{"id":17998089,"url":"https://github.com/cookiengineer/antispam","last_synced_at":"2025-08-11T15:08:16.041Z","repository":{"id":185063509,"uuid":"671228575","full_name":"cookiengineer/antispam","owner":"cookiengineer","description":":construction: :rocket: Spam Database and Classifiers for automated usage :construction:","archived":false,"fork":false,"pushed_at":"2025-05-12T12:49:18.000Z","size":612,"stargazers_count":37,"open_issues_count":0,"forks_count":0,"subscribers_count":2,"default_branch":"master","last_synced_at":"2025-08-10T15:03:12.604Z","etag":null,"topics":["golang","postfix","spam-classification","spam-detection"],"latest_commit_sha":null,"homepage":"","language":"Go","has_issues":false,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"agpl-3.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/cookiengineer.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE_AGPL3.txt","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2023-07-26T20:55:05.000Z","updated_at":"2025-06-06T15:01:03.000Z","dependencies_parsed_at":"2023-10-03T03:13:12.957Z","dependency_job_id":"1c07946d-1113-47d9-9d6d-bba98855344d","html_url":"https://github.com/cookiengineer/antispam","commit_stats":null,"previous_names":["cookiengineer/postfix-spamdb","cookiengineer/antispam"],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/cookiengineer/antispam","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/cookiengineer%2Fantispam","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/cookiengineer%2Fantispam/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/cookiengineer%2Fantispam/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/cookiengineer%2Fantispam/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/cookiengineer","download_url":"https://codeload.github.com/cookiengineer/antispam/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/cookiengineer%2Fantispam/sbom","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":269908135,"owners_count":24494516,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-08-11T02:00:10.019Z","response_time":75,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["golang","postfix","spam-classification","spam-detection"],"created_at":"2024-10-29T21:23:56.056Z","updated_at":"2025-08-11T15:08:15.996Z","avatar_url":"https://github.com/cookiengineer.png","language":"Go","funding_links":[],"categories":[],"sub_categories":[],"readme":"\n# antispam\n\nThis project is my attempt to fix the LLM spamming and phishing problem.\n\nThis repository reflects the spam that I or the networks under my protection receive on\na daily basis. It also includes providers that refuse to abide with the `abuse@` report\npolicies because they have a conflict of interest to their paying customers (obviously).\n\n![screenshot](./guides/screenshot.png)\n\n## Dataset\n\nThe dataset is maintained in the [insights](./source/insights) folder. It differs between the\nfollowing types of entries:\n\n- [hosts](./source/insights/hosts) which are specific domains that cannot be blocked by other means (yet).\n- [spammers](./source/insights/spammers) which are known to offer spam campaigns as a service (usually under the umbrella of AI targeted marketing campaigns).\n- [spammers/unblockable](./source/insights/spammers/unblockable) which are known to send a lot of spam via e.g. Google Forms Scams or Microsoft Azure to bypass Microsoft Exchange Filters.\n- [phishers](./source/insights/phishers) which are known to send phishing and malware campaigns.\n\nThe abstractions behind the scenes use a form of longest-prefix hashset maps which allow this\nto be computable in a faster manner than with tries. The standalone library is available as\nthe [golpm](https://github.com/cookiengineer/golpm) project.\n\n\n## Usage\n\nThe usage of this tool is intended to be used via `cronjob`s or via `exec` or `filter` event.\nIt can be used manually on the `eml` files or directly on incoming email buffers via `stdin`.\nSee the below Postfix and Dovecot Configuration sections for more details.\n\n```bash\n# View usage help\nantispam;\n\n# View an email and check for spam indicators\nantispam view path/to/mail.eml;\n\n# If an email is spam, return exit code 1\nantispam classify path/to/mail.eml;\n\n# Mark an email as spam, output new spammer ready for pull-request\nantispam mark --json path/to/mail.eml;\n```\n\n\n## Building\n\nThe build [toolchain](./toolchain) is implemented in `go`, so you only need to install `go` first.\n\n```bash\n# Install go compiler/framework\nsudo pacman -S go;\n\n# Build binary\ncd /path/to/antispam/toolchain;\ngo run build.go;\n\n# Execute binary\ncd /path/to/antispam/build;\n./antispam-linux-amd64;\n```\n\n\n## Toolchain\n\nThe following tools are available to manage large folders of spam/malware/phishing emails. In order\nto use them, copy your email files to the [mails](./mails) folder and run the scripts afterwards.\n\n```bash\n# Cleanup spam\ncd /path/to/antispam/toolchain;\ngo run cleanup.go --spam;\n\n# Cleanup from allowlisted domains\ngo run cleanup.go --from=\"@example.com\";\n\n# Show whether E-Mails are classified as Spam or NotSpam\ngo run learn.go;\n```\n\n[build.go](./toolchain/build.go):\n\n- `go run build.go` generates binaries for `linux/amd64` into the [build](./build) folder.\n- `go run build.go --debug` generates binaries with debug symbols into the [build](./build) folder.\n\n[cleanup.go](./toolchain/cleanup.go):\n\nThe cleanup script removes all files in [mails](./mails) that match its selection criteria.\n\nThis is intended to skip emails from trusted sources, no matter whether they are classified\nor spam or not. Take a look at the [cleanup.sh](./cleanup.sh) for examples.\n\n- `go run cleanup.go --from=\"johndoe@example.com\"`\n- `go run cleanup.go --from=\"@example.com\"`\n- `go run cleanup.go --domain=\"example.com\"`\n- `go run cleanup.go --spam`\n\n[discover.go](./toolchain/discover.go):\n\n(Currently work-in-progress, so use with manual oversight)\n\nThe discover script tries to combat the shell game that certain cyber terrorist nations are playing\nto avoid international sanctions. This is intented to discover e.g. Russian, Iranian or Chinese\nphishing/fraud companies that are part of international scam and malware campaigns.\n\n- `go run discover.go --domain=\"example.com\"` discovers neighboring ASNs that are likely spam providers, too.\n\n[learn.go](./toolchain/learn.go):\n\n- `go run learn.go` classifies all files in [mails](./mails) and shows the reasons.\n\n[postfix.go](./toolchain/postfix.go):\n\n- `go run postfix.go` generates `postmap` compatible files into the [build](./build) folder.\n\n\n## Postfix Configuration\n\nThe Postfix configuration is documented in [POSTFIX.md](./guides/POSTFIX.md) and uses\nexternal `postmap` blocklists to block network prefixes and domains. Postmaps files\nare shrinked, meaning the shortest prefix length prevails (e.g. `1.2.3.0/24` will be\nremoved if `1.2.0.0/16` is blocked anyways).\n\n\n## Dovecot Configuration\n\nThe Dovecot configuration is documented in [DOVECOT.md](./guides/DOVECOT.md) and uses\nan external `sieve` script to pipe incoming mails to the [antispam-sieve](./source/cmds/antispam-sieve/main.go) wrapper.\n\n\n## Pull Requests\n\nPull Requests are certainly welcome! I don't like spam, and so do you, I guess?\nSo let's fight spam together!\n\nIf you want to contribute a new Spammer entry (generated via `antispam mark --json \u003cfile\u003e`,\nplease make sure to use the same naming scheme for the files.\n\nEach spammer organization has a separate JSON file, containing an Array of [structs.Spammer](./source/structs/Spammer.go).\nFor example, [Amazon](./source/insights/spammers/amazon.json) contains the `structs.Spammer`\ninstances for Amazon US, Amazon EU, Amazon JP etc.\n\n\n# License\n\nAGPL-3\n\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fcookiengineer%2Fantispam","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fcookiengineer%2Fantispam","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fcookiengineer%2Fantispam/lists"}