Slashdot Mirror

Given the amount of spam that comes from Comcast already, I think it's already time to blacklist them.

Agreed... the world would be better off if "Comcast" focused it's weak little abuse department its way out of control SPAM crisis...

It's part of their FAQ. Hee hee

Guess someone took 'em up on it...

Ironport, the owner of Spamcop, allows you to deposit a bond to certify that your e-mail is legitimate. More info at www.bondedsender.com.

Nice try Anonymous Troll^H^H^H^H^HCoward...

Pinging www.ussg.iu.edu [129.79.5.61]:

Ping #1: * [No response]
Ping #2: * [No response]
Ping #3: * [No response]
Ping #4: * [No response]

Done pinging www.ussg.iu.edu!

SpamCop query on 129.79.5.61

For my e-mail server I filter out domains that spammers use.

These blacklist runners have just become more desperate and irrational than the spammers.

it seems like all it takes is one dimbulb somewhere to decide (usually erroneously) that something is spam, and one of our hosts will wind up on the spamcop list. They've really gone around the bend.

Also consider the SpamHaus Block List which targets known spam operations (details on their ROKSO list).

The spam may originate from spammers in the USA the actual junk is relayed through chinese trojanned machines all around the world. Mind you, if you look at the list of top relay domains roadrunner and comcast are right up there.

Anyway, if you want to block whols isps or countries check out blackholes.us who offer blanket cull-all blacklists for any mail coming from the sources you choose.

Can anyone suggest a decent, doesn't have to be perfect, server side anti-spam filter?

Don't waste your time implementing a content-based filter. The best solution is to incorporate a real-time spam relay blacklist. I recommend bl.spamcop.net. It's very effective and accurate with an extremely low legit mail blocking rate.

RBLs are great because they refuse spammer connections before the mail even gets delivered, so you don't waste bandwidth and system resources downloading spam crap and trying to interpret the contents. RBLs respect the sanctity of the e-mail message as a private communication medium and penalize those ISPs which allow spammers to operate.

If you're using Sendmail, you can also hard-code some of the IP regions where tons of spam is originating (signal-to-noise ratio for most people on the Chinese IP blocks is 0% so why allow them to hit your server in the first place? A few lines in your /etc/access file such as: "connect:218 REJECT" will knock off about 200-5000 spams per day utilizing minimal system resources).

Personally, if you want to get aggressive, block the following Class As: 61,80,81,82,83,142,164,193,194,195,196,200,201,202 ,210,211,213,217,218,219,220,221 and you'll stop a TON of spam from a lot of foreign countries you likely never communicate with.

Set up a web-based e-mail form and put a link to it in your Sendmail access configuration so that if any legit mail gets bounced, they can redirect to a web page to contact you in the [unlikely] event they were inappropriately blocked.

...The trick is to never silently discard an email. It's much better to send a friendly error message...

I have direct experience with this gained from the past few weeks of viruses. I run a disposable email address service which includes virus filtering on all emails. The latest batch of viruses are sending out spams to addresses to our domain (as well as other companies and domains). As required for really "good" spam, the "From:" addresses are being being spoofed.

My point here is that I had the "friendly error message" enabled, saying something like "Hey, you sent a virus and you may want to check your computer." Unfortunately, there was probably such an abundance of these unsolicited email replies (i.e. those who received these notices were the spoofed folks who didn't actually send the email) who in turn submitted the emails to SpamCop. Disabling the "nice notice" feature has brought us back into compliance, as it turned-out it the notices just really weren't helping.

This is just one example of how trying to be helpful ends-up getting ourselves in trouble. Thanks a bunch, spammers! It is *very nice* though, to watch the virus log tick-away each time it snags a virus, though. Other ISP-types should really be doing the same.

Because by and large, it is.
If you look through Spamcop's stats on spamvertised websites you'll notice that a goodly portion of them use .biz, .info, and .us as TLDs. While your domain may be the exception, and I completely agree that blocking an entire TLD is a bad idea; If most of the noise is coming from .biz, .info, and .us, the fastest way to silence it is to block those TLDs. It is a pretty ham-fisted, but effective means of blocking spam (until somebody legit tries to contact you from a .info, .biz, or .us; at which point you'd better have a good explanation for why you're blocking legitimate email (unless of course its your personal email server, in which case you answer to nobody).

I purposely have a couple spam E-mail collection addresses at the bottoms of all my websites (see link above). They are routinely collected by spam bots. If I receive a message to one of those addresses, the E-mail is not only auto-reported to Spam Cop but the sender IP is temporarily blacklisted on my mailserver.

You wrote that the freemameroms service cost you less than ten dollars, which I'm assuming are USD. However, not everybody is that lucky. For some users, it also costs 30 USD per year for a paid e-mail service provider, as the operator of the service refuses initial contact e-mail from paying members of the MSN ISP for spam prevention reasons. In some geographic areas, the butterfly is the only available residential cable-or-DSL Internet access provider.

Considering lots of it is advertising US products in US units, the US is either the target and/or producer for an awful lot of spam...

Blacklisting a whole network like UUNet, which -- that's the problem -- does not only host spammers, is exactly the approach that doesn't work, at least if you're relying on the Net for anything serious.

Imagine a company using black lists such as SpamCop: once in a while, they would happen to bounce customer email and the reason would be "you are spam"!! Not great customer care. Same goes for any communication of a company with the outside world (recruitment, PR, technical collaborations...).

That's why the solution cannot be blacklisting. You gotta find better than that!

Spammers can sneak into even the most STRINGENT anti-spam ISP network. A stolen credit card that works only once gets a spammer an account that can deliver many thousands of letters before they're shut down.

UUnet isn't spam-friendly anymore than Rackspace is spam-friendly.

Spam is going nowhere until good authentication techniques are implemented internet-wide.

I can definitely say that Can-Spam is not working. I saw a definite increase in the amount of spam I receive per day. My employer is also trying to deal with it, but so far without a lot of success. With around 500 employees, we're receiving on the order of 300,000 emails per day, most of which are spam. I like the idea of a bounty on spammers. They should legalize bounty hunting of spammers, where a licensed bounty hunter sues a spammer at the request of the spam recipient. Bounty hunters could compete by offering different percentages of their winnings. If we did this, I imagine spam would dry up in this country real fast. Besides going after the spammer, they should also be able to sue the company paying the spammer to spam. Of course if it's a joe-job then the spammer should get fined triple damages, with the extra damages going to the victim. I'm getting hit right now. Some spammer is using one of my email addresses as his from address to mass-spam a virus. I've received literally hundreds of bounced emails, unfortunately most of which do not have enough information to track down the perpetrator. I know I've probably pissed off a lot of spammers because I typically report any spam I receive immediately through Spamcop. It's a bit of work, but anything to cost a spammer money and hurt a spammer is a good thing.

And I'll vote as such with my wallet. I've switched ISP's probably 8 times before sticking with Charter cable

And I've just received a spam from them...

the recipient's ISP is also a recipient, and they usually pay by the gig but cannot normally pass that cost on to the customer...

Yup, it's really anti-Joe-job more than it's anti-SPAM. I wish web mailbox sites would use it too.

http://www.ifn.net/classic/rblstory.htm covers SPEWS in detail (i don't agree with all of it, but it is pretty spot on).

but you are sure to find lots more on http://www.google.com/search?q=spam+hate+spews.

Notice how it seems to be mostly innocent people complaining about SPEWS and the way it operates?

I hate spam just like the next guy, so I would recommend the wonderful Spamassassin and use it with Spamcop.

My less technical friends have no problem mailing me because I use a mailto link on my homepage.

I use a separate yahoo address for shopping. I don't want my shopping information to be linked to my personal website. The spam from the yahoo address is also fed to spamcop.net. Sometimes I also use one-time hotmail addresses to buy from dealers with high spam risk. I simply stop using those accounts and forget the password once the transaction is complete.

Please report these to the company on their site. They have a form for reporting these, which is much like SpamCop's form. SpamCop reports the abuses to all ISPs involved. Additionally, reporting it to Habeas allows them to add the senders to their blacklist, which is already used by some mail blockers (SpamAssassin already uses it by default).

I got one of these emails last week, reported it right away, and haven't seen another since. Habeas may not be able to sue (yet|ever), but they've already fixed the problem to a great degree by providng the blacklist.

1. Wow? Spammers subvert content-based filters? Say it isn't so???? Get real!

Client-side filtering is a band-aid on a malignant tumor growing out of control. It will NEVER work, EVER. It requires constant updating and monitoring to avoid blocking legitimate e-mail and is a black hole of resources, time and money. Because of the ROI, spammers have more incentive to crack the filter than filter companies do to block the spammer.

If you're using client-side (or even server-side), content-based spam filtering, you're only hurting yourself. It's better to get a few spam messages than miss a critical communique, which can cost you a lot more. But feel free to piss in the wind - it seems to be in style anyway.

RBLs, and specifically Spamcop's Relay Blacklist are much more effective than content-based filtering.

2. Spammers break into systems, STEAL bandwidth and network resources. Almost all of them break various laws in virtually every region they operate.

3. The authorities are too busy detaining little old ladies at airports for posessing a fingernail clipper, suing 13-year olds downloading Bobby McFerrin, and raiding Tommy Chong's house to care.

4. Spam will disappear when the major network providers endorse a centralized SMTP whitelist. The reason why nobody talks about it, is that it's a cure for the spamedemic and there are a lot of companies out there, including all the ISPs that profit from spam.

whereas spam domains are a bit slower
Actually, if you have a look at the Spamcop inprogress stats you'll notice that the spamvertised domains change pretty quickly. I use this exact type of filtering at work and I have to stay on my toes to harvest the newest domains. On the other hand, it seems to have VASTLY cut down on the amount of spam my users receive.

Everyone is complaining that no solution works against the spam problem. True, there is no single magic bullet. But instead of throwing up our hands and yelling that we are screwed and let the bastards over run us, we need to break the problem down into workable chunks.

Do you remember how much Norton Antivirus spam you used to get? It's all but gone now. People complained to Symantec and Symantec went hunting. It's one less profitable avenue for spammers to go down. (Now we just need to get Pfzier/Viagra to get a clue.)

There is a lot out there. Don't burn yourself out on it. Just pick your favorite pet peeve and go after it. Report it to the people who will care the most.

Forward your spam about:
- Norton to spamwatch@symantec.com
- 419/Nigerian scam to 419.fcd@usss.treas.gov
- Ebay account scam to spoof@ebay.com
If anybody has anymore let me know.

I make a point of forwarding any spam that has made it past my filters to my spam cop account www.spamcop.net

I set up a distribution list that forwards to both this account and to the FTC: uce@ftc.gov

Also fun is the FDA's over the counter fraud e-mail address: otcfraud@cder.fda.gov (I know I have more penis pumps than I could ever use).
Are you running Java already? This takes no effort!
www.astrobastards/uc runs a client on your PC that works with a team of spam fighters by filling in the forms for all those "mortgage loan" spams with believable junk. This is not a DOS attack. Since we have been invited to fill out their contact forms we go ahead and do so. Now when all those insurance & mortgage firms pay the spammers $20 per lead they will get pissed that they paid for garbage. Suddenly prices per address will drop from $20 to $10 to $5 to .05. Eventually it will make it unprofitable to collect contacts this way. We don't fill in credit card information so we don't do anything illegal.

Do you get a spam with an 800 number? Call it & tell them you are pissed. It's their dime.

DOSsing them sounds like the best idea, until spammers start carrying links like this one.

That The company regularly blocks 75-80% of all incoming mail as spam! does not necessarily mean that it really was spam though, I recently had to turn my ISP's spam-protection off - too many false positives. With cable, it makes more sense to check for spam at my end using a Baysean filter.

WTF? I really mean WTF?

Do you have any idea what range of people use spamcop, what they report and what IPs get listed on spamcop? Have you heard of SPAM-L, yeah their double opt-in confirm at every step process doesn't stop idiots from reporting SPAM-L mails as spam to spamcop and getting the IPs of people who contribute to SPAM-L blacklisted. Here is one for you.

There is no doubt that some idiots prefer to use spamcop as an unsubcribe service rather than to try to unsubscribe from mailing lists that THEY have subscribed to. This is obviously pretty effective as they certainly cause the owners of the lists enough grief that they will be removed and never allowed back on. As long as spamcop can be abused in this way many list admins will be pissed off and think poorly of it.

But I must just be a spammer right? Everyone who sends mailers is a f***ing spammer contibuting to the crapflood of spew thats killing email. WTF?

This blocking list is somewhat experimental and should not be used in a production environment where legitimate email must be delivered. It is growing more stable and is used by many large sites now. However, SpamCop is aggressive and often errs on the side of blocking mail - users should be warned and given information about how their mail is filtered. Ideally they should have a choice of filtering options. Many mailservers can operate with blacklists in a "tag only" mode, which is preferable in many situations.

yeah. i got this phisher e-mail too. 211.154.171.106 appears to be a compromised box, some lame cracker used to set-up their phisher site at /li_pi n/verification/step1_e.htm .

mm. it looks like eventually the script that gathers all the sensitive info is this one: http://211.154.171.106/li_pin/verification/form2.p hp

Please submit a spamcop report for that phisher e-mail you just received. Basic reporting account is free, i recently purchased a yearly mailbox from them, i like what spamcop does for the Internet.

3. We loose customers when spam assassin doesn't keep up with spammers. They move to Earthlink and other providers that have more money to throw at the problem

Earthlink? That's interesting. I use spamcop to filter my spam, and I quite often get messages originating from various earthlink addresses. So, either some of their customers are also sending spam, or they're running open relays.

Not really. I have used spamcop for a while. You can set up spamcop's filtering service to use three different methods to filter your mail simultaneously:
(i) You can have it check the source against a number of different open-relay databases. Only one of these is maintained by spamcop itself. The rest are maintained by other people. You can select which one(s) to use.
(ii) You can also chose to have your e-mail run through Spam Assassin.
(iii) You can also set up your own custom filters, and your own whitelist and blacklist.

If spamcop did anything to let spammers "get around" those measures, they would loose all of their clients overnight!

There is a second part of spamcop's service: You can also "report" spam you receive. Spamcop has an engine which analyzes the e-mail headers and attempts to determine the actual origin of the spam. You can send a report to the administrator of the network to let them know that they are running an open relay, or that one of their users is a spammer, etc. Go take a look at the website (www.spamcop.net) yourself for more details - there's a big FAQ.

But Haight, who will stay with company, says he is concerned that the Bonded Sender program is too lenient. "I am not sure all its standards are tough enough," he said.

His comment was about Bonded Sender, not SpamCop.

Politicians are useless. Law enforcement bodies don't even have cyber-crime issues anywhere on their priority list, much less the resources to fight it.

I encourage the population to engage in a number of active efforts to negate the value all these advertisers have, and their tendency now to bombard us all into oblivion with their repetitive, misleading and obnoxious messages.

* When you get spam, report it to Spamcop. Don't even bother with cutting-and-pasting the html source, the web hosting companies of spammers don't care about complaints. Make sure the complaints go to the ISPs who manage the IP space the spammer is operating from. But more importantly, when you report spam to spamcop, the source gets immediately flagged as a spammer and thousands of systems around the world refuse to accept mail from the source. It's VERY effective and the sooner you report spam, the more effective it is. The crap messages don't even get to peoples' mail servers this way. It WORKS!

* Turn off your TV and refuse to let yourself be turned into a quivering ADHD blob with the constant barrage of commercial suggestions. If you must watch TV, do yourself a favor and get a TiVo (it will be the best money you ever spent) and record what you want, when you want, take back your life and best of all skip the commercials!

* If you're feeling the need to waste time complaining, send a letter to your congressman and senators telling them that if they don't put more resources into cyber-crime enforcement you'll make it the center of your life to ensure they can't get elected to anything ever again.

* Spread the word that the only realistic solution to spam is licensing outbound mail relays via a sanctioned body that is nowhere near as incompetent as ICANN. We need an opt-in, international SMTP mail relay whitelist with ethical rules for being included.

* If you've had any bad experiences with companies who've ripped you off, do us all a favor and put up a web page on it and list it with the search engines. Peoples' apathy towards getting railroaded encourges the continuation of these scams. Know someone who's been burned by home-mortgage scams? Publish it! Put it out there forever. Every little bit helps to educate the feebleminded populace,make them more skeptical of suggestions (as well as editorial packaged as "news") and negate the value of quantum advertising.

* Forget client-side e-mail filtering as a spam solution. It will never work and it is a black hole of resources, time and money. Filtering is good for viruses and idiots who still insist on clicking attachments, but it won't ever do much for the spam problem.

* Encourage your ISP to employ relay blacklisting to thwart spammers so they can't even connect to remote systems.

* If you still find yourself occasionally watching tv and are annoyed at misleading ad campaigns, do what I do: dial the 1-800 number repeatedly over the course of the commercial's airing, making the advertiser's efforts counterproductive and sending a message that you're tired of being bombarded, emotionally manipulated and lied to.

* Don't buy any products advertised in any manner in which you find offensive or annoying regardless of the quality/desireability of the product.

* If you still feel your penis isn't big enough, just go to the local store and buy some multi-vitamins or just deal with it. You don't need a bigger penis, newer car, a George Forman grill, closet organizer, no-money-down real estate, second mortgage, questionable mexican placebos packaged as drugs, or to see Holly hump a German Shephard. Pick up the phone and go hang out with friends who like you for who you are and don't buy into the media's constant message that you're inadequate and money will solve this.

maybe the spam you get does, but most of the spam I get comes from Asia and South America. I sincerely hope you don't just see the masses of email that say they are from aol.com, hotmail.com, msn.com, and yahoo.com and believe them without tracing the headers (have a look at spamcop.net if you're not at all familiar with it). Basically Spam only comes 'from' the U.S. en masse in that there are people in the U.S. who offer the service of sending it. But they actually use offshore PCs, mostly in Asia and South America, because they would be perpetually signing up for new service providers if the used domestic servers, as the ISPs drop customers very quickly for such actions.

Personally, until I have confirmation from the source, I see nothing that warrants getting my knickers into a twist. As of this moment, the purchase plan is nothing but a rumor; kind of like the official release date for Duke Nukem Forever.

That's not quite correct. SpamCop uses a fairly simple, but quite effective weighting system that combines the number of reports and the age of reports to decide whether to block an IP or not. You can find out the specifics here if you want, but in a nutshell a minimum of *two* reports are required for a listing of just 24 hours. All IPs will be delisted 48 hours after the last spam complaint, which can be upto 5 days after the last spam was sent, as you imply.

Yes, mistakes can and do happen (I've seen Amazon and a popular mailing list blocked), which is why SpamCop recommends you don't use it as a DNSBL, but despite that I have found it to be the most accurate blocklist of all. I use three DNSBLs on my server (SpamCop, Spamhaus and my own local one) with an SMTP error verbose enough to pick up bounces. I've seen just *two* false positives, one from a mailing list and another an advert from Amazon. A simple "amazon.com OK" in my mail config fixed that permanantly, but that's not really an applicable solution for a big multi-user server.

If that kind of filtering makes you nervous, then a better solution is to configure something like SpamAssassin to check the DNSBLs for you and assign a positive score to the hits. If you adjust your SpamAssassin scores to reflect your personal confidence in each enabled service then the results are superb. For the last three months I've been running with the three DNSBLs listed above blocking IPs outright and SpamAssassin checking about half a dozen more for a match amongst all its other checks, plus a few custom ones and adjusted scores. The results are stunning:

• Two minor false positives on the DNSBLs
• Zero false positives from SpamAssassin (you rock!)
• Three spams of the meaningless content type arrived in my inbox (fixed by tweaking some SpamAssassin scores)
• A few thousand legitimate emails received
• Probably a similar number blocked or removed - who cares?

There are more headers than just the From header. One contains the IP of the sender's smtp server. This is what SpamCop uses. You can do the same yourself by running that IP through whois and sending an email to abuse@domain.tld, where domain is the domain name returned by whois and tld is the top level domain returned by whis.

Don't let yourselft be fooled anymore.

I doubt that any progress will be made in fighting spam until Microsoft/Apple include authentication options in their default mail applications.

Unfortunately, authentication is unlikely to do much to stop spam unless people use it with a personal whitelist of permitted senders. It is currently straightforward to track a spam email (SpamCop can do this if you paste the email in with full header information) but nowadays it typically comes from a cable/DSL user whose machine has been hijacked.

Spamcop has a detailed explainantion of the issues with the way the Outlook forwards mail. They also have suggested workarounds for Lookout's shortcomings.

If they even attempted to be accurate, it might be worth using to dump email from IPs on the list to a special folder for later sorting. As it is, they are nearly as bad as SPEWS.

Look at number 10 on this page

SpamCop now implements "pre-emptive" blocking of hosts. This is based on non-SUBE points (mail volume) alone, and is not related to complaints. If a host has no mail volume within the past 7 days except for a 1 day or less period where it does show volume, it will be listed. For example, a host which has no more than 24 hours history for sending mail will be listed under the assumption that it is most likely a new source of spam (since the great majority of new sources of email are sources of spam). After 24 hours, we hope that users will have had a chance to report spam from the new host - or not. If they do, then the other rules will list the host. If they don't (and the host keeps sending mail), then it will drop off the blacklist.

Not bad enough the accidental false positives. Now they block you just because you send any email at all.

If a host has no mail volume within the past 7 days except for a 1 day or less period where it does show volume, it will be listed.

Bullshit. My site has sent god knows how many emails since April, there has NEVER been a spam complaint on the IP address and likely never will be, yet I am receiving bounces from people using their "pre-emptive" blocklist.

Spamcop is bullshit run by a Seattle hippie with an agenda, namely that all commerce is evil and should be kept off the internet.

Because of caching, sometimes some things resolve and some don't... so, if www.spamcop.net doesn't work, try spamcop.net minus the www. Of course, if your mail server can't resolve their mail server properly, then submitted spam is a much bigger pain.

Because of caching, sometimes some things resolve and some don't... so, if www.spamcop.net doesn't work, try spamcop.net minus the www. Of course, if your mail server can't resolve their mail server properly, then submitted spam is a much bigger pain.

First of all, that's hardly intuitive. Your view settings affecting how you send it to other people? Ugh. I don't like it.

More importantly, it doesn't work. SpamCop is picky about the format and for good reason. Read their FAQ entry. They need a format that can unambiguously contain several whole emails exactly as they were. Full headers, text/html vs text/plain parts, etc.

More details: The in-line forward thing is intended for a human, and each mailer has a different format, usually containing ambiguity about where each message starts and ends (they are not fully rigorous about escaping the preamble). And it doesn't contain all the same information; the text/html parts might contain hyperlinks that SpamCop can analyze. It sends out emails to the upstreams of those sites that say their site was being spamvertised.[*] So a lot of important information is lost, and what is there is made more difficult - if not actually impossible - to parse correctly. I did actually try it, and SpamCop choked.

I am impressed that you managed to follow my hyperlink to something you'd claimed to have read anyway on only the second try. Keep it up.

[*] - They're a little more precise than that. The spamcop emails do mention that some people do Joe Jobs in which they spamvertise someone else's website to damage their reputation. And they contain either the actual spam or a hyperlink to it, so the administrators can decide for themselves.

What? All my Email Accounts, along with the accounts of most everyone I know recieve around 75-90% Spam.

Only my account that subscribes to bugtraq and some other security focus lists doesn't have such a ratio.
Anybody who subscribes to those lists (should be almost everybody B-)) Knows that that doesn't say mutch though, with 20 messages a day from some of those lists, it's crazy.

But I degress, one account I've had for around 4 years now would be broken due to spam if it wasn't for yahoo's nice filters, now I don't see a drop of it. But my 'Bulk Mail' folder will fill up my 4meg account often in about a week, and I only maintain about 100-200k of saved stuff in there. Oh well, I did a little research for other people paying attention to their ammounts of spam (maybe blatent karma whoring, but who cares hehe):

spamfryer?
Spam Cop
Why spam is bad - Apparently a personal spam site
HiWaay - Alabama ISP, keeping records and real time graphs.

Other Interesting stuff:
MyRealBox - Test bed for Novells Mail server development, checkout the license agreement to get a free mail box, seriously, apparently you must pay $10 for every piece of spam you recieve in the box... Please correct me if you see it differently.
The Cost of Spam

sites from google and SpamCon.

On the server:

rblsmtpd (DNS-based block lists) in front of qmail

DSPAM filtering pre-delivery

SpamCop for the ones who make it through.

I'm planning to add SpamCop reporting for the messages that DSPAM catches and there is also ongoing development in the project that will log IP addresses of machines delivering SPAM for local RBL use.

Procmail is your friend. Use it. In conjunction with SpamAssassin, you can filter it off to a folder to go send to SpamCop at your earliest convienence. While SpamCop officially discourages doing so, setting your mail server to reject based on the RBL bl.spamcop.net will save you some work (and money if you're a SpamCop member) by prohibiting mail from sites already reported by several people.

I use exim in conjunction with sa-exim to reject spam that scores high with Spamassassin, and to teergrube the luser. Since I'm the postmaster, I also have sa-exim give all the sa-exim rejected spam to my spam folder to report as well.

I have roughly 30 users. Almost all of them use my site for mail, since doing so is extremely spam hostile thanks to me, with very little inconvienence, if any, to legitimate mailers, which is the way it should be.

On an aside, I also use abuse.net's forwarding service to report hosts infected with viruses to their ISPs. I've been fairly successful, though it could be better. Roughly one third of the ISPs I contact suspend or terminate the user's account for it. I also maintain a net-lsearchable list of the last relay such infected messages go through before hitting my server. Feel free to use it for yourself, it's on my website.

Procmail is your friend. Use it. In conjunction with SpamAssassin, you can filter it off to a folder to go send to SpamCop at your earliest convienence. While SpamCop officially discourages doing so, setting your mail server to reject based on the RBL bl.spamcop.net will save you some work (and money if you're a SpamCop member) by prohibiting mail from sites already reported by several people.

I use exim in conjunction with sa-exim to reject spam that scores high with Spamassassin, and to teergrube the luser. Since I'm the postmaster, I also have sa-exim give all the sa-exim rejected spam to my spam folder to report as well.

I have roughly 30 users. Almost all of them use my site for mail, since doing so is extremely spam hostile thanks to me, with very little inconvienence, if any, to legitimate mailers, which is the way it should be.

On an aside, I also use abuse.net's forwarding service to report hosts infected with viruses to their ISPs. I've been fairly successful, though it could be better. Roughly one third of the ISPs I contact suspend or terminate the user's account for it. I also maintain a net-lsearchable list of the last relay such infected messages go through before hitting my server. Feel free to use it for yourself, it's on my website.

Try SpamCop, it's only $3/month and includes spam reporting tools as well. They won't host your web site though.

SpamCop.net Reporting Service can do much of what you ask.