I know... I have a server that was accidentally open for a while, and a few spammers found it. The server has been fixed to not relay for 3-4 months now, and I still get a few megabytes/day of messages delivered by them to that server. They keep changing IP addresses too, so my attempts to explicitly block by IP address just wastes my time more than theirs.
Ideally I'd like James able to do two things: 1) notify the network owners when there is a spammer and send the appropriate records and 2) identify spammers with some semi-intelligent algorithms. Ok, the latter is probably more science fiction or a great way to spend a vacation twiddling with mail headers, but the former could be quite useful. Say on a weekly basis, the James anti-spam reporter prepares a list of known spam mail, does a traceroute or some network detection to see what network the message is coming from, send the appropriate logs to [EMAIL PROTECTED], and hopefully shut that person's account off. Admitedly this could be a great source of unwanted email, but if the reports contained very helpful information (exact times, IP addresses, durations, summary of what was sent) and were not sent too regularly, it could help network admins shutdown holes in their network. Serge Knystautas Loki Technologies - Unstoppable Websites http://www.lokitech.com/ ----- Original Message ----- From: "Keith Chew SL" <[EMAIL PROTECTED]> To: "James Developers List" <[EMAIL PROTECTED]> Sent: Monday, December 31, 2001 6:18 PM Subject: RE: spam test > Hi Serge > > Thank you for your response. I have been using James on a live site for > about 1 month now, and seemed to be getting spammed twice a day (it is very > interesting because before that month, there was never an email server > running, ie it's a new site). They are from diffrent domains each time, so I > guess not dispatching the mail did work. I will continue monitoring the > logs. > > PS: Wish there could be a way to stop the spammers from spamming! > > Keith > > > > > -----Original Message----- > > From: Serge Knystautas [mailto:[EMAIL PROTECTED]] > > Sent: Tuesday, 1 January 2002 10:25 a.m. > > To: James Developers List > > Subject: Re: spam test > > > > > > Perhaps they might get that impression, but I think that would be a bit > > premature. > > > > We have talked some about allowing matchers to run in the SMTP handler so > > rather than waiting until the messages are accepted, support refusing > > messages at that point. It would be nice to reuse the same API, but it > > might just become an ugly hack down the line... so either support matchers > > or just allow some additional configurable restrictions. Either way might > > be useful. > > > > Serge Knystautas > > Loki Technologies - Unstoppable Websites > > http://www.lokitech.com/ > > ----- Original Message ----- > > From: "Keith Chew SL" <[EMAIL PROTECTED]> > > To: "James Developers List" <[EMAIL PROTECTED]> > > Sent: Sunday, December 30, 2001 10:24 AM > > Subject: RE: spam test > > > > > > > Hi Serge > > > > > > Hmmm, would a spam program hunting for email servers get the wrong > > > impression that the server is accepting relaying (since it's > > accepting the > > > mail), thus keeps trying to send via that server? > > > > > > On the other hand, if the request is rejected before accepting the data > > (in > > > the doRCPT), then that would be a better prevention? Maybe it's also > > > possible to add some hooks to the Smtp handler to handler custom checks? > > > > > > Just some thoughts. > > > Keith > > > > > > > > > > > > > -----Original Message----- > > > > From: Serge Knystautas [mailto:[EMAIL PROTECTED]] > > > > Sent: Monday, 31 December 2001 2:51 a.m. > > > > To: James Developers List > > > > Subject: Re: spam test > > > > > > > > > > > > Accepting an email is one thing and doesn't indicate failure... > > delivering > > > > it would be a failure. James is set to not relay messages > > from a remote > > > > network out of the box, so it would pass these tests. > > > > > > > > Serge Knystautas > > > > Loki Technologies - Unstoppable Websites > > > > http://www.lokitech.com/ > > > > ----- Original Message ----- > > > > From: "Keith Chew SL" <[EMAIL PROTECTED]> > > > > To: "James Developers List" <[EMAIL PROTECTED]> > > > > Sent: Friday, December 28, 2001 11:55 PM > > > > Subject: spam test > > > > > > > > > > > > > Hi > > > > > > > > > > I went to http://www.mail-abuse.org/tsi/ar-test.html and tried the > > spam > > > > test > > > > > on James. > > > > > > > > > > It failed the first test. How do I prevent spamming and pass all the > > > > tests? > > > > > > > > > > Can someone assist? Basically I want to disable all outbound mail > > except > > > > > from requests originating from the internal network. > > > > > > > > > > This is a snippet from the ant-relay test: > > > > > > > > > > Sat Dec 29 17:50:21 NZDT 2001 [INFO ] (smtpserver): > > Connection from > > > > > cygnus.mail-abuse.org (204.152.187.123) > > > > > Sat Dec 29 17:50:22 NZDT 2001 [INFO ] (smtpserver): Command > > received: > > > > HELO > > > > > cygnus.mail-abuse.org > > > > > Sat Dec 29 17:50:22 NZDT 2001 [INFO ] (smtpserver): Command > > received: > > > > mail > > > > > from: <[EMAIL PROTECTED]> > > > > > Sat Dec 29 17:50:23 NZDT 2001 [INFO ] (smtpserver): Command > > received: > > > > rcpt > > > > > to: <"[EMAIL PROTECTED]"> > > > > > Sat Dec 29 17:50:23 NZDT 2001 [ERROR ] (smtpserver): Error parsing > > > > > recipient address: "[EMAIL PROTECTED]": Out of d > > > > > ata at position 24 > > > > > Sat Dec 29 17:50:23 NZDT 2001 [INFO ] (smtpserver): Command > > received: > > > > rset > > > > > Sat Dec 29 17:50:23 NZDT 2001 [INFO ] (smtpserver): Command > > received: > > > > mail > > > > > from: <[EMAIL PROTECTED]> > > > > > Sat Dec 29 17:50:23 NZDT 2001 [INFO ] (smtpserver): Command > > received: > > > > rcpt > > > > > to: <[EMAIL PROTECTED]> > > > > > Sat Dec 29 17:50:23 NZDT 2001 [INFO ] (smtpserver): Command > > received: > > > > QUIT > > > > > > > > > > Basically James allowed a mail from [EMAIL PROTECTED] to > > > > > [EMAIL PROTECTED] How do I prevent this? > > > > > > > > > > Keith > > > > > > > > -- > > To unsubscribe, e-mail: > <mailto:[EMAIL PROTECTED]> > For additional commands, e-mail: <mailto:[EMAIL PROTECTED]> > > > > -- > To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> > For additional commands, e-mail: <mailto:[EMAIL PROTECTED]> > > -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
