Notice: The plugin has been updated since this posting.
I hate spam. I really hate spam. And I hate comment spam on my site. A few of you noticed about 764 of them yesterday morning when you visited here. I thought I was fairly well protected against comment spam, but the spammers are getting smarter. So I decided to raise the stakes a bit. Introducing the WordPress SpamAssassin plugin.
But wait, why bother with yet another anti-spam plugin when there are so many wonderful ones to choose from? And what’s SpamAssassin anyway?
SpamAssassin is a nice program designed for ISP mail servers that immediately rejects incoming spam before it ever gets anywhere near your inbox. However, it also has its own wire protocol, so you can write custom programs to speak to it. And that’s exactly what I did. It’s far from perfect, I’m sure, but I’m also sure it’ll improve given time and feedback.
Your web hosting provider may already be running SpamAssassin for their mail; contact them to find out the hostname for the SpamAssassin server and fill this in to the plugin. It’ll probably be the same as your SMTP server. If you’re self-hosted, you know where your SpamAssassin server is already.
Update 8 Jan 2005: Please download the latest version here.
Update 2 Jan 2005: Fixed issues with PHP on Windows. Also, the plugin now feeds full headers to SpamAssassin.
Known issues (Updated 2 Jan 2005): None at this time.
(No Ratings Yet)
Loading ...
Karl Marx would love the popular moves among politicians in various state governments and the federal government to ban so-called "junk" food in schools, and to "put healthy food in" convenience stores and on the tables of those they define as poor. It's a very elitist and arrogant mindset that promotes this ideology, and it needs to be addressed.
Ultimately, the war supporters in Congress prevailed in the vote on the resolution. Still, the vote was significant because it places every member of Congress on the record as supporting or not supporting the unconstitutional, costly, violent occupation of a country that never attacked us. This vote should serve as an important reminder to the American people of where their representatives really stand when it comes to policing the world, empire building, and war.
Except where otherwise noted, content on this site is licensed under a Creative Commons Attribution-Noncommercial-No Derivative Works license.
Video published by this site is licensed under a Creative Commons Sampling+ license.
Facebook
Digg
del.icio.us
reddit.com
Newsvine
Matt
Jan 02, 2005
Use globals to access all the fields and headers, check out how other plugins like Spaminator do this. You should drop this plugin in the new repository.
Matt
Jan 02, 2005
Just curious, spam assassin works off of building a score against the email/comment/item in question correct? Where is the limit set for this? Does it take the value I tell it to for my email or does the script have it’s own value it looks for?
Michael Hampton
Jan 02, 2005
I hate globals, but that’s mainly because of my C++/C background. But I’ll take a look and see what I can do in that respect. As for the score, SpamAssassin has a threshold value configured at the server side. Above that threshold it returns Spam: True, and below that threshold it returns Spam: False. This plugin doesn’t try to read the score for the message, though I might do that later. It simply determines if it’s spam based on whether it’s above SpamAssassin’s threshold. If you have control of the server, you can always adjust the rules/thresholds to your own preferences.
UPDATE: Please note I’ve updated the version to 0.2 and incorporated your suggestions and a Windows fix.
Matt
Jan 02, 2005
Just in case you didn’t look at our emails btw, I wanted to make sure ya knew … these are two different Matt’s ;)
Michael Hampton
Jan 02, 2005
Here are my plans for the next version: SpamAssassin uses a scoring system to rate mail messages. The score starts at zero and can go positive or negative. There is a threshold set, over which the message is deemed to absolutely be spam (barring false positives). Anything that has a score less than zero is definitely not spam, and anything with a score above zero but below the threshold is possible spam. Currently I toss any message that exceeds the threshold and redirect them to this site and you can customize that. In the next version, I want to take anything between 0 and the threshold and put it in the moderation queue, while anything below 0 would be posted immediately.
Hal
Jan 03, 2005
I can’t wait to see how this plugin develops. I’m a huge fan of SA and I think this is the best direction to go for a comment spam filter. Ever since I put up my wp blog and started to research the problem I’ve wondered why people are reinventing the wheel, SA being the perfect tool that it is.
I would suggest that you make the exceeding threshold action an option. Once I tweak and get to trust this plugin, I personally would choose to have the spams deleted, not put in the moderation queue.
Jan 03, 2005
Now honestly...
Jan 03, 2005
geek ramblings
John Sinteur
Jan 03, 2005
Related to blog spam, but not really to this particular plug-in… I tried to mail you this, but:
There’s something wacky in your mail server – anyway, back to the topic: yes, I’d love to see the modifications you made to my plugin. Alternatively, I could just point to your modifications if you’ve got them on a page, either way is fine with me!
Michael Hampton
Jan 03, 2005
Hm, that explains the shortage of email lately. I’ll take a look at the mail server this afternoon. After that I’ll send you my modifications.
Jan 03, 2005
Threadwatch.org
david
Jan 04, 2005
I noticed that spamd isn’t able to determine who the ‘pesudo-message’ is to.
It logs:
Jan 4 12:39:10 linux spamd[14552]: checking message (unknown) for (unknown):99.
Any way to fix this?
Would be nice if the ‘to’ address could be configured, so bayes data can be built.
Chris
Jan 04, 2005
When i leave a message i get the following php errors:
Warning: Unknown modifier ‘C’ in /home/ceejayce/public_html/wp-includes/functions.php on line 1355
Eventually the modifier changes to ‘H’ then back to ‘C’. Clean install of WP but an import of an old database. Any ideas?
Michael Hampton
Jan 04, 2005
David, at the moment, I don’t attempt to create any kind of Message-id: for the comments, though that would be trivial. It would also be completely meaningless. We’re essentially trying to use an email utility for something it wasn’t quite designed for. Also, not seeing the recipient is normal if you are speaking to spamd directly as we do. SpamAssassin apparently logs whatever is in the RCPT TO: line, and we have no such thing. I did place a To: header in what I send to SA, but it’s apparently not paying it much attention. At the moment it’s nothing to worry about. What I’m more interested in is whether any rules fired and whether spam was correctly identified. Training comes later. :)
I’ve been talking with one of the SpamAssassin developers and while there’s something in the works, I don’t really have any details (or code!) to give you right now. In the meantime I work with what I’ve got…
Chris, it sounds like a problem with your WP installation. You didn’t say what version you’re running? Send me email and I’ll try to work out whatever is going on. In the meantime be sure you ran the /wp-admin/upgrade.php script…
Chris
Jan 05, 2005
IO Error – I fixed the problem, there was an error in my moderation words. The plugin works fine – no spam as of yet :)
Michael Hampton
Jan 06, 2005
Since there seem to be a lot of people subscribing to this feed now…late last night the comment spammers struck again, making 212 attempts to deliver their unwanted rubbish. I counted them in the server logs. All 212 attempts were blocked.
Jan 06, 2005
Hal Rottenberg » Comment spam, and the evil of IP blacklisting
Michael Hampton
Jan 09, 2005
Those of you subscribing to this comment feed, please note an update has been posted.
Russ
Jan 09, 2010
Setting your spam level to 0 with the default rules is insanely aggressive, 3 or 4 is very aggressive.
Set to 0 you’ll get a lot of false positives in your moderation queue.