non-perl related response:
I have thought about using zone alarm, but have had issues with it and our authentication system at the university. For some reason, zone alarm doesn't get along with our domain authentication very well, even if it is given full and unfettered access. What happens is that email only shows up if you expliciity refresh the panes of the application. Otherwise, nothing.

somewhat perl related response:
I have done some looking and maybe a netcat perl hybrid will do the trick. Still looking.

Perl related response:
That is definitely one route that I hadn't considered. Though Windows 98 doesn't have cron (or does it have something similar), I think I might be able to do that. I would still prefer something local.

Thanks

Have you looked at using a realtime blackhole list?

Perhaps you could write a perl script to query the Multi-RBL check?

I hadn't even thought of a RBL. I guess I could create a script to IMAP in and check addresses and then move stuff around to SPAM folders if they meet an RBL criteria.

Downsides:


1. RBLs could get legitimate mail as well and she'd have to check them again once they'd been sorted. The administration would be somewhat out of her hands then. Though, I guess I could build in some sort of override mechanism if I went this route.
2. We use Exchange as the primary delivery method. Though we have POP and IMAP access, most people leave email up all day (you have to with Outlook's notify mechnism). I'd have to hit the server an awful lot to beat the "always on" nature of our Outlook setup. I don't think that would go over too well.
The Proxy idea appealed (in a completely theoretical idea) because it would be "always on". You could also build more tools into it in the future (worm blocking and stuff like that... if I got ambitious).

Something to think about.

I think this brings up a good point... you seem to be interested in filtering outgoing web requests, so that your spouse doesn't have to look at the nasty pics outlook insists on showing her. But wouldn't it be better if she never had to look at the email at all?

The solution I use to get rid of spam is SpamAssassin which while it has it's faults, but it has worked well for me after some tweaking. The popfile program that meetraz mentioned looks like it would be closer to what you really need in this situation. If it had SpamAssassin in the middle of it instead of it's training method (or had both) I'd call it inspired. (IMHO, it would be better if it acted as an IMAP server, so that you can have your SPAM in a different box right off the bat, but whatever.)

In any case, a simple filtering proxy server might have other handy applications, but the maintenance overhead seems like it might make it a pain. (Adding the offending IP addresses, which quite likely change often.) With SpamAssassin, I haven't had to tweak anything in months. However, with solutions like popfile and SpamAssassin you need to check what it's marking as SPAM periodically to insure that hasn't canned something you really needed to see.

Good luck...

As others have pointed out, a Perl solution is complicated, because you have to stop Outlook from doing something. Perl can do plenty of stuff, but stopping another app (that you want to leave open) from doing something is hard. You could put the PC behind an IP-Masquerading firewall and prevent outgoing access to port 80, then run your browser through a proxy, which you could write in Perl (or just use Squid, whatever), but for that you need to run a second system all the time (though it could be an old cheap one).

The other possibility is to run the mail itself through a filter. This means changing Outlook's idea of where to get mail so that it looks on localhost and finds your proxy, which must retrieve the mail from the real server and wash it, removing objectionable content, before providing it to the real client; as a start, you could do something like s/<img.*?\/img>//gi; on all HTML parts. (That probably means your proxy has to grok MIME. I think there's a module for that, though. I think there's also a POP3 module that you could use for retrieving the mail from the real server. Not sure about the other side of POP3 where you have to respond to Outlook.) While you're at it you might want to s/<script.*?\/script>//gi; also, but that still leaves onfoo="somescript()" stuff, and you want to consider images loaded by stylesheets, plus background image attributes, and I wouldn't put money on that being enough either. You're going to end up doing a lot of processing and never knowing quite when you're going to be surprised with a new sort of thing that slips through.

So, how to stop Outlook from doing stuff it oughtn't? That's the rub, because Outlook is exacerbating your problem. (Some might even say Outlook is your problem, but that might be hyperbole; spam is annoying regardless of what software you use.) Not loading remote images in mail messages is such a basic privacy feature that Outlook's getting this wrong should be a red flag, even if you haven't been paying attention the last couple of years to the various other security and privacy flaws that have been uncovered in Outlook at a rate of about one a month. If there is any way you can get her to use a different mail reader... you should. There are a number of choices; "better than Outlook" is not a tough criterion to meet.

If you want a specific suggestion, I usually recommend Pegasus Mail to people who don't mind if it only runs on Windows. It has a very low learning curve, advanced filtering with both simple substring matching and also with regular expression capabilities (though not with the power of Perl regexps) with flow control and a lot of possible actions, and all the basic features, and as an added bonus trying to launch any executable attachment results in a scary warning with the word "virus" in the dialog title and "Cancel" as the default button -- and it doesn't even think about retrieving images from the web. But if you don't like Pegasus, there are lots of other options.

If you do go forward with the proxy thing, it's probably best to proxy the mail (rather than the web). You can do dual action, then: besides dropping entire messages if you are certain they're spam, you also wash possibly-partly-okay messages to remove dangerous items (scripts, image tags, object tags, applet tags, and so on -- I would be tempted to remove HTML parts altogether. Of course, you can also have a whitelist of From: fields that cause the whole message to be passed through unaltered).

 --jonadab

They have a downloadable app which automatically challenges any mail sent to you. If the sender doesn't respond to the challenge, the mail is deleted, and you aren't bothered. If they do respond (correctly), their address is placed on a "white list", and all future mail gets right through. It works really well.

In all fairness, I must say that one of Mailfrontier's founders is a freind of mine, but no kidding, their software works great.

-Logan
"What do I want? I'm an American. I want more."

SysApe9000 mentioned SpamAssassin but you are on a Win32 system so...
I'd wholeheartedly support mcd's Pop3proxy!

It uses SpamAssassin but is designed for use on Win32 systems and it's written in Perl.