Re: Sex spam again on the list
On Sep 18, 2007, at 8:58 PM, s. keeling wrote: For directly blocking mail however, you'd be better of using the zen.spamhaus.org combined blocklist wich is very effective and has almost Much simpler to just bogofilter. :-) I like to do both, on my home system. IPs in the spamhaus.org list get rejected at SMTP time, so that mail is never even delivered. Everything else gets tagged by a statistical filter. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Sex spam again on the list
Hi, On Tue Sep 18, 2007 at 08:36:30 +0200, Peter Teunissen wrote: For directly blocking mail however, you'd be better of using the zen.spamhaus.org combined blocklist wich is very effective and has almost no false positives. I don't know how they do it, but it catches 90% of my spam on it's own. More info can be found on http://www.spamhaus.org The proiblem of using RBLs on SMTP-time is that the mail is gone, nevertheless it was UCE or not. This becomes even more problematic, as postfix currently can't weight this information. The implementation of a policy filter we are currently implementing for lists.d.o will do SA like scoring of RBL data and us that information whether to greylist a mail or not. Greetings Martin -- [EMAIL PROTECTED] /root]# man real-life No manual entry for real-life -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Sex spam again on the list
On 18:12 Sun 09 Sep , Mumia W.. wrote: On 09/09/2007 03:08 PM, Martin Zobel-Helas wrote: [...] A thing every user can do is to bounce spam delivered to the lists to [EMAIL PROTECTED] Best you use mutt's bounce-function or Kmails redirect function for that, so the headers don't get modified, so we can directly us that emails to train our filters to do better. [...] Thanks Martin. Thunderbird doesn't have a bounce function. Would forwarding the message as an attachment do? Without wishing to start a conspiracy theory but has anyone collected stats on the mail-agents used to send spam. Up till a couple of months ago most were Outlook but since then I have seen a dramatic increase in the use of The Bat! to send spam. Obviously nothing to do with The Bat! becoming a Microsoft Trusted Partner in July this year. Regards, John -- War is God's way of teaching Americans geography Ambrose Bierce (1842 - 1914) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Sex spam again on the list
On Sep 19, 2007, at 12:27 PM, Martin Zobel-Helas wrote: Hi, On Tue Sep 18, 2007 at 08:36:30 +0200, Peter Teunissen wrote: For directly blocking mail however, you'd be better of using the zen.spamhaus.org combined blocklist wich is very effective and has almost no false positives. I don't know how they do it, but it catches 90% of my spam on it's own. More info can be found on http://www.spamhaus.org The proiblem of using RBLs on SMTP-time is that the mail is gone, nevertheless it was UCE or not. That's true, although the sending server will generate a bounce back to the sender. So the mail doesn't disappear down a black hole, at least. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Sex spam again on the list
On Sep 19, 2007, at 1:56 PM, John K Masters wrote: Without wishing to start a conspiracy theory but has anyone collected stats on the mail-agents used to send spam. Up till a couple of months ago most were Outlook but since then I have seen a dramatic increase in the use of The Bat! to send spam. Obviously nothing to do with The Bat! becoming a Microsoft Trusted Partner in July this year. I think most spam these days is sent using dedicated spam-spewing software. For that reason, I would be careful about drawing any conclusions from the agent headers. I suspect a lot of them are faked in order to get better weighting in Bayesian filters and the like. In the same vein, I sometimes see hotmail-specific headers in spam that didn't ever touch a Hotmail server. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Sex spam again on the list
On Sep 19, 2007, at 2:35 PM, Martin Zobel-Helas wrote: Hi, On Wed Sep 19, 2007 at 14:09:32 -0700, David Brodbeck wrote: That's true, although the sending server will generate a bounce back to the sender. So the mail doesn't disappear down a black hole, at least. Great! with million senders being forged every day that helps a lot. Pretty much all the spam I see these days is sent direct-to-MX by trojaned PCs running dedicated spam-spewing software. Rejecting at SMTP time doesn't create any backscatter spam in this situation, because the spamware isn't going to bother to generate a bounce! Accepting a message and *then* bouncing it would indeed generate backscatter spam and would be the wrong way to go about it, of course. Once the SMTP transaction is over a message should never be bounced, but it's OK to refuse to accept it at SMTP time, IMHO. Older Exchange servers can be a major culprit in backscatter spam. I discovered a while back that Exchange 5.5 accepts *anything* at SMTP time, even invalid usernames, then creates a bounce message later. This is utterly broken. Some Linux MTAs can be configured this way, too, and misguided folks sometimes implement spam filtering this way. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Sex spam again on the list
On 19-sep-2007, at 21:27, Martin Zobel-Helas wrote: Hi, On Tue Sep 18, 2007 at 08:36:30 +0200, Peter Teunissen wrote: For directly blocking mail however, you'd be better of using the zen.spamhaus.org combined blocklist wich is very effective and has almost no false positives. I don't know how they do it, but it catches 90% of my spam on it's own. More info can be found on http://www.spamhaus.org The proiblem of using RBLs on SMTP-time is that the mail is gone, nevertheless it was UCE or not. This becomes even more problematic, as postfix currently can't weight this information. The implementation of a policy filter we are currently implementing for lists.d.o will do SA like scoring of RBL data and us that information whether to greylist a mail or not. You're obviously right. I was merely responding to filtering personal mail and the (bad) use of spamcop.net to block mail, the subject this thread had swerved to. Risking to loose ham on a _non private_ server however is definitely not a good thing. Groet, Peter Teunissen -- Computer games don't affect kids; I mean if Pac-Man affected us as kids, we'd all be running around in darkened rooms, munching magic pills and listening to repetitive electronic music. -Kristian Wilson, Nintendo Inc. 1989 -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Sex spam again on the list
John K Masters([EMAIL PROTECTED]) is reported to have said: On 18:12 Sun 09 Sep , Mumia W.. wrote: On 09/09/2007 03:08 PM, Martin Zobel-Helas wrote: [...] A thing every user can do is to bounce spam delivered to the lists to [EMAIL PROTECTED] Best you use mutt's bounce-function or Kmails redirect function for that, so the headers don't get modified, so we can directly us that emails to train our filters to do better. [...] Thanks Martin. Thunderbird doesn't have a bounce function. Would forwarding the message as an attachment do? Without wishing to start a conspiracy theory but has anyone collected stats on the mail-agents used to send spam. Up till a couple of months ago most were Outlook but since then I have seen a dramatic increase in the use of The Bat! to send spam. Obviously nothing to do with The Bat! becoming a Microsoft Trusted Partner in July this year. I started rejecting mail from 'The Bat' well over a year ago. Of all the mail received with ^X-Mailer:.*The Bat!, all were spam. I still check the logs weekly and that has not changed. My logs show that I have only received 3 this month though. 1 The Bat! (v2.00.0) 17:40:03 1 The Bat! (v3.0.1.33) 17:40:02 1 The Bat! (v3.51) 17:40:02 Wayne -- Real Programmers don't write in PL/I. PL/I is for programmers who can't decide whether to write in COBOL or FORTRAN. ___ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Sex spam again on the list
Hi, On Wed Sep 19, 2007 at 14:09:32 -0700, David Brodbeck wrote: On Sep 19, 2007, at 12:27 PM, Martin Zobel-Helas wrote: Hi, On Tue Sep 18, 2007 at 08:36:30 +0200, Peter Teunissen wrote: For directly blocking mail however, you'd be better of using the zen.spamhaus.org combined blocklist wich is very effective and has almost no false positives. I don't know how they do it, but it catches 90% of my spam on it's own. More info can be found on http://www.spamhaus.org The proiblem of using RBLs on SMTP-time is that the mail is gone, nevertheless it was UCE or not. That's true, although the sending server will generate a bounce back to the sender. So the mail doesn't disappear down a black hole, at least. Great! with million senders being forged every day that helps a lot. -- [EMAIL PROTECTED] /root]# man real-life No manual entry for real-life -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Sex spam again on the list
On Tue, September 18, 2007 04:39, Kamaraju S Kusumanchi wrote: Adam Hardy wrote: A few days back I asked whether anyone had heard of a spam IP blacklist filter maintained by a community of spam 'reporters' who submit spam emails to the server. Each reporter has their own 'effectiveness rating' and once enough 'effective people' report the spam, the email was scanned for the advertising website IP and this went into the filter applied to all incoming mail. Admittedly it wouldn't catch image spam advertising hot stocks, but it would certainly take out the others and seems to me to be a better bet than dynamic filters. I think something like this exists already but I haven't been able to find it on the net. I did find a few other commercial spam filters who now spam me with their advertising! Such a system is implemented by spamcop (www.spamcop.net). Their block list, known as SCBL (spamcop blocklist) gives you a list of IP addresses which are spewing spam on the internet. You can then use it for blocking/filtering your email by comparing the originating IP address of the received email against the SCBL. The SCBL is completely automatic in the sense that the IP addresses are removed/added depending on whether that machine is not sending/sending spam. SCBL is available for free for general public. Spamcop is known for it's relative high rate of false positives. That's not bad in itself but renders it useless for simply blocking mail. You'd normally use it for scoring like spamassassin does and then it becomes fairly successful. For directly blocking mail however, you'd be better of using the zen.spamhaus.org combined blocklist wich is very effective and has almost no false positives. I don't know how they do it, but it catches 90% of my spam on it's own. More info can be found on http://www.spamhaus.org -- Groet, Peter Teunissen --- mrwhite:~ oneman$ man woman No manual entry for woman
Re: Sex spam again on the list
Peter Teunissen [EMAIL PROTECTED]: On Tue, September 18, 2007 04:39, Kamaraju S Kusumanchi wrote: Such a system is implemented by spamcop (www.spamcop.net). Their block list, For directly blocking mail however, you'd be better of using the zen.spamhaus.org combined blocklist wich is very effective and has almost Much simpler to just bogofilter. :-) -- Any technology distinguishable from magic is insufficiently advanced. (*)http://blinkynet.net/comp/uip5.html Linux Counter #80292 - -http://www.faqs.org/rfcs/rfc1855.htmlPlease, don't Cc: me. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Sex spam again on the list
Am 2007-09-13 12:15:10, schrieb Andrew Sackville-West: now what was your point? The Listmasters should deactivate the SPAM-Filtering... Hmmm, the we get all P-Enlargements for 4 km -- Oops! Thanks, Greetings and nice Day Michelle Konzack Systemadministrator Tamay Dogan Network Debian GNU/Linux Consultant -- Linux-User #280138 with the Linux Counter, http://counter.li.org/ # Debian GNU/Linux Consultant # Michelle Konzack Apt. 917 ICQ #328449886 50, rue de Soultz MSN LinuxMichi 0033/6/6192519367100 Strasbourg/France IRC #Debian (irc.icq.com) signature.pgp Description: Digital signature
Re: Sex spam again on the list
Michelle Konzack on 17/09/07 09:33, wrote: Am 2007-09-13 12:15:10, schrieb Andrew Sackville-West: now what was your point? The Listmasters should deactivate the SPAM-Filtering... Hmmm, the we get all P-Enlargements for 4 km -- Oops! Thanks, Greetings and nice Day Michelle Konzack Systemadministrator Tamay Dogan Network Debian GNU/Linux Consultant A few days back I asked whether anyone had heard of a spam IP blacklist filter maintained by a community of spam 'reporters' who submit spam emails to the server. Each reporter has their own 'effectiveness rating' and once enough 'effective people' report the spam, the email was scanned for the advertising website IP and this went into the filter applied to all incoming mail. Admittedly it wouldn't catch image spam advertising hot stocks, but it would certainly take out the others and seems to me to be a better bet than dynamic filters. I think something like this exists already but I haven't been able to find it on the net. I did find a few other commercial spam filters who now spam me with their advertising! I assume it wouldn't be too difficult to have an additional module where spam could be kept before being permanently deleted by a team of list moderators. Regards Adam -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Sex spam again on the list
Adam wrote: Admittedly it wouldn't catch image spam advertising hot stocks, but it would certainly take out the others and seems to me to be a better bet than dynamic filters. I remember that there was a ton of that not too long ago. There was supposed to be fiters that would try and get rid of that stuff, but I tried to get them to work back when I had mail going to my tsoft DSL account, but never got it to eliminate those type of emails. With a few reliable reporters (of the non-automated variety) one could at least blacklist the IPs of the senders, without necessarily triggering on the content. As I recall, those types of spams were mostly text embedded in some sort of graphics file - something called fuzzy OCR was supposed to be able to get it removed, but like I say, I wasn't able to get that part to work. Sometimes the automated spam reporting sites can be problematic (had an issue a while back with one of them) but I don't know if murphy.debian.org filters mail through any automated spam reporting site or not. My guess is that they would, though. Adam -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Sex spam again on the list
Adam Hardy wrote: A few days back I asked whether anyone had heard of a spam IP blacklist filter maintained by a community of spam 'reporters' who submit spam emails to the server. Each reporter has their own 'effectiveness rating' and once enough 'effective people' report the spam, the email was scanned for the advertising website IP and this went into the filter applied to all incoming mail. Admittedly it wouldn't catch image spam advertising hot stocks, but it would certainly take out the others and seems to me to be a better bet than dynamic filters. I think something like this exists already but I haven't been able to find it on the net. I did find a few other commercial spam filters who now spam me with their advertising! Such a system is implemented by spamcop (www.spamcop.net). Their block list, known as SCBL (spamcop blocklist) gives you a list of IP addresses which are spewing spam on the internet. You can then use it for blocking/filtering your email by comparing the originating IP address of the received email against the SCBL. The SCBL is completely automatic in the sense that the IP addresses are removed/added depending on whether that machine is not sending/sending spam. SCBL is available for free for general public. hth raju -- Kamaraju S Kusumanchi http://www.people.cornell.edu/pages/kk288/ http://malayamaarutham.blogspot.com/ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
[OT] Get Smart (was Re: Sex spam again on the list)
On Sun, Sep 09, 2007 at 05:57:15PM -0400, Hal Vaughan wrote: Would you believe... ...It's finally on DVD, but from only one source (I think Time-Life, but for some reason, I think it's HBO that owns the rights now). You can't buy it retail or through discount sources, though. (Sorry about that, Chief!) I think they're supposed to make it available through retail and such within the next 6 months. Mmmm, have been seeing the ads for the last six months or so, and since we (in good ole N.Z) seem to be the last to see anything. So you must have missed the offer (no steak knives, just a second video if you call in the next 10 minutes ... but thats not all, crap.) You must have ... missed it by that much. -- Chris. == -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Sex spam again on the list
Am 2007-09-09 12:25:59, schrieb Andrew Sackville-West: I know this doesn't really help you, but I've seen a *massive* increase in spam hitting my one server in the last couple of days. Previously I was seeing something like 50 spam a day hitting me (this is after clamav kicks out the virus laden ones, so its not an absolute number). In the last couple of days, I've seen that number pretty much quadruple to around 200 per day. My false negatives have Are you joking? I get between 500 and 38000 per day which are mostly filtered by my procmailrules, spamassassin and f-prot. 50 spams per day is nothing! Please note, that if the listmasters deactitate the spamfiltering on murphy.debian.org you will not mor ready downloading the messages from the list... Thanks, Greetings and nice Day Michelle Konzack Systemadministrator Tamay Dogan Network Debian GNU/Linux Consultant -- Linux-User #280138 with the Linux Counter, http://counter.li.org/ # Debian GNU/Linux Consultant # Michelle Konzack Apt. 917 ICQ #328449886 50, rue de Soultz MSN LinuxMichi 0033/6/6192519367100 Strasbourg/France IRC #Debian (irc.icq.com) signature.pgp Description: Digital signature
Re: Sex spam again on the list
On Thu, Sep 13, 2007 at 05:27:36PM +0200, Michelle Konzack wrote: Am 2007-09-09 12:25:59, schrieb Andrew Sackville-West: I know this doesn't really help you, but I've seen a *massive* increase in spam hitting my one server in the last couple of days. Previously I was seeing something like 50 spam a day hitting me (this is after clamav kicks out the virus laden ones, so its not an absolute number). In the last couple of days, I've seen that number pretty much quadruple to around 200 per day. My false negatives have Are you joking? nope. I'm serious. I get between 500 and 38000 per day which are mostly filtered by my procmailrules, spamassassin and f-prot. This is not a pissing contest to see who gets more spam. I was merely providing an anecdotal metric about the recent surge of spam. 50 spams per day is nothing! nope. its 50 spams per day. I'm sorry that you suffer with a level that is several orders of magnitude greater than mine, but that doesn't diminish in any way the number I receive. Any amount of spam is too much. period. now what was your point? regards A -- current song: Weezer - Say It Ain't So/Remix signature.asc Description: Digital signature
Re: Sex spam again on the list
Hi, On Sun Sep 09, 2007 at 18:12:28 -0500, Mumia W.. wrote: On 09/09/2007 03:08 PM, Martin Zobel-Helas wrote: [...] A thing every user can do is to bounce spam delivered to the lists to [EMAIL PROTECTED] Best you use mutt's bounce-function or Kmails redirect function for that, so the headers don't get modified, so we can directly us that emails to train our filters to do better. [...] Thanks Martin. Thunderbird doesn't have a bounce function. Would forwarding the message as an attachment do? https://addons.mozilla.org/de/thunderbird/addon/550 -- [EMAIL PROTECTED] /root]# man real-life No manual entry for real-life -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Sex spam again on the list
Hi, A thing every user can do is to bounce spam delivered to the lists to [EMAIL PROTECTED] Best you use mutt's bounce-function or Kmails redirect function for that, so the headers don't get modified, so we can directly us that emails to train our filters to do better. Need to correct myself here: The correct address is [EMAIL PROTECTED] Greetings Martin -- [EMAIL PROTECTED] /root]# man real-life No manual entry for real-life -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Sex spam again on the list
On Sun, 9 Sep 2007 22:08:17 +0200 Martin Zobel-Helas [EMAIL PROTECTED] wrote: [snip] A thing every user can do is to bounce spam delivered to the lists to [EMAIL PROTECTED] Best you use mutt's bounce-function or Kmails redirect function for that, so the headers don't get modified, so we can directly us that emails to train our filters to do better. The Debian m-l page [0] contains only the following: Many of the rules we use to block spammers and their messages have been reported to us by subscribers. If you wish to help us reduce the amount of spam even more, your help is very much appreciated. To report spam properly, you need to do the following: * Find a copy of the message at the list archives. * Find a SpamAssassin rule or a procmail expression to catch this type of spam. Keep in mind that this rule will be applied against all lists, and that we want to keep the false positives to a minimum. * Send email to [EMAIL PROTECTED] with the exact URL of the message, and the said filter rule, if possible. Why isn't Martin's suggestion mentioned? Martin, having his listmaster's hat on and being VERY tired, as the listmasters had a quite productive weekend with nearly up to no sleep at all. Thanks, Martin, for all the work on our behalf! [0] http://www.debian.org/MailingLists/ Celejar -- mailmin.sourceforge.net - remote access via secure (OpenPGP) email ssuds.sourceforge.net - A Simple Sudoku Solver and Generator -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Sex spam again on the list
This has got more than a joke now. We are being bombarded with s-x spam yet again. I can't send it to Spamcop because it will identify the list as the sender. Come on Murphy, get your act together, get the sawn-off out of it's case, and filter these spammers off the list. One way or the other I couldn't care less how you do it. If their, what passes for brains end up splaterred over the nearest wall is no big deal to me. I've got bogofilter running on Kmail, but because of the high volume on the list, Debian-user is filtered before bogofilter has a go at the remaining stuff. Most of the pe-is size related stuff ends up in the trash, where it belongs, but I'm stuck with the spam that get's filtered into individual mailing boxes before bogofilter has a go at it. Sorry if this sounds a bit sarcastic, but I'm feeling sarcastic at the moment, as I don't want this cr-p on my machine. I don't have a shotgun, or hunting rifle, but I'd be game for an organised shoot if the spammers were the targets. Nigel. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Sex spam again on the list
On Sun, Sep 09, 2007 at 09:15:32PM +0200, Nigel Henry wrote: This has got more than a joke now. We are being bombarded with s-x spam yet again. ... Sorry if this sounds a bit sarcastic, but I'm feeling sarcastic at the moment, as I don't want this cr-p on my machine. I know this doesn't really help you, but I've seen a *massive* increase in spam hitting my one server in the last couple of days. Previously I was seeing something like 50 spam a day hitting me (this is after clamav kicks out the virus laden ones, so its not an absolute number). In the last couple of days, I've seen that number pretty much quadruple to around 200 per day. My false negatives have gone up correspondingly as well from a couple getting through spamassassin per day to something like 30-50 getting past s-a. Interestingly the subjects I'm seeing come through d-u are exactly the same as the ones getting through my local s-a, so some spammer has hit on a formula that is working at the moment. Apparently, this girl is having quite a problem make her extra-curricular activities work in a satisfactory manner... ;-O Not only has the overall number gone up, but the effectiveness has gone up by an order of magnitude. I wonder if this is a side-effect of the mis-named Storm Worm activity that's going on right now. I don't have a shotgun, or hunting rifle, but I'd be game for an organised shoot if the spammers were the targets. I need targets to practice my joint-locks and choke-holds on... ;) A signature.asc Description: Digital signature
Re: Sex spam again on the list
On Sun, Sep 09, 2007 at 12:25:59PM -0700, Andrew Sackville-West wrote: On Sun, Sep 09, 2007 at 09:15:32PM +0200, Nigel Henry wrote: This has got more than a joke now. We are being bombarded with s-x spam yet again. ... Sorry if this sounds a bit sarcastic, but I'm feeling sarcastic at the moment, as I don't want this cr-p on my machine. I know this doesn't really help you, but I've seen a *massive* increase in spam hitting my one server in the last couple of days. Previously I was seeing something like 50 spam a day hitting me (this is after clamav kicks out the virus laden ones, so its not an absolute number). In the last couple of days, I've seen that number pretty much quadruple to around 200 per day. My false negatives have gone up correspondingly as well from a couple getting through spamassassin per day to something like 30-50 getting past s-a. Not only has the overall number gone up, but the effectiveness has gone up by an order of magnitude. I wonder if this is a side-effect of the mis-named Storm Worm activity that's going on right now. We perodically have a thread about spam on the list. I wonder why we don't have posting only by registered users. Note that I don't mean subscribed people since not everyone who posts wants to receive the list. If the policy was that absolutley anyone could sign up to post (including automatically anyone subscribed) but that the right to post is suspended if spam comes from them, I don't see the problem. Sure, a spammer can fake the headers so that a spam looks like it came from a registered user but surely there's a way around that. Doug. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Sex spam again on the list
Hi Nigel, On Sun Sep 09, 2007 at 21:15:32 +0200, Nigel Henry wrote: This has got more than a joke now. We are being bombarded with s-x spam yet again. I can't send it to Spamcop because it will identify the list as the sender. True, and you will most probably also get kicked from the lists by us. Come on Murphy, get your act together, get the sawn-off out of it's case, and filter these spammers off the list. One way or the other I couldn't care less how you do it. If their, what passes for brains end up splaterred over the nearest wall is no big deal to me. There might be two or more reasons why you get more spam since a couple of day. One is, that since about a week or so we get drastic more spam which also morphs that fast, that the self-learning filters can't adjust that quickly. Another reason is that the listmasters did a drastic redesign of the whole spamfilter of murphy.debian.org this weekend. Doing this required also to drop and retrain all the dynamic filers we have, so you might have seen a bit of more spam the last hours. That should self-regulate the next couple of hours. I've got bogofilter running on Kmail, but because of the high volume on the list, Debian-user is filtered before bogofilter has a go at the remaining stuff. Most of the pe-is size related stuff ends up in the trash, where it belongs, but I'm stuck with the spam that get's filtered into individual mailing boxes before bogofilter has a go at it. Actually you can be lucky that you are not subscribed to lists.debian.org before the spam-filter. I needed to do that today, to find some nasty errors in our new setup, which really sucked. Watching your INBOX grow by ~50 Mails / min per Debian mailing list is not fun at all. JFTR, read Joeys blog[1] to get some ideas on the numbers. Currently about 99.5% of all incoming mail to lists.debian.org is discarded before it gets delivered. On a bad day you might see perhaps ~10% of the still delivered mail being spam, which means, that actually only 0.05% of all incoming spam is being delivered to the lists, a rate which i think is acceptable from the listmaster PoV. Even though we try to do better every day. Sorry if this sounds a bit sarcastic, but I'm feeling sarcastic at the moment, as I don't want this cr-p on my machine. I don't have a shotgun, or hunting rifle, but I'd be game for an organised shoot if the spammers were the targets. A thing every user can do is to bounce spam delivered to the lists to [EMAIL PROTECTED] Best you use mutt's bounce-function or Kmails redirect function for that, so the headers don't get modified, so we can directly us that emails to train our filters to do better. And if you find we should add more or better rules to our spamfilter, feel free to send patches for [2]. Greetings Martin, having his listmaster's hat on and being VERY tired, as the listmasters had a quite productive weekend with nearly up to no sleep at all. [1] http://www.infodrom.org/~joey/log/?200709091425 [2] http://svn.debian.org/wsvn/pkg-listmaster/trunk/spamassassin_config/?rev=0sc=0 -- [EMAIL PROTECTED] /root]# man real-life No manual entry for real-life -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Sex spam again on the list
On Sunday 09 September 2007 21:25, Andrew Sackville-West wrote: On Sun, Sep 09, 2007 at 09:15:32PM +0200, Nigel Henry wrote: This has got more than a joke now. We are being bombarded with s-x spam yet again. ... Sorry if this sounds a bit sarcastic, but I'm feeling sarcastic at the moment, as I don't want this cr-p on my machine. I know this doesn't really help you, but I've seen a *massive* increase in spam hitting my one server in the last couple of days. Previously I was seeing something like 50 spam a day hitting me (this is after clamav kicks out the virus laden ones, so its not an absolute number). In the last couple of days, I've seen that number pretty much quadruple to around 200 per day. My false negatives have gone up correspondingly as well from a couple getting through spamassassin per day to something like 30-50 getting past s-a. Interestingly the subjects I'm seeing come through d-u are exactly the same as the ones getting through my local s-a, so some spammer has hit on a formula that is working at the moment. Apparently, this girl is having quite a problem make her extra-curricular activities work in a satisfactory manner... ;-O Not only has the overall number gone up, but the effectiveness has gone up by an order of magnitude. I wonder if this is a side-effect of the mis-named Storm Worm activity that's going on right now. I don't have a shotgun, or hunting rifle, but I'd be game for an organised shoot if the spammers were the targets. I need targets to practice my joint-locks and choke-holds on... ;) A I was thinking of the Roman arena, but I think that would be too easy. Christians versus the lions are a a bit different to spammers versus the shotguns. I think something more in line with a film I saw. The hunted (spammers) were given a few minutes getaway time, then the hunters (us with the shotguns) gave pursuit. I'm not sure how it ended up in the film, but would like to think that the spammers would lose out in this scenario. I used to belong to the Jersey pistol club in Jersey, Channel Islands. .22, and centre fire. We used to shoot at silouettes with the centre fire stuff. I had a SmithWesson 38special, and also a Ruger single action 357magnum. This was along with some other bits of iron. A 9mm luger with a 6barrel, and a Walther PPK (the James Bond one). A friend had access to a German Schmeizer machine gun, and we took this out the .303 rifle range. This thing was amazing, absolutely no recoil. I didn't fire it on auto, just a couple of songle shots. My friend also had a broom handled Mauser. A strange looking weapon, but also came with a shoulder stock, that changed it entirely. This was back in the late 60's. These weapons were available. The Germans had occupied the Channel Islands, and this stuff was left behind. Meanwhile back to the spammers. I don't know if I could take one of them out if they were in my sights. I'd like to, but what you'd like to do, and what you actually do are two different things. I'm certainly T'd off as to what they are doing to the Internet though. Nigel. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Sex spam again on the list
On Sunday 09 September 2007, Nigel Henry wrote: On Sunday 09 September 2007 21:25, Andrew Sackville-West wrote: On Sun, Sep 09, 2007 at 09:15:32PM +0200, Nigel Henry wrote: This has got more than a joke now. We are being bombarded with s-x spam yet again. ... Sorry if this sounds a bit sarcastic, but I'm feeling sarcastic at the moment, as I don't want this cr-p on my machine. I know this doesn't really help you, but I've seen a *massive* increase in spam hitting my one server in the last couple of days. Previously I was seeing something like 50 spam a day hitting me (this is after clamav kicks out the virus laden ones, so its not an absolute number). In the last couple of days, I've seen that number pretty much quadruple to around 200 per day. My false negatives have gone up correspondingly as well from a couple getting through spamassassin per day to something like 30-50 getting past s-a. Interestingly the subjects I'm seeing come through d-u are exactly the same as the ones getting through my local s-a, so some spammer has hit on a formula that is working at the moment. Apparently, this girl is having quite a problem make her extra-curricular activities work in a satisfactory manner... ;-O Not only has the overall number gone up, but the effectiveness has gone up by an order of magnitude. I wonder if this is a side-effect of the mis-named Storm Worm activity that's going on right now. I don't have a shotgun, or hunting rifle, but I'd be game for an organised shoot if the spammers were the targets. I need targets to practice my joint-locks and choke-holds on... ;) A I was thinking of the Roman arena, but I think that would be too easy. Christians versus the lions are a a bit different to spammers versus the shotguns. I think something more in line with a film I saw. The hunted (spammers) were given a few minutes getaway time, then the hunters (us with the shotguns) gave pursuit. I'm not sure how it ended up in the film, but would like to think that the spammers would lose out in this scenario. Either The Most Dangerous Game or Running Man. Or it's possible you remember the same storyline as an episode of Get Smart. Either way, in all three, the hunters end up dead when the hunted turned the tables on them. Maybe a T1000 as the spammers and us as the good ol' T101, an advanced killing machine with an Austrian accent, would be a better metaphor? I used to belong to the Jersey pistol club in Jersey, Channel Islands. .22, and centre fire. We used to shoot at silouettes with the centre fire stuff. I had a SmithWesson 38special, and also a Ruger single action 357magnum. This was along with some other bits of iron. A 9mm luger with a 6barrel, and a Walther PPK (the James Bond one). A friend had access to a German Schmeizer machine gun, and we took this out the .303 rifle range. This thing was amazing, absolutely no recoil. I didn't fire it on auto, just a couple of songle shots. My friend also had a broom handled Mauser. A strange looking weapon, but also came with a shoulder stock, that changed it entirely. This was back in the late 60's. These weapons were available. The Germans had occupied the Channel Islands, and this stuff was left behind. Meanwhile back to the spammers. I don't know if I could take one of them out if they were in my sights. I'd like to, but what you'd like to do, and what you actually do are two different things. Violence is the last refuge of the incompetent. --Isaac Asimov Hal -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Sex spam again on the list
On Sun, Sep 09, 2007 at 10:08:17PM +0200, Martin Zobel-Helas wrote: ... Actually you can be lucky that you are not subscribed to lists.debian.org before the spam-filter. I needed to do that today, to find some nasty errors in our new setup, which really sucked. Watching your INBOX grow by ~50 Mails / min per Debian mailing list is not fun at all. JFTR, read Joeys blog[1] to get some ideas on the numbers. Currently about 99.5% of all incoming mail to lists.debian.org is discarded before it gets delivered. On a bad day you might see perhaps ~10% of the still delivered mail being spam, which means, that actually only 0.05% of all incoming spam is being delivered to the lists, a rate which i think is acceptable from the listmaster PoV. Even though we try to do better every day. wow. what an interesting bit of information. thanks martin. A signature.asc Description: Digital signature
Re: Sex spam again on the list
On Sunday 09 September 2007 22:41, Hal Vaughan wrote: On Sunday 09 September 2007, Nigel Henry wrote: On Sunday 09 September 2007 21:25, Andrew Sackville-West wrote: On Sun, Sep 09, 2007 at 09:15:32PM +0200, Nigel Henry wrote: This has got more than a joke now. We are being bombarded with s-x spam yet again. ... Sorry if this sounds a bit sarcastic, but I'm feeling sarcastic at the moment, as I don't want this cr-p on my machine. I know this doesn't really help you, but I've seen a *massive* increase in spam hitting my one server in the last couple of days. Previously I was seeing something like 50 spam a day hitting me (this is after clamav kicks out the virus laden ones, so its not an absolute number). In the last couple of days, I've seen that number pretty much quadruple to around 200 per day. My false negatives have gone up correspondingly as well from a couple getting through spamassassin per day to something like 30-50 getting past s-a. Interestingly the subjects I'm seeing come through d-u are exactly the same as the ones getting through my local s-a, so some spammer has hit on a formula that is working at the moment. Apparently, this girl is having quite a problem make her extra-curricular activities work in a satisfactory manner... ;-O Not only has the overall number gone up, but the effectiveness has gone up by an order of magnitude. I wonder if this is a side-effect of the mis-named Storm Worm activity that's going on right now. I don't have a shotgun, or hunting rifle, but I'd be game for an organised shoot if the spammers were the targets. I need targets to practice my joint-locks and choke-holds on... ;) A I was thinking of the Roman arena, but I think that would be too easy. Christians versus the lions are a a bit different to spammers versus the shotguns. I think something more in line with a film I saw. The hunted (spammers) were given a few minutes getaway time, then the hunters (us with the shotguns) gave pursuit. I'm not sure how it ended up in the film, but would like to think that the spammers would lose out in this scenario. Either The Most Dangerous Game or Running Man. Or it's possible you remember the same storyline as an episode of Get Smart. Either way, in all three, the hunters end up dead when the hunted turned the tables on them. Maybe a T1000 as the spammers and us as the good ol' T101, an advanced killing machine with an Austrian accent, would be a better metaphor? You've got me in hysterics here referencing Get Smart. I love that series. I havn't seen any reruns lately though. Violence is the last refuge of the incompetent. --Isaac Asimov Hal Nigel. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Sex spam again on the list
On Sunday 09 September 2007, Nigel Henry wrote: On Sunday 09 September 2007 22:41, Hal Vaughan wrote: On Sunday 09 September 2007, Nigel Henry wrote: On Sunday 09 September 2007 21:25, Andrew Sackville-West wrote: On Sun, Sep 09, 2007 at 09:15:32PM +0200, Nigel Henry wrote: This has got more than a joke now. We are being bombarded with s-x spam yet again. ... Sorry if this sounds a bit sarcastic, but I'm feeling sarcastic at the moment, as I don't want this cr-p on my machine. I know this doesn't really help you, but I've seen a *massive* increase in spam hitting my one server in the last couple of days. Previously I was seeing something like 50 spam a day hitting me (this is after clamav kicks out the virus laden ones, so its not an absolute number). In the last couple of days, I've seen that number pretty much quadruple to around 200 per day. My false negatives have gone up correspondingly as well from a couple getting through spamassassin per day to something like 30-50 getting past s-a. Interestingly the subjects I'm seeing come through d-u are exactly the same as the ones getting through my local s-a, so some spammer has hit on a formula that is working at the moment. Apparently, this girl is having quite a problem make her extra-curricular activities work in a satisfactory manner... ;-O Not only has the overall number gone up, but the effectiveness has gone up by an order of magnitude. I wonder if this is a side-effect of the mis-named Storm Worm activity that's going on right now. I don't have a shotgun, or hunting rifle, but I'd be game for an organised shoot if the spammers were the targets. I need targets to practice my joint-locks and choke-holds on... ;) A I was thinking of the Roman arena, but I think that would be too easy. Christians versus the lions are a a bit different to spammers versus the shotguns. I think something more in line with a film I saw. The hunted (spammers) were given a few minutes getaway time, then the hunters (us with the shotguns) gave pursuit. I'm not sure how it ended up in the film, but would like to think that the spammers would lose out in this scenario. Either The Most Dangerous Game or Running Man. Or it's possible you remember the same storyline as an episode of Get Smart. Either way, in all three, the hunters end up dead when the hunted turned the tables on them. Maybe a T1000 as the spammers and us as the good ol' T101, an advanced killing machine with an Austrian accent, would be a better metaphor? You've got me in hysterics here referencing Get Smart. I love that series. I havn't seen any reruns lately though. Would you believe... ...It's finally on DVD, but from only one source (I think Time-Life, but for some reason, I think it's HBO that owns the rights now). You can't buy it retail or through discount sources, though. (Sorry about that, Chief!) I think they're supposed to make it available through retail and such within the next 6 months. Hal -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Sex spam again on the list
On 09/09/2007 03:08 PM, Martin Zobel-Helas wrote: [...] A thing every user can do is to bounce spam delivered to the lists to [EMAIL PROTECTED] Best you use mutt's bounce-function or Kmails redirect function for that, so the headers don't get modified, so we can directly us that emails to train our filters to do better. [...] Thanks Martin. Thunderbird doesn't have a bounce function. Would forwarding the message as an attachment do? -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Sex spam again on the list
Martin Zobel-Helas on 09/09/07 21:08, wrote: [1] http://www.infodrom.org/~joey/log/?200709091425 Interesting collection of recipes, unfortunately no Knodel mit Champignonrahmsosse :( [2] http://svn.debian.org/wsvn/pkg-listmaster/trunk/spamassassin_config/?rev=0sc=0 I would be very interested to know what the discussion about blacklisting or greylisting involved. I heard a colleague once describe a spam IP blacklist filter maintained by a community of spam 'reporters' who submitted spam emails to the server. Each reporter had their own 'effectiveness rating' and once enough 'effective people' had reported the spam, the email was scanned for the advertising website IP and this went into the filter applied to all incoming mail. I know this would never catch image spam advertising hot stocks, but it would certainly take out the others and always seemed to me to be a better bet than dynamic filters. Regards Adam -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Sex spam again on the list
On Sunday 09 September 2007 15:08, Martin Zobel-Helas wrote: Hi Nigel, On Sun Sep 09, 2007 at 21:15:32 +0200, Nigel Henry wrote: This has got more than a joke now. We are being bombarded with s-x spam yet again. I can't send it to Spamcop because it will identify the list as the sender. True, and you will most probably also get kicked from the lists by us. Come on Murphy, get your act together, get the sawn-off out of it's case, and filter these spammers off the list. One way or the other I couldn't care less how you do it. If their, what passes for brains end up splaterred over the nearest wall is no big deal to me. There might be two or more reasons why you get more spam since a couple of day. One is, that since about a week or so we get drastic more spam which also morphs that fast, that the self-learning filters can't adjust that quickly. Another reason is that the listmasters did a drastic redesign of the whole spamfilter of murphy.debian.org this weekend. Doing this required also to drop and retrain all the dynamic filers we have, so you might have seen a bit of more spam the last hours. That should self-regulate the next couple of hours. I've got bogofilter running on Kmail, but because of the high volume on the list, Debian-user is filtered before bogofilter has a go at the remaining stuff. Most of the pe-is size related stuff ends up in the trash, where it belongs, but I'm stuck with the spam that get's filtered into individual mailing boxes before bogofilter has a go at it. Actually you can be lucky that you are not subscribed to lists.debian.org before the spam-filter. I needed to do that today, to find some nasty errors in our new setup, which really sucked. Watching your INBOX grow by ~50 Mails / min per Debian mailing list is not fun at all. JFTR, read Joeys blog[1] to get some ideas on the numbers. Currently about 99.5% of all incoming mail to lists.debian.org is discarded before it gets delivered. On a bad day you might see perhaps ~10% of the still delivered mail being spam, which means, that actually only 0.05% of all incoming spam is being delivered to the lists, a rate which i think is acceptable from the listmaster PoV. Even though we try to do better every day. Sorry if this sounds a bit sarcastic, but I'm feeling sarcastic at the moment, as I don't want this cr-p on my machine. I don't have a shotgun, or hunting rifle, but I'd be game for an organised shoot if the spammers were the targets. A thing every user can do is to bounce spam delivered to the lists to [EMAIL PROTECTED] WOW, I've been here for years that's the first time I recall seeing that. Thanks Martin! Best you use mutt's bounce-function or Kmails redirect function for that, so the headers don't get modified, so we can directly us that emails to train our filters to do better. And if you find we should add more or better rules to our spamfilter, feel free to send patches for [2]. Greetings Martin, having his listmaster's hat on and being VERY tired, as the listmasters had a quite productive weekend with nearly up to no sleep at all. [1] http://www.infodrom.org/~joey/log/?200709091425 [2] http://svn.debian.org/wsvn/pkg-listmaster/trunk/spamassassin_config/?rev=0; sc=0 -- [EMAIL PROTECTED] /root]# man real-life No manual entry for real-life -- John W. Foster -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]