Make a Local Email Spam Filter

blogcybersecurityfossprivacytech
Post Details
File_name: Make a Local Email Spam Filter
Description: In this we will be making a email spam filter using a raspberry pi
Date: Feb 17, 2024
Word_Count: 729

In this we will be creating a spam filter using a Raspberry Pi to remove all the incoming spam messages.

This assumes that you already have a fully working Raspberry Pi with any of the Linux distros available with Systemd as an init service.

Note: This only works for unmonitored clients such as thunderbird and other offline FOSS applications. I have not tried it on online email clients like Gmail and other proprietary spying websites.

So, all that asides let’s make a spam filter that filters emails every 10 minute.

When it determines something as Spam, it creates an email with the Spam attached in the Spam folder. ISBG fills the email body with the assessment results and attaches the SPAM to the new email (disarm nasty things like tracking).

Install Spam-Assassin and enable it to run as a service

1sudo apt-get install spamassassin
2sudo systemctl enable spamassassin.service

Check

1sudo service --status-all #spamassasin should be in that list.

Configure Spam-Assassin

In order to mark spam email with *****SPAM***** in the subject, go to the /etc/spamassassin/local.cf

Uncomment the part that does that and make a change to contact and hostname information (system-wide setting):

1# Add *****SPAM***** to the Subject header of spam e-mails
2
3rewrite_header Subject *****SPAM*****
4report_contact isbg@SpamPi.net
5report_hostname SpamPi.net

Then go to the local pi user directory and find /home/doomgate/.spamassassin/user_prefs. This helps prevents changes due to upgrades of Spamassassin You can set the scoring for SPAM a bit more aggressive:

1# Set the threshold at which a message is considered spam (default: 5.0)
2
3required_score 2.8

Also added whitelists and discovered not to use " or , signs. I gave the example for blacklisting in commented style:

1# Whitelist and blacklist addresses are now file-glob-style patterns, so
2# "friend@somewhere.com", "*@isp.com", or "*.domain.net" will all work.
3# Added note do not use the quotes and comma and multiple lines with keyword are allowed
4whitelist_from someone@coldmail.com news@somecompany.com
5whitelist_from transactions@notice.somecompany.com
6#blacklist_from thebad@badhost.com

Installing ISBG.

Make sure you have pip3 installed (corresponding with Python3 which we check as well). Cause we will be installing this python3 package called isbg.

1sudo apt-get install python3
2sudo apt-get -y install python3-pip
3sudo pip3 install isbg

Almost there…

Actually we are done… Try running it:

1isbg --help

OK, just to get an idea of your IMAP structure run this to get a list (Note: you can append the --savepw to have isbg remember your password in a local obfuscated file. My Raspberry is not seen from the internet but think twice about your setup here)

1isbg --verbose-mails --imaphost <<Provider_IMAP_HOSTname>> --imapuser <<USER_as_you_would_logon_in_webmail>> --imapport <<YourISPKnows>> --imaplist

Since I use email on my mobile device in POP3 mode (I like a mail archive while on the road) and my desktop in POP3 mode, I figured it would be best to have the output written to my Spam folder and create an extra IMAP account of the existing email account on my mobile device. From each email address I now have an IMAP version. That way I can monitor the IMAP ‘Spam’ folder. If something gets caught as SPAM that should not be there, I can read it, forward it to an unmonitored POP3 email box and also make changes to the settings of SpamAssassin on the Raspberry.

Configuring done. Time to setup a cron-job that detects spam messages every 10 minutes.

1crontab -e

Does the rest. Do not forget to mark your script as executable AND include a PATH variable in the Crontab. So this is my Crontab:

1# Set PATH variables in this crontab
2PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/local/games:/usr/games
3#
4# m  h dom mon dow   command
5*/10 * * * * bash /home/doomgate/isbg/isbg_washer.sh

Also for testing purposes I added a rule in the user_prefs:

1# Added test to provoke a message to become SPAM for testing purposes
2body LOCAL_MAKE_SPAM_RULE    /\bThis triggers it\b/i
3score LOCAL_MAKE_SPAM_RULE  101.1
4describe LOCAL_MAKE_SPAM_RULE     if text is seen then message is SPAM

Also. I like the SPAMhaus list and think the default scores are a bit low. Override them in user_prefs if you like:

1# UPGRADING scores of SPAMHaus listing
2score RCVD_IN_PBL 5.0
3score RCVD_IN_XBL 5.0
4score RCVD_IN_SBL 5.0
5score RCVD_IN_CSS 5.0

Finishing my setup here’s a small script with commands that runs all the code required.

1#!/bin/bash
2#exec &>/home/pi/isbg/cronjob.log    # you could uncomment this to look at CRON output if something is not working
3isbg --imaphost <<Provider_IMAP_HOSTname>> --imapuser <<USER_as_you_would_logon_in_webmail>> --imapport <<YourISPKnows>> --partialrun 10 --spaminbox Spam --delete --expunge