
Feed the script on standard input with the full contents (in particular, the complete message headers) of a spam message. How to do that depends on which mail client software you use, but for example, with Pine, you would "pipe" the "raw" message to this script. In fact, Pine makes it easy to fire off numerous spam complaints using its aggregate function to pipe selected messages, in turn, to individual instances of this script.
Note that this script will only work on one message at a time, so you can't feed a Berkeley mail mailbox format file to it and expect it to complain about more than the first message it will find. The Pine method (certainly most other mail software must have similar functionality, to pipe each of a set of selected messages to an external program) is strongly recommended.
Don't automate the use of this script beyond anything that permits you to verify that the messages being complained about really are spam before the complaints go out. You don't want to accidentally complain about someone's vacation auto-responder that happened to trigger your spam-detection rules, or mail bounces, or mail that simply isn't really spam.
If you do accidentally send a complaint about a message that wasn't spam, a polite apology will normally set things straight. The script syslogs its actions, so although you may need to do some manual searching, you should be able to find the addresses that complaints were sent to.
Some contacts you reach will claim that you can't complain to them about messages coming from one of their clients, and that you should complain to the clients. Whether you agree with that will affect how useful you find this script.
Certain sites, in particular those in RIPE's jurisdiction will notify you that your complaints are being sent to the wrong contact address. This script can only complain to those contacts it finds listed for a site, and in practice, most recipients have seen fit to forward misdirected complaints to the appropriate individual(s) within their organizations when asked politely.
Perhaps as more organizations receive automated spam complaints, they'll make it easier to mechanically locate appropriate contact addresses.
If you find any bugs or omissions in this script, or if you have made modifications to the script that you feel provide general improvements beyond the scope of your own site, please do not hesitate to contact the author at the address noted above. There is no guarantee that any immediate effort will be made to correct the reported bugs, or implement suggested changes, but only by contacting the author can you ensure that these will even be considered.
Please do not contact the author with questions regarding how to use or install mail client or transport software, Perl, or Perl modules. There are so many better support channels available via Netnews and mailing lists, and these will most certainly provide more immediate responses.
Notes of thanks are always welcome, of course! :-)