i am planing to write a spam filter program that caths the spam mails according to their subject strings. An ordinary text file will contin the unwanted subject strings and the program checks all the mails received by the server and deletes the mail if its subject contains the unwanted string.
I am wainting for any URL, referance, tutorial, library or any kind of suggestions....
Well one problem you might have with this program is your normal email clients may have problems working with it, when installed your spam filter would have to "hook itself" onto the normal mail client software so then it would run it's scans as emails are received. Unless you are planning on making your email client along with the spam filter?
Also, to be more effective with your spam filter, you should also scan the body of the email. Do a study of all the spam emails you get and look for things in the emails themselves that give them away as spam, perhaps email addresses, image links, certain words like "buy", "free" (well in association with other words), etc. this would give you a more effective spam filter all together because a lot of spam (porno in particular) come through with subjects that don't give them away as spam until you read them.
actually, I don't know how to control all the emails received by the server! Listening the ports is one solution but it makes the job much more complicated. I am planing to check all the files in /var/spool/mail and reedit the file if it contains unwanted string.
I think I need a fully detailed document about how the email client works on linux and how the emails delivered!
Well listening on the ports would be the best solution, else your users of this spam filter will still receive the spam. (Due to the fact that you would only be checking all the emails in /var/spool/mail on a period time (say every 30secs to 1min?) which means between that time an email could be received and read by the user before your spam filter even kicks in. Thus, making it kinda useless to even use. Unless of course you make it check every second for new emails only (instead of just running a scan), and then perform a scan only if new emails have been received. I would still prefer the method to attach a spam filter into the email client software itself, create a new client with a spam filter already attached, or monitor the emails as they come in (this way the user will NEVER see a spam email, which would be the best approach). Even if you scanned the /var/spool/mail for new emails every second, the user might see that email for even a split second. Either way it's up to you. I would suggest, based on what you've said so far, that you go with scanning the ports (110 for POP3 servers) on all connections.
Well in the first instance, a pass-through filter is pretty easy to do
mail client<----->mail server(mail.myisp.com)
mail client<----->mail server(127.0.0.1)<-->mail client<----->mail server(mail.myisp.com)
You tell your existing client to get mail from 127.0.0.1 and your filter to get mail from mail.myisp.com.
The red part appears as an email client to your ISP, and appears as an email server to your existing client.
Like I said, in the first instance, you just get it to transparently pass messages to the final destination.
Later on, you can start to interpret the messages coming from your ISP mail server, and decide whether to drop / tag them before passing them on to your local email client.