Re: lug-bg: osoben tip spam(re: B. Krosnov)
Zdravejte po povod na sldenoto: Az polzvam slednite white i black listi (sys statistikite ot poslednoto denonoshtie): RBL Statistics (rejects/24h) whitelist.lirex.net/accept:9 (0.3%) blacklist.lirex.net: 356 (12.6%) blackholes.wirehub.net:1654 (58.5%) bl.spamcop.net:360 (12.7%) relays.osirusoft.com: 132 (4.7%) dnsbl.njabl.org: 83 (2.9%) proxies.relays.monkeys.com:10 (0.4%) non-RBL rejects: Tova dns-bazirani listi li sa? Mogat li da se polzwat taka - za sendmail 8-12-9: define(`DNSBL_MAP', `blacklist.lirex.net -R A -r2')dnl naprimer? Pozdravi: bozho A mail-list of Linux Users Group - Bulgaria (bulgarian linuxers). http://www.linux-bulgaria.org - Hosted by Internet Group Ltd. - Stara Zagora To unsubscribe: http://www.linux-bulgaria.org/public/mail_list.html
RE: lug-bg: osoben tip spam(re: B. Krosnov)
da dns bazirani blacklists sa. ne sym siguren za tochniq format na konfiguraciqta na sendmail. -Original Message- From: Bozhan Bozhkov [mailto:[EMAIL PROTECTED] Sent: Tuesday, June 10, 2003 4:03 PM To: [EMAIL PROTECTED] Subject: Re: lug-bg: osoben tip spam(re: B. Krosnov) Zdravejte po povod na sldenoto: Az polzvam slednite white i black listi (sys statistikite ot poslednoto denonoshtie): RBL Statistics (rejects/24h) whitelist.lirex.net/accept:9 (0.3%) blacklist.lirex.net: 356 (12.6%) blackholes.wirehub.net:1654 (58.5%) bl.spamcop.net:360 (12.7%) relays.osirusoft.com: 132 (4.7%) dnsbl.njabl.org: 83 (2.9%) proxies.relays.monkeys.com:10 (0.4%) non-RBL rejects: Tova dns-bazirani listi li sa? Mogat li da se polzwat taka - za sendmail 8-12-9: define(`DNSBL_MAP', `blacklist.lirex.net -R A -r2')dnl naprimer? Pozdravi: bozho == == A mail-list of Linux Users Group - Bulgaria (bulgarian linuxers). http://www.linux-bulgaria.org - Hosted by Internet Group Ltd. - Stara Zagora To unsubscribe: http://www.linux-bulgaria.org/public/mail_list.html == == A mail-list of Linux Users Group - Bulgaria (bulgarian linuxers). http://www.linux-bulgaria.org - Hosted by Internet Group Ltd. - Stara Zagora To unsubscribe: http://www.linux-bulgaria.org/public/mail_list.html
Re: lug-bg: osoben tip spam(re: B. Krosnov)
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Shte ti pomogna, Boyane (znam, che ne si privyrzhenik na Sendmail:))) )
Tuk ima i oshte extri. Tova e izrezka ot m4 prototipa na sendmail.cf:
FEATURE(dnsbl)dnl
FEATURE(`dnsbl',`dnsbl.njabl.org',`550 Your IP address are listed in
dnsbl.njabl.org')dnl
define(`RFCI',`http://www.rfc-ignorant.org/')dnl
FEATURE(`dnsbl',`dialups.mail-abuse.org',`550 Mail from dialup
${client_addr} not accepted; see http://mail-abuse.org/dul/;')dnl
FEATURE(`dnsbl',`relays.mail-abuse.org',`550 Your mail server
${client_addr} is listed on MAPS RSS; see http://mail-abuse.org/rss/;')dnl
FEATURE(`dnsbl',`blackholes.mail-abuse.org',`550 Mail not accepted from
backholed address ${client_addr} ; see http://mail-abuse.org/rbl/;')dnl
FEATURE(`rhsbl',`dsn.rfc-ignorant.org',`550 Sender domain $`'{RHS}
rejected; you do not accept bounces (violating RFC 821/2505/2821) - see
RFCI')dnl
FEATURE(`rhsbl',`postmaster.rfc-ignorant.org',`550 Sender domain $`'{RHS}
rejected; domains must have a working postmaster address - see RFC2142 and
RFCI')dnl
Pozdravi
Vesselin Kolev
On Tuesday 10 Jun 2003 16:53, Boyan Krosnov wrote:
da dns bazirani blacklists sa.
ne sym siguren za tochniq format na konfiguraciqta na sendmail.
-Original Message-
From: Bozhan Bozhkov [mailto:[EMAIL PROTECTED]
Sent: Tuesday, June 10, 2003 4:03 PM
To: [EMAIL PROTECTED]
Subject: Re: lug-bg: osoben tip spam(re: B. Krosnov)
Zdravejte
po povod na sldenoto:
Az polzvam slednite white i black listi (sys statistikite ot
poslednoto
denonoshtie):
RBL Statistics (rejects/24h)
whitelist.lirex.net/accept:9 (0.3%)
blacklist.lirex.net: 356 (12.6%)
blackholes.wirehub.net:1654 (58.5%)
bl.spamcop.net:360 (12.7%)
relays.osirusoft.com: 132 (4.7%)
dnsbl.njabl.org: 83 (2.9%)
proxies.relays.monkeys.com:10 (0.4%)
non-RBL rejects:
Tova dns-bazirani listi li sa?
Mogat li da se polzwat taka - za sendmail 8-12-9:
define(`DNSBL_MAP', `blacklist.lirex.net -R A -r2')dnl
naprimer?
Pozdravi: bozho
==
==
A mail-list of Linux Users Group - Bulgaria (bulgarian linuxers).
http://www.linux-bulgaria.org - Hosted by Internet Group Ltd.
- Stara Zagora
To unsubscribe: http://www.linux-bulgaria.org/public/mail_list.html
==
==
===
= A mail-list of Linux Users Group - Bulgaria (bulgarian linuxers).
http://www.linux-bulgaria.org - Hosted by Internet Group Ltd. - Stara
Zagora To unsubscribe: http://www.linux-bulgaria.org/public/mail_list.html
===
=
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.2.2 (GNU/Linux)
iD8DBQE+5euY+48lZPXaa+MRAmDgAKDBqk2ADErrdfIA9tWNRVZaPgwlVgCg6p1f
YbgX06ulp8X29BO0tSDZ8nc=
=1nEH
-END PGP SIGNATURE-
A mail-list of Linux Users Group - Bulgaria (bulgarian linuxers).
http://www.linux-bulgaria.org - Hosted by Internet Group Ltd. - Stara Zagora
To unsubscribe: http://www.linux-bulgaria.org/public/mail_list.html
Re: lug-bg: osoben tip spam(re: B. Krosnov)
On Tuesday 10 June 2003 16:53, Boyan Krosnov wrote: da dns bazirani blacklists sa. ne sym siguren za tochniq format na konfiguraciqta na sendmail. - :-( A mail-list of Linux Users Group - Bulgaria (bulgarian linuxers). http://www.linux-bulgaria.org - Hosted by Internet Group Ltd. - Stara Zagora To unsubscribe: http://www.linux-bulgaria.org/public/mail_list.html
Re: lug-bg: osoben tip spam(re: B. Krosnov)
On Tuesday 10 June 2003 17:30, Vesselin Kolev wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Shte ti pomogna, Boyane (znam, che ne si privyrzhenik na Sendmail:))) )
Tuk ima i oshte extri. Tova e izrezka ot m4 prototipa na sendmail.cf:
FEATURE(dnsbl)dnl
FEATURE(`dnsbl',`dnsbl.njabl.org',`550 Your IP address are listed in
dnsbl.njabl.org')dnl
define(`RFCI',`http://www.rfc-ignorant.org/')dnl
FEATURE(`dnsbl',`dialups.mail-abuse.org',`550 Mail from dialup
${client_addr} not accepted; see http://mail-abuse.org/dul/;')dnl
FEATURE(`dnsbl',`relays.mail-abuse.org',`550 Your mail server
${client_addr} is listed on MAPS RSS; see
http://mail-abuse.org/rss/;')dnl
FEATURE(`dnsbl',`blackholes.mail-abuse.org',`550 Mail not accepted from
backholed address ${client_addr} ; see http://mail-abuse.org/rbl/;')dnl
FEATURE(`rhsbl',`dsn.rfc-ignorant.org',`550 Sender domain $`'{RHS}
rejected; you do not accept bounces (violating RFC 821/2505/2821) - see
RFCI')dnl
FEATURE(`rhsbl',`postmaster.rfc-ignorant.org',`550 Sender domain
$`'{RHS} rejected; domains must have a working postmaster address - see
RFC2142 and RFCI')dnl
Pozdravi
Vesselin Kolev
, 8.10
8.9 :
FEATURE(`rbl',`blackholes.mail-abuse.org',`550 Mail not accepted from
backholed address ${client_addr} ; see http://mail-abuse.org/rbl/;')dnl
8.11
HACK(`check_dnsbl',`blackholes.mail-abuse.org',`550 Mail not accepted from
backholed address ${client_addr} ; see http://mail-abuse.org/rbl/;')dnl
..
- - -
FEATURE(`dnsbl',`dnsbl.njabl.org' .
8.12.9,,
- :-))
.
A mail-list of Linux Users Group - Bulgaria (bulgarian linuxers).
http://www.linux-bulgaria.org - Hosted by Internet Group Ltd. - Stara Zagora
To unsubscribe: http://www.linux-bulgaria.org/public/mail_list.html
RE: lug-bg: osoben tip spam
mnogo shte sym ti blagodaren ako mi pratish e-mail headers. naj-mnogo me interesuvat from i to poletata. BR, Boyan -Original Message- From: Romeo Ninov [mailto:[EMAIL PROTECTED] Sent: Wednesday, May 28, 2003 5:02 PM To: [EMAIL PROTECTED] Subject: Re: lug-bg: osoben tip spam Boyan Krosnov wrote: Zdraveyte, Trqbvat mi speshno vsqkakvi logove (i naj-mnogo e-mail headers) za mailove razprashtani ot IP adresa 216.116.124.27. Osbennostta koqto tyrsq e mnogo podobni From i To poleta. Primerno from: [EMAIL PROTECTED] to: [EMAIL PROTECTED] from: [EMAIL PROTECTED] to: [EMAIL PROTECTED] from: [EMAIL PROTECTED] to: [EMAIL PROTECTED] Spama e ot nov tip. Spamerite prosto generirat shum pri kojto choveka ot to poleto si misli che choveka ot from poleto e izlygal nqkakyv nepoznat subekt. Krajnata cel e da reklamirat dva site-a: www.tefter.com i www.pozvanete.com. Logovete koito sym zasqkal do sega sa ot perioda 9:09 - 9:25 bylgarsko vreme (+0300). Molq pomognete. I az imam podoben problem. ot sashtoto IP. i pishe na balgarski (razni prostotii) :-(( == == A mail-list of Linux Users Group - Bulgaria (bulgarian linuxers). http://www.linux-bulgaria.org - Hosted by Internet Group Ltd. - Stara Zagora To unsubscribe: http://www.linux-bulgaria.org/public/mail_list.html == == A mail-list of Linux Users Group - Bulgaria (bulgarian linuxers). http://www.linux-bulgaria.org - Hosted by Internet Group Ltd. - Stara Zagora To unsubscribe: http://www.linux-bulgaria.org/public/mail_list.html
Re: lug-bg: osoben tip spam
ne im e za pryv pyt mezhdu drugoto. logove ne pazia :( Az imam na um edno lechenie za podobni bolesti, koeto makar i hich da ne e moe izobretenie, e mnogo efikasno :) Naricha se - filtering. Mislia che techs v BG sa dostatychno organizirani, za da prasne vseki po edin filtyr na serverite si sreshtu podobni spameri. Kato pochnat masovo da pishtqt, che otnikyde ne se wizhdat, shte im doide uma na momenta, kato na gimnazistka men*isa. Horata veche masovo sa propishtiali ot spama i tyrsiat dosta efektivni metodi za borba s nego. To ostavi drugoto, ami gi i namirat. Prochetete tova: Vigilantes give spammers a dose of their own medicine By MYLENE MANGALINDAN The Associated Press 5/19/03 9:22 AM The Wall Street Journal When all 24 office phones at Scott Richter's e-mail marketing company started ringing at once, with nobody at the other end of the line, employees knew they were under attack again. Daniel Dye, the systems administrator, could do little. After 15 minutes into the lunchtime assault last month, Mr. Dye recalls yelling, Go ahead and pull your phones out of the walls for now. It'll be easier to think about what to do. Examining the phone system's central computer, Mr. Dye found that someone had hacked into it and programmed a feature that caused all the phones to ring at the same time. Mr. Richter's company had been flamed -- attacked by a shadowy group of vigilantes who have taken to harassing spammers using just about any means they can dream up. Spam, or unsolicited commercial e-mail, has set off a war between marketers and people who hate spam. Mr. Richter, who is a mass commercial e-mailer, has become a frequent target of attackers known as antispammers. They form a loose affiliation that uses the Internet to coordinate attacks from around the world. E-mail marketers often feel powerless against them. It's an underground cult running it, says Mr. Richter, whose Westminster, Colo., e-mail marketing business, Optinrealbig.com, pitches mortgages, adult- related products and Viagra. You don't know who they are. Here's one of them: Mark Jones, a 26-year-old software engineer in Enterprise, Ala., who calls himself a soldier in the war against spam. From his home at night, he tracks down spammers by tracing the complex routing code hidden in e-mail messages. He reports them to what antispammers call realtime blacklists, Web sites that track known spam sources and allow computer administrators to block certain Internet addresses. Then, he fights back. Anytime we find a source of spam, he says, we spam them back. After his three children were asleep late one Saturday night last November, Mr. Jones sat down at his PC for a bit of spammer-flaming. First, he says, he visited a Web site, slashdot.org, that's a favorite among techies; he pulled down a list of about 10 alleged spammers. He programmed his personal computer to send a letter to each supposed spammer in the same way many spammers do: through so-called open relays and mail servers that forward e-mail in ways that make it hard to track down the sender. As his finishing stroke, he had his PC send the message to each spammer 10,000 times. We use the same methods the spammers use, says Mr. Jones, chuckling. It's a bombardment. ... ' On Wednesday 28 May 2003 16:22, Boyan Krosnov wrote: Zdraveyte, Trqbvat mi speshno vsqkakvi logove (i naj-mnogo e-mail headers) za mailove razprashtani ot IP adresa 216.116.124.27. Osbennostta koqto tyrsq e mnogo podobni From i To poleta. Primerno from: [EMAIL PROTECTED] to: [EMAIL PROTECTED] from: [EMAIL PROTECTED] to: [EMAIL PROTECTED] from: [EMAIL PROTECTED] to: [EMAIL PROTECTED] Spama e ot nov tip. Spamerite prosto generirat shum pri kojto choveka ot to poleto si misli che choveka ot from poleto e izlygal nqkakyv nepoznat subekt. Krajnata cel e da reklamirat dva site-a: www.tefter.com i www.pozvanete.com. Logovete koito sym zasqkal do sega sa ot perioda 9:09 - 9:25 bylgarsko vreme (+0300). Molq pomognete. A mail-list of Linux Users Group - Bulgaria (bulgarian linuxers). http://www.linux-bulgaria.org - Hosted by Internet Group Ltd. - Stara Zagora To unsubscribe: http://www.linux-bulgaria.org/public/mail_list.html
Re: lug-bg: osoben tip spam
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Ami... ne mislite li, che e kraino vreme povecheto ot nas da napravim nash DNS baziran blacklist. Taka sys syvmestni usilia shte izolirame spameri ot vsiakakyv rod. Pozdravi Vesselin Kolev On Wednesday 28 May 2003 16:22, Boyan Krosnov wrote: Zdraveyte, Trqbvat mi speshno vsqkakvi logove (i naj-mnogo e-mail headers) za mailove razprashtani ot IP adresa 216.116.124.27. Osbennostta koqto tyrsq e mnogo podobni From i To poleta. Primerno from: [EMAIL PROTECTED] to: [EMAIL PROTECTED] from: [EMAIL PROTECTED] to: [EMAIL PROTECTED] from: [EMAIL PROTECTED] to: [EMAIL PROTECTED] Spama e ot nov tip. Spamerite prosto generirat shum pri kojto choveka ot to poleto si misli che choveka ot from poleto e izlygal nqkakyv nepoznat subekt. Krajnata cel e da reklamirat dva site-a: www.tefter.com i www.pozvanete.com. Logovete koito sym zasqkal do sega sa ot perioda 9:09 - 9:25 bylgarsko vreme (+0300). Molq pomognete. BR, Boyan Krosnov, CCIE#8701 http://boyan.ludost.net/ just another techie speaking for himself === = A mail-list of Linux Users Group - Bulgaria (bulgarian linuxers). http://www.linux-bulgaria.org - Hosted by Internet Group Ltd. - Stara Zagora To unsubscribe: http://www.linux-bulgaria.org/public/mail_list.html === = -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.2 (GNU/Linux) iD8DBQE+1MmQ+48lZPXaa+MRAr2VAKCUTF7JLNFaCGPE6bd0jfbZLiZ8zACfX5BF kjs+SSyKNKfmNUGVUCmi4FY= =sU49 -END PGP SIGNATURE- A mail-list of Linux Users Group - Bulgaria (bulgarian linuxers). http://www.linux-bulgaria.org - Hosted by Internet Group Ltd. - Stara Zagora To unsubscribe: http://www.linux-bulgaria.org/public/mail_list.html
Re: lug-bg: osoben tip spam
Da se saberem, da se napiem i da hodim da gi biem vikam az. Boyan Krosnov wrote: Zdraveyte, Trqbvat mi speshno vsqkakvi logove (i naj-mnogo e-mail headers) za mailove razprashtani ot IP adresa 216.116.124.27. Osbennostta koqto tyrsq e mnogo podobni From i To poleta. Primerno from: [EMAIL PROTECTED] to: [EMAIL PROTECTED] from: [EMAIL PROTECTED] to: [EMAIL PROTECTED] from: [EMAIL PROTECTED] to: [EMAIL PROTECTED] Spama e ot nov tip. Spamerite prosto generirat shum pri kojto choveka ot to poleto si misli che choveka ot from poleto e izlygal nqkakyv nepoznat subekt. Krajnata cel e da reklamirat dva site-a: www.tefter.com i www.pozvanete.com. Logovete koito sym zasqkal do sega sa ot perioda 9:09 - 9:25 bylgarsko vreme (+0300). Molq pomognete. BR, Boyan Krosnov, CCIE#8701 http://boyan.ludost.net/ just another techie speaking for himself A mail-list of Linux Users Group - Bulgaria (bulgarian linuxers). http://www.linux-bulgaria.org - Hosted by Internet Group Ltd. - Stara Zagora To unsubscribe: http://www.linux-bulgaria.org/public/mail_list.html A mail-list of Linux Users Group - Bulgaria (bulgarian linuxers). http://www.linux-bulgaria.org - Hosted by Internet Group Ltd. - Stara Zagora To unsubscribe: http://www.linux-bulgaria.org/public/mail_list.html
RE: lug-bg: osoben tip spam
Ima edin syshtestven problem... koj shte vqrva na tozi blacklist, kak shte poddyrjame vqrnostta na informaciqta vytre i kak shte se pazim ot greshna informaciq i izpolzvaneto mu za lichni celi. Bratqta rusnaci veche sa izmislili podobna sistema. www.drbl.org Sega trqbva da se nameri edin dobyr chovek s dostatychno svobodno vreme da izchete http://www.agk.nnov.ru/drbl/ i da ni informira (nas po-zaetite s komersialni dela) na prost bylgarski ezik (kato za sistemni administratori, programisti i t.n.) za kakvo ide rech i kak mojem da si organizirame podobno neshto tuk. Inache az runvam sobstven dnsbl za lichna i firmena upotreba. BR, Boyan -Original Message- From: Vesselin Kolev [mailto:[EMAIL PROTECTED] Sent: Wednesday, May 28, 2003 5:37 PM To: [EMAIL PROTECTED] Subject: Re: lug-bg: osoben tip spam -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Ami... ne mislite li, che e kraino vreme povecheto ot nas da napravim nash DNS baziran blacklist. Taka sys syvmestni usilia shte izolirame spameri ot vsiakakyv rod. Pozdravi Vesselin Kolev On Wednesday 28 May 2003 16:22, Boyan Krosnov wrote: Zdraveyte, Trqbvat mi speshno vsqkakvi logove (i naj-mnogo e-mail headers) za mailove razprashtani ot IP adresa 216.116.124.27. Osbennostta koqto tyrsq e mnogo podobni From i To poleta. Primerno from: [EMAIL PROTECTED] to: [EMAIL PROTECTED] from: [EMAIL PROTECTED] to: [EMAIL PROTECTED] from: [EMAIL PROTECTED] to: [EMAIL PROTECTED] Spama e ot nov tip. Spamerite prosto generirat shum pri kojto choveka ot to poleto si misli che choveka ot from poleto e izlygal nqkakyv nepoznat subekt. Krajnata cel e da reklamirat dva site-a: www.tefter.com i www.pozvanete.com. Logovete koito sym zasqkal do sega sa ot perioda 9:09 - 9:25 bylgarsko vreme (+0300). Molq pomognete. BR, Boyan Krosnov, CCIE#8701 http://boyan.ludost.net/ just another techie speaking for himself == = = A mail-list of Linux Users Group - Bulgaria (bulgarian linuxers). http://www.linux-bulgaria.org - Hosted by Internet Group Ltd. - Stara Zagora To unsubscribe: http://www.linux-bulgaria.org/public/mail_list.html == = = -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.2 (GNU/Linux) iD8DBQE+1MmQ+48lZPXaa+MRAr2VAKCUTF7JLNFaCGPE6bd0jfbZLiZ8zACfX5BF kjs+SSyKNKfmNUGVUCmi4FY= =sU49 -END PGP SIGNATURE- == == A mail-list of Linux Users Group - Bulgaria (bulgarian linuxers). http://www.linux-bulgaria.org - Hosted by Internet Group Ltd. - Stara Zagora To unsubscribe: http://www.linux-bulgaria.org/public/mail_list.html == == A mail-list of Linux Users Group - Bulgaria (bulgarian linuxers). http://www.linux-bulgaria.org - Hosted by Internet Group Ltd. - Stara Zagora To unsubscribe: http://www.linux-bulgaria.org/public/mail_list.html
Re: lug-bg: osoben tip spam
! , . - blacklist. ' access.db :) ( ;-), ,( ) Stockton Wednesday 28 May 2003 17:36, Vesselin Kolev : Ami... ne mislite li, che e kraino vreme povecheto ot nas da napravim nash DNS baziran blacklist. Taka sys syvmestni usilia shte izolirame spameri ot vsiakakyv rod. Pozdravi Vesselin Kolev A mail-list of Linux Users Group - Bulgaria (bulgarian linuxers). http://www.linux-bulgaria.org - Hosted by Internet Group Ltd. - Stara Zagora To unsubscribe: http://www.linux-bulgaria.org/public/mail_list.html
Re: lug-bg: osoben tip spam
Tozi ruski sait ne mojah da go procheta, zashtoto e na ruski :), no namerih podoben proekt sus sait na angliiski i eto za kakvo stava duma. Proektut e dsbl.org. Podurjat spisuk s IP-ta na open-relay SMTP serveri i HTTP proxy-ta, koito se izpolzvat mnogo ot spamerite, za da prikriat sledite si. Zapitvaneto stava prez DNS, kato za da vidite dali ip-to 1.2.3.4 e spamersko, triabva da polzvate $ host 4.3.2.1.lists.dsbl.org Ako vi vurne 127.0.0.2, znachi sa spameri. Ako vurne Host not found, znachi ne sa. Dobavianeto v bazata danni stava po tri nachina. Purvia e s honeypot email adres. Vseki email poluchen na tozi email se klasificira kato spam i IP-to na SMTP servera se dobavia v bazata danni. DSBL ne proveriavat dali tova naistina e open-relay server. Tozi nachin lovi nai-mnogo spambotovete, koito pretursvat web stranicite za emaili, koito da spamvat. Vtoria e chrez programa, koito mojete da si drupnete ot saita na dsbl. Tia skanira sluchaini IP-ta za open-relay serveri i ako nameri niakoi, prashta prez nego mail do honeypot adresa ot purvia nachin. Tretia nachin e s ruchno dobaviane, kato IP-tata dobaveni ruchno se durjat v otdelen, untrusted spisuk. DSBL exportvat bazata si danni za BIND serveri i za rbldns. Vsichki znaete kakto e BIND, a rbldns izglejda da e server, specialno napraven za celta na DNS spam blacklistovete. Priema plain-text spisuk s IP-ta, kompilira gi v udoben (B-tree?) format i otgovaria dali dadeno IP go ima v spisuk sus sushtia sintaksis kato na lists.dsbl.org (vij gore). Primeren BIND zone file ima na http://dsbl.org/zones/bind-multihop.dsbl.org , a sushtite IP-ta v rbldns format gi ima na http://dsbl.org/zones/rbldns-multihop.dsbl.org . Eto i niakoi idei, koito mi hrumnaha za bulgarskia ni variant na DNS blacklist. Purvo, ne znam do kolko se polzvat v Bulgaria open-relay serveri, ta si mislia honeypot servera da vkluchva vsichki IP-ta v headerite na emailite v bazata danni. A ako niakoi iska da reportna server chrez programa kato tazi na dsbl, moje da dobavi slednia header v maila: X-SpamExcludeIP: 1.2.3.4 Tam moje da si napishe sobstvenoto IP, koeto da ne bude dobaveno v bazata, vupreki che e v headera na maila. Za da ne se okaje tova zadna vratichka v sistemata, potrebitelskite mail serveri mogat da filtrirat vsichki pisma, sudurjashti vuprosnia header. Taka spamerut niama da moje da sloji sobstvenoto si IP v headera i da postigne jelania efekt. Vtoro, vmesto da podurjame otdelni spisuci za sigurni i nesigurni zapisi, mojem da slagame ratingi na vseki zapis. IP-tata, dobaveni chrez honeypot emaila avtomatichno shte imat rating ot 255. Ratingut na tezi, dobaveni ruchno shte se uvelichava s edno na vsiako povtorno dobaviane ot drug potrebitel. Taka vseki postmaster moje da si sloji prag na ratinga i da opravliava kolichestvoto spam, koeto da minava. Informaciata za ratingite moje da bude v TXT zapisut na DNS-a ili v IP-to (primerno 127.0.0.65 za IP s rating 65). Ochevidno, kolkoto vi e po-goliam ratinga, tolkova po-gaden spammer ste :). Treto, hubavo shte bude da si imame i edin whitelist za IP-ta na kliuchovi mail serveri (dir.bg, mail.bg, etc.). Viarno che i ot tiah moje da idva spam, no po-dobre da sa dostupni vse pak. Chetvurto, kak moje da se poznavat lesno bulgarskite IP-ta ili ideata e da se vkluchvat vsiakakvi spamvashti IP-ta? Nadiavam se tova da vi e polezno. :) Regards, Alek Andreev Zvuk.Net [EMAIL PROTECTED] A mail-list of Linux Users Group - Bulgaria (bulgarian linuxers). http://www.linux-bulgaria.org - Hosted by Internet Group Ltd. - Stara Zagora To unsubscribe: http://www.linux-bulgaria.org/public/mail_list.html
Re: lug-bg: osoben tip spam
:) ' access.db -;))) ;))) server:~# cat /etc/postfix/access | wc 9291858 20243 - ;)) ! , . - blacklist. ' access.db :) ( ;-), ,( ) Stockton Wednesday 28 May 2003 17:36, Vesselin Kolev : Ami... ne mislite li, che e kraino vreme povecheto ot nas da napravim nash DNS baziran blacklist. Taka sys syvmestni usilia shte izolirame spameri ot vsiakakyv rod. Pozdravi Vesselin Kolev A mail-list of Linux Users Group - Bulgaria (bulgarian linuxers). http://www.linux-bulgaria.org - Hosted by Internet Group Ltd. - Stara Zagora To unsubscribe: http://www.linux-bulgaria.org/public/mail_list.html -- Konstantin Kostadinov Fadata Ltd. --- Public PGP : http://www.fadata.bg/pgp/kostaspgp.asc --- pgp0.pgp Description: PGP signature
RE: lug-bg: osoben tip spam
Mislq che imam dostap do bolshinstvoto smtp relays na visoki portove, koito osnovno se polzvat, iskam samo da pogledna dali vse oshte imam access-a si i ako tova mozhe da pomogne shte go pratia na Boyan -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Konstantin Kostadinov Sent: Wednesday, May 28, 2003 8:15 PM To: [EMAIL PROTECTED] Subject: Re: lug-bg: osoben tip spam :) ' access.db -;))) ;))) server:~# cat /etc/postfix/access | wc 9291858 20243 - ;)) ! , . - blacklist. ' access.db :) ( ;-) , , ( ) Stockton Wednesday 28 May 2003 17:36, Vesselin Kolev : Ami... ne mislite li, che e kraino vreme povecheto ot nas da napravim nash DNS baziran blacklist. Taka sys syvmestni usilia shte izolirame spameri ot vsiakakyv rod. Pozdravi Vesselin Kolev A mail-list of Linux Users Group - Bulgaria (bulgarian linuxers). http://www.linux-bulgaria.org - Hosted by Internet Group Ltd. - Stara Zagora To unsubscribe: http://www.linux-bulgaria.org/public/mail_list.html -- Konstantin Kostadinov Fadata Ltd. --- Public PGP : http://www.fadata.bg/pgp/kostaspgp.asc --- A mail-list of Linux Users Group - Bulgaria (bulgarian linuxers). http://www.linux-bulgaria.org - Hosted by Internet Group Ltd. - Stara Zagora To unsubscribe: http://www.linux-bulgaria.org/public/mail_list.html
Re: lug-bg: osoben tip spam
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Mi dobre, ako zhelaete shte vi pokazha kak pri men raboti podobna DNS zona i shte obiasnia kakvi sa hvatkite i pravilata pri izgrazhdaneto na podoben tip zona... Pri men tia raboti ot 15 meseca, razbira se samo za nuzhdite na poshtenskite mi serveri. No naprimer DNSBL mozhe da se prilozhi i za IRC serveri, osobeno ako se polzvat DNSBL za open socks ili open proxy. Ako mi ostane vreme utre (ako iskash mi napomni i po e-maila), makar da sym v dvizhenie shte opisha shemata da doverie za podobna systema i shema. Mozhe da e malko dosadno, no ako smetnete tova za dosada... niama da go napisha prosto:))) Pozdravi Vesselin Kolev On Wednesday 28 May 2003 18:47, wrote: ! , . - blacklist. ' access.db :) ( ;-) , , ( ) Stockton Wednesday 28 May 2003 17:36, Vesselin Kolev : Ami... ne mislite li, che e kraino vreme povecheto ot nas da napravim nash DNS baziran blacklist. Taka sys syvmestni usilia shte izolirame spameri ot vsiakakyv rod. Pozdravi Vesselin Kolev === = A mail-list of Linux Users Group - Bulgaria (bulgarian linuxers). http://www.linux-bulgaria.org - Hosted by Internet Group Ltd. - Stara Zagora To unsubscribe: http://www.linux-bulgaria.org/public/mail_list.html === = -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.2 (GNU/Linux) iD8DBQE+1PSI+48lZPXaa+MRAhfFAJ9YQEIqcHFxltbWz36WQbCtv1VXBgCgyl+5 qscZUky78M/HGTmfFvCp8AQ= =Wy9W -END PGP SIGNATURE- A mail-list of Linux Users Group - Bulgaria (bulgarian linuxers). http://www.linux-bulgaria.org - Hosted by Internet Group Ltd. - Stara Zagora To unsubscribe: http://www.linux-bulgaria.org/public/mail_list.html
RE: lug-bg: osoben tip spam
mislq che ima izvestna razlika mejdu dsbl i drbl :) AFAIK drbl (rusnacite demek) polzvat nqkakva distributirana prez dns sistema za glasuvane i rating na e-mail iztochnicite. BR, Boyan -Original Message- From: Alek Andreev [mailto:[EMAIL PROTECTED] Sent: Wednesday, May 28, 2003 8:15 PM To: [EMAIL PROTECTED] Subject: Re: lug-bg: osoben tip spam Tozi ruski sait ne mojah da go procheta, zashtoto e na ruski :), no namerih podoben proekt sus sait na angliiski i eto za kakvo stava duma. Proektut e dsbl.org. Podurjat spisuk s IP-ta na open-relay SMTP serveri i HTTP proxy-ta, koito se izpolzvat mnogo ot spamerite, za da prikriat sledite si. Zapitvaneto stava prez DNS, kato za da vidite dali ip-to 1.2.3.4 e spamersko, triabva da polzvate $ host 4.3.2.1.lists.dsbl.org Ako vi vurne 127.0.0.2, znachi sa spameri. Ako vurne Host not found, znachi ne sa. Dobavianeto v bazata danni stava po tri nachina. Purvia e s honeypot email adres. Vseki email poluchen na tozi email se klasificira kato spam i IP-to na SMTP servera se dobavia v bazata danni. DSBL ne proveriavat dali tova naistina e open-relay server. Tozi nachin lovi nai-mnogo spambotovete, koito pretursvat web stranicite za emaili, koito da spamvat. Vtoria e chrez programa, koito mojete da si drupnete ot saita na dsbl. Tia skanira sluchaini IP-ta za open-relay serveri i ako nameri niakoi, prashta prez nego mail do honeypot adresa ot purvia nachin. Tretia nachin e s ruchno dobaviane, kato IP-tata dobaveni ruchno se durjat v otdelen, untrusted spisuk. DSBL exportvat bazata si danni za BIND serveri i za rbldns. Vsichki znaete kakto e BIND, a rbldns izglejda da e server, specialno napraven za celta na DNS spam blacklistovete. Priema plain-text spisuk s IP-ta, kompilira gi v udoben (B-tree?) format i otgovaria dali dadeno IP go ima v spisuk sus sushtia sintaksis kato na lists.dsbl.org (vij gore). Primeren BIND zone file ima na http://dsbl.org/zones/bind-multihop.dsbl.org , a sushtite IP-ta v rbldns format gi ima na http://dsbl.org/zones/rbldns-multihop.dsbl.org . Eto i niakoi idei, koito mi hrumnaha za bulgarskia ni variant na DNS blacklist. Purvo, ne znam do kolko se polzvat v Bulgaria open-relay serveri, ta si mislia honeypot servera da vkluchva vsichki IP-ta v headerite na emailite v bazata danni. A ako niakoi iska da reportna server chrez programa kato tazi na dsbl, moje da dobavi slednia header v maila: X-SpamExcludeIP: 1.2.3.4 Tam moje da si napishe sobstvenoto IP, koeto da ne bude dobaveno v bazata, vupreki che e v headera na maila. Za da ne se okaje tova zadna vratichka v sistemata, potrebitelskite mail serveri mogat da filtrirat vsichki pisma, sudurjashti vuprosnia header. Taka spamerut niama da moje da sloji sobstvenoto si IP v headera i da postigne jelania efekt. Vtoro, vmesto da podurjame otdelni spisuci za sigurni i nesigurni zapisi, mojem da slagame ratingi na vseki zapis. IP-tata, dobaveni chrez honeypot emaila avtomatichno shte imat rating ot 255. Ratingut na tezi, dobaveni ruchno shte se uvelichava s edno na vsiako povtorno dobaviane ot drug potrebitel. Taka vseki postmaster moje da si sloji prag na ratinga i da opravliava kolichestvoto spam, koeto da minava. Informaciata za ratingite moje da bude v TXT zapisut na DNS-a ili v IP-to (primerno 127.0.0.65 za IP s rating 65). Ochevidno, kolkoto vi e po-goliam ratinga, tolkova po-gaden spammer ste :). Treto, hubavo shte bude da si imame i edin whitelist za IP-ta na kliuchovi mail serveri (dir.bg, mail.bg, etc.). Viarno che i ot tiah moje da idva spam, no po-dobre da sa dostupni vse pak. Chetvurto, kak moje da se poznavat lesno bulgarskite IP-ta ili ideata e da se vkluchvat vsiakakvi spamvashti IP-ta? Nadiavam se tova da vi e polezno. :) Regards, Alek Andreev Zvuk.Net [EMAIL PROTECTED] == == A mail-list of Linux Users Group - Bulgaria (bulgarian linuxers). http://www.linux-bulgaria.org - Hosted by Internet Group Ltd. - Stara Zagora To unsubscribe: http://www.linux-bulgaria.org/public/mail_list.html == == A mail-list of Linux Users Group - Bulgaria (bulgarian linuxers). http://www.linux-bulgaria.org - Hosted by Internet Group Ltd. - Stara Zagora To unsubscribe: http://www.linux-bulgaria.org/public/mail_list.html
Re: lug-bg: osoben tip spam
Boyan Krosnov wrote: mnogo shte sym ti blagodaren ako mi pratish e-mail headers. naj-mnogo me interesuvat from i to poletata. BR, Boyan -Original Message- From: Romeo Ninov [mailto:[EMAIL PROTECTED] Sent: Wednesday, May 28, 2003 5:02 PM To: [EMAIL PROTECTED] Subject: Re: lug-bg: osoben tip spam Boyan Krosnov wrote: Zdraveyte, Trqbvat mi speshno vsqkakvi logove (i naj-mnogo e-mail headers) za mailove razprashtani ot IP adresa 216.116.124.27. Osbennostta koqto tyrsq e mnogo podobni From i To poleta. Primerno from: [EMAIL PROTECTED] to: [EMAIL PROTECTED] from: [EMAIL PROTECTED] to: [EMAIL PROTECTED] from: [EMAIL PROTECTED] to: [EMAIL PROTECTED] Spama e ot nov tip. Spamerite prosto generirat shum pri kojto choveka ot to poleto si misli che choveka ot from poleto e izlygal nqkakyv nepoznat subekt. Krajnata cel e da reklamirat dva site-a: www.tefter.com i www.pozvanete.com. Logovete koito sym zasqkal do sega sa ot perioda 9:09 - 9:25 bylgarsko vreme (+0300). Molq pomognete. I az imam podoben problem. ot sashtoto IP. i pishe na balgarski (razni prostotii) :-(( --- Received: from hostica.com ([216.116.124.27]) by daisy1.daisytechbg.com; Wed, 28 May 2003 09:16:31 +0300 Received: (qmail 12370 invoked by uid 10413); 28 May 2003 06:10:04 - Date: 28 May 2003 06:10:04 - Message-ID: [EMAIL PROTECTED] To: [EMAIL PROTECTED] From: [EMAIL PROTECTED] Subject: Re: Borislave, zashto ni napravihte na budali... --- Nadiawam se da e ot polza :- A mail-list of Linux Users Group - Bulgaria (bulgarian linuxers). http://www.linux-bulgaria.org - Hosted by Internet Group Ltd. - Stara Zagora To unsubscribe: http://www.linux-bulgaria.org/public/mail_list.html
Re: lug-bg: osoben tip spam
Da, naistina e razlichno. Znachi v DRBL polojenieto e slednoto: Niama centralen vuzel, vseki postmaster moje da si napravi svoi sobstven vuzel. Vseki vuzel se sustoi ot 2 DNS zoni. Ednata e VOTE zonata, drugata e WORK zonata. Vuv VOTE zonata se slagat IP-ta, koito postmastera klasificira kato spam, po shemata 4.3.2.1.vote.example.com. Vsichki zapisi vuv VOTE zonata triabva da sa ruchno napraveni ot suotvetnia postmaster (predpolagam che i honeypot adres se dopuska). Nishto ne triabva da se importira. WORK zonata se polzva ot MTA za otlichavane na spam-a. Tia vkluchva IP-ta ot niakolko VOTE zoni (sobstvenata, i na drugi saitove na koito imate doverie). Na vsiaka vkluchena VOTE zona se zadava rating, a za WORK zonata kato cialo se zadava minalen sbor ot ratingi, koito da se schita za spam. Ako edno IP go ima v dve VOTE zoni, ratinga na IP-to e sbora na ratingite na dvete VOTE zoni. Ima i napisan software za DRBL vuzel - http://www.agk.nnov.ru/drbl/prog/drbl-2.1.tar.gz . Napisan e izcialo na Perl. Durpa informacia ot VOTE zonite prez IXFR. Do kolkoto razbrah ot koda, ne e suvsem v realno vreme, a ima edin script, koito triabva da se puska ot vreme na vreme za da suzdava nova baza danni za WORK zonata. Ne znam sum siguren, no mislia che izhoda na programata sa BIND zone failove. V obshti linii da si napravim edna DRBL sistema shte e dosta lesno. Vseki samo triabva da si pusne software-a i edin bind, i eventualno honeypot adres. Niakoi triabva da podurja spisuk s DRBL vuzlite. Boyan Krosnov wrote: mislq che ima izvestna razlika mejdu dsbl i drbl :) AFAIK drbl (rusnacite demek) polzvat nqkakva distributirana prez dns sistema za glasuvane i rating na e-mail iztochnicite. BR, Boyan Regards, Alek Andreev Zvuk.Net [EMAIL PROTECTED] A mail-list of Linux Users Group - Bulgaria (bulgarian linuxers). http://www.linux-bulgaria.org - Hosted by Internet Group Ltd. - Stara Zagora To unsubscribe: http://www.linux-bulgaria.org/public/mail_list.html
Re: lug-bg: osoben tip spam
zdraveite, blacklists ne sa reshenie, okazva se (mai) che polovinata internet e blacklist-nat i lichno az sum namiral ne-spam pisma v koshcheto zaradi takiva spisyci... otskoro polzvam bogofilter (http://bogofilter.sourceforge.net/) koito e pisan ot Eric S. Raymond (avtora na fetchmail za koito ne se seshta:)) bogofilter e baziran na metod na Bayes (Bayesian probability). ideqta da se izpolzva kato spam filtyr e opisana tuk: http://www.paulgraham.com/spam.html hubavoto e che podoben filtyr moje da se uchi sam i dava perfektni rezultati (do 99% efektivnost). pri men e kym 97% no trqbva da go ucha s poslednite modni spam messages. tova e moqt opit i sym mnogo dovolen, moje da svurshi rabota i na nqkoi ot vas, ako li ne pone si zaslujava chovek da si poigrae malko s nego :)) eto oshte malko teoriq: http://www.wikipedia.org/wiki/Bayesian_probability http://www.fmi.uni-sofia.bg/fmi/statist/lectures/prob/prob.htm http://www.fmi.uni-sofia.bg/vesta/Virtual_Labs/index.html http://www.fmi.uni-sofia.bg/fmi/statist/statlib/glossary/index.htm http://www.fmi.uni-sofia.bg/vesta/index.html no i az ne sym gi chel vsichkite... :/ aaa zabravih da spomena che bogofilter moje da markira syobshteniqta v qmail a predpolagam i za drugi mta no ne sym naqsno... P! Vladi. On Wed, 28 May 2003 17:36:56 +0300 Vesselin Kolev [EMAIL PROTECTED] wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Ami... ne mislite li, che e kraino vreme povecheto ot nas da napravim nash DNS baziran blacklist. Taka sys syvmestni usilia shte izolirame spameri ot vsiakakyv rod. Pozdravi Vesselin Kolev On Wednesday 28 May 2003 16:22, Boyan Krosnov wrote: Zdraveyte, Trqbvat mi speshno vsqkakvi logove (i naj-mnogo e-mail headers) za mailove razprashtani ot IP adresa 216.116.124.27. Osbennostta koqto tyrsq e mnogo podobni From i To poleta. Primerno from: [EMAIL PROTECTED] to: [EMAIL PROTECTED] from: [EMAIL PROTECTED] to: [EMAIL PROTECTED] from: [EMAIL PROTECTED] to: [EMAIL PROTECTED] Spama e ot nov tip. Spamerite prosto generirat shum pri kojto choveka ot to poleto si misli che choveka ot from poleto e izlygal nqkakyv nepoznat subekt. Krajnata cel e da reklamirat dva site-a: www.tefter.com i www.pozvanete.com. Logovete koito sym zasqkal do sega sa ot perioda 9:09 - 9:25 bylgarsko vreme (+0300). Molq pomognete. BR, Boyan Krosnov, CCIE#8701 http://boyan.ludost.net/ just another techie speaking for himself === = A mail-list of Linux Users Group - Bulgaria (bulgarian linuxers). http://www.linux-bulgaria.org - Hosted by Internet Group Ltd. - Stara Zagora To unsubscribe: http://www.linux-bulgaria.org/public/mail_list.html === = -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.2 (GNU/Linux) iD8DBQE+1MmQ+48lZPXaa+MRAr2VAKCUTF7JLNFaCGPE6bd0jfbZLiZ8zACfX5BF kjs+SSyKNKfmNUGVUCmi4FY= =sU49 -END PGP SIGNATURE- A mail-list of Linux Users Group - Bulgaria (bulgarian linuxers). http://www.linux-bulgaria.org - Hosted by Internet Group Ltd. - Stara Zagora To unsubscribe: http://www.linux-bulgaria.org/public/mail_list.html -- *** WARNING: PLEASE DO NOT WRITE ME AT [EMAIL PROTECTED] *** MAIL.BG SERVICE IS BROKEN AND DROPS OR REFUSES MESSAGES -- Vladi Belperchinov-Shabanski [EMAIL PROTECTED] [EMAIL PROTECTED] Personal home page at http://soul.datamax.bg/~cade DataMax SA http://www.datamax.bg Welcome to this crazy world, welcome to the show that never ends... pgp0.pgp Description: PGP signature
Re: lug-bg: osoben tip spam
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ,(...), :) Stockton Wednesday 28 May 2003 20:40, Vesselin Kolev : Mi dobre, ako zhelaete shte vi pokazha kak pri men raboti podobna DNS zona i shte obiasnia kakvi sa hvatkite i pravilata pri izgrazhdaneto na podoben tip zona... Pri men tia raboti ot 15 meseca, razbira se samo za nuzhdite na poshtenskite mi serveri. No naprimer DNSBL mozhe da se prilozhi i za IRC serveri, osobeno ako se polzvat DNSBL za open socks ili open proxy. Ako mi ostane vreme utre (ako iskash mi napomni i po e-maila), makar da sym v dvizhenie shte opisha shemata da doverie za podobna systema i shema. Mozhe da e malko dosadno, no ako smetnete tova za dosada... niama da go napisha prosto:))) Pozdravi Vesselin Kolev -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.1 (GNU/Linux) iD8DBQE+1b9TbUl2/okDM3URAsXnAKCbzdmm0zaV7gFGXGDlw913lTxfLgCfSn2B EVhim34RZkYRxiYiiiAgY/8= =oS8L -END PGP SIGNATURE- A mail-list of Linux Users Group - Bulgaria (bulgarian linuxers). http://www.linux-bulgaria.org - Hosted by Internet Group Ltd. - Stara Zagora To unsubscribe: http://www.linux-bulgaria.org/public/mail_list.html
RE: lug-bg: osoben tip spam
I dvete resheniq sa raboteshti. Az polzvam slednite white i black listi (sys statistikite ot poslednoto denonoshtie): RBL Statistics (rejects/24h) whitelist.lirex.net/accept:9 (0.3%) blacklist.lirex.net: 356 (12.6%) blackholes.wirehub.net:1654 (58.5%) bl.spamcop.net:360 (12.7%) relays.osirusoft.com: 132 (4.7%) dnsbl.njabl.org: 83 (2.9%) proxies.relays.monkeys.com:10 (0.4%) non-RBL rejects: 224 (7.9%) // smtp violations, unexistent sender domain, relay attempts, etc. Ne polzvam filtrirane na bazata na sydyrjanie. Ot kakto vyvedohme sistemata v dejstvie (okolo polovin godina) mi se e sluchvalo tochno dva pyti da blacklistvame nqkoj s kojto iskame da si govorim. I v dvata sluchaq imashe zashto. I v dvata sluchaq problema beshe izqsnen po telefona, IP-to im whitelistnato (vypreki riska ot spam prez tqh) i syobshtenieto im dostaveno do krajniq si poluchatel. Polzvame tazi sistema samo za firmenite ni adresi (@lirex.bg @lirex.com @naturella.com, etc). Dropim poshta, ne markirame. Efektivnostta e nad 95%-99%. Boyan Krosnov, CCIE#8701 http://boyan.ludost.net/ just another techie speaking for himself -Original Message- From: Vladi Belperchinov-Shabanski [mailto:[EMAIL PROTECTED] Sent: Thursday, May 29, 2003 10:24 AM To: [EMAIL PROTECTED] Subject: Re: lug-bg: osoben tip spam zdraveite, blacklists ne sa reshenie, okazva se (mai) che polovinata internet e blacklist-nat i lichno az sum namiral ne-spam pisma v koshcheto zaradi takiva spisyci... otskoro polzvam bogofilter (http://bogofilter.sourceforge.net/) koito e pisan ot Eric S. Raymond (avtora na fetchmail za koito ne se seshta:)) bogofilter e baziran na metod na Bayes (Bayesian probability). ideqta da se izpolzva kato spam filtyr e opisana tuk: http://www.paulgraham.com/spam.html hubavoto e che podoben filtyr moje da se uchi sam i dava perfektni rezultati (do 99% efektivnost). pri men e kym 97% no trqbva da go ucha s poslednite modni spam messages. tova e moqt opit i sym mnogo dovolen, moje da svurshi rabota i na nqkoi ot vas, ako li ne pone si zaslujava chovek da si poigrae malko s nego :)) eto oshte malko teoriq: http://www.wikipedia.org/wiki/Bayesian_probability http://www.fmi.uni-sofia.bg/fmi/statist/lectures/prob/prob.htm http://www.fmi.uni-sofia.bg/vesta/Virtual_Labs/index.html http://www.fmi.uni-sofia.bg/fmi/statist/statlib/glossary/index.htm http://www.fmi.uni-sofia.bg/vesta/index.html no i az ne sym gi chel vsichkite... :/ aaa zabravih da spomena che bogofilter moje da markira syobshteniqta v qmail a predpolagam i za drugi mta no ne sym naqsno... P! Vladi. On Wed, 28 May 2003 17:36:56 +0300 Vesselin Kolev [EMAIL PROTECTED] wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Ami... ne mislite li, che e kraino vreme povecheto ot nas da napravim nash DNS baziran blacklist. Taka sys syvmestni usilia shte izolirame spameri ot vsiakakyv rod. Pozdravi Vesselin Kolev On Wednesday 28 May 2003 16:22, Boyan Krosnov wrote: Zdraveyte, Trqbvat mi speshno vsqkakvi logove (i naj-mnogo e-mail headers) za mailove razprashtani ot IP adresa 216.116.124.27. Osbennostta koqto tyrsq e mnogo podobni From i To poleta. Primerno from: [EMAIL PROTECTED] to: [EMAIL PROTECTED] from: [EMAIL PROTECTED] to: [EMAIL PROTECTED] from: [EMAIL PROTECTED] to: [EMAIL PROTECTED] Spama e ot nov tip. Spamerite prosto generirat shum pri kojto choveka ot to poleto si misli che choveka ot from poleto e izlygal nqkakyv nepoznat subekt. Krajnata cel e da reklamirat dva site-a: www.tefter.com i www.pozvanete.com. Logovete koito sym zasqkal do sega sa ot perioda 9:09 - 9:25 bylgarsko vreme (+0300). Molq pomognete. BR, Boyan Krosnov, CCIE#8701 http://boyan.ludost.net/ just another techie speaking for himself == = = A mail-list of Linux Users Group - Bulgaria (bulgarian linuxers). http://www.linux-bulgaria.org - Hosted by Internet Group Ltd. - Stara Zagora To unsubscribe: http://www.linux-bulgaria.org/public/mail_list.html == = = -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.2 (GNU/Linux) iD8DBQE+1MmQ+48lZPXaa+MRAr2VAKCUTF7JLNFaCGPE6bd0jfbZLiZ8zACfX5BF kjs+SSyKNKfmNUGVUCmi4FY= =sU49 -END PGP SIGNATURE- == == A mail-list of Linux Users Group - Bulgaria (bulgarian linuxers). http://www.linux-bulgaria.org - Hosted by Internet Group Ltd. - Stara Zagora To unsubscribe: http://www.linux-bulgaria.org/public/mail_list.html == == -- *** WARNING: PLEASE DO
Re: lug-bg: osoben tip spam
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Sorry:( otnesoh se... Eto pochvam.
Az shte govoria tuk samo za dnsbl. Black list, koito e baziran samo na
proverka na IP adresite na iniciatorite na SMTP sesii kym MTA.
rhsbl, koiti sa bazirani na formata i sydyrzhanieto na poshtenskia adres
shte obsydia utre ili drug pyt, shtoto dnes za tova niama da mi stigne
i vremeto.
- DNSBL
Pyrvo software-a koito sym izpolzval.
Kogato zapochnah izgrazhdaneto na lista, rabotih s ISC BIND 9.2.1. V momenta
sym s ISC BIND 9.2.2. Mashinata, na koiato se poddryzha lista e sys
slednite paramtri:
OS: Mandrake Linux 8.2, kernel 2.4.18-6mdk
CPU: PII 333 MHz
RAM: 64MB SDRAM
HDD: 10.5GB
FS: ext2
Mashinata e svyrzana v 100 Mbps LAN s poddryzhanite ot men MTA (obshto
5 na broi).
Configuracionen file na BIND: /etc/named.conf
Hranilishte za zonalnite file-ove: /var/named/dnsbl
Configuracionen segment za DNSBL vyv file-a /etc/named.conf
zone dnsbl.vpn.lcpe.uni-sofia.bg {
type master;
file /var/named/dnsbl/dnsbl.vpn.lcpe.uni-sofia.bg;
allow-query { internals;};
allow-transfer { none;};
};
VNIMANIE!!! Edin ot malkoto sluchai, kogato ne biva da se razreshava
svoboden transfer na zoni e sluchaia sys dnsbl. Prichinata e, che
spamerite mogat da izpolzvat informaciata tam za da nameriat openrelay
hostove i da gi izpolzvat.
Osobenoto pri men e, che az polzvam samo edin centalen DNS server,
i niamam slave serveri za imena. Tova e poradi konrektnata situacia. V
osbhtia sluchai traibva da se poddyrzha slave mrezha ot serveri za imena,
osobeno ako se raboti pri golemi natovarvania.
###
VNIMANIE: Tova, koeto vizhdate kato konfiguracia se otnasia samo i
edinstveno za localen DNSBL. Tozi list ne vkliuchva prepratki kym
publichni svobodni ili comersailno black lists!
###
###
###
MNOGO GOLIAMO VNIMANIE!
Ako ste ISP i poddryzhate naeti linii i imate mail hub, ne vkliuchvaite tozi
mail hub kym DNSBL, koito gradite i izobshto kym niakakyv blacklist! Tova
mozhe da dovede do konflikti mezhdu vas i klientite. Opityt sochi, che e
po-dobre da ima dva mail hub-a za fortifikacionna shema na vhodiashtata
poshta: edinia da e obvyrzan s black list, a drugia ne i klientite sami da
izbirat prez koi ot dvata mail hub-a shte minat kato bydat izrichno
predopredeni za koliziite, koito mogat da se poluchat.
###
###
Syntax na RR v zonata na blacklista.
V zonata na dnsbl se praviat PTR resursni zapisi sypytstvani s TXT RR s
ukazatel za prichinata za pribavianeto na narushitelia ili s ukazvane na
link, kydeto mozhe da byde poluchena informacia za prichinata za postavaneto
na daden IP adres v zonata.
V obsht vid syntax traibva da e
$ORIGIN vashia.dnsbl.domain.
xxx.yyy.zzz.qqq PTR 127.0.0.x
xxx.yyy.zzz.qqq TXT obiasnenie ili nasochvane
Konvencia za izpolzvane na PTR ukazatelite.
PTR RR traiva da ukazva okteten zapis ot tipa na
127.0.0.2, 127.0.0.3 i t.n... Niama tochno opredeleno pravilo za upotreba
na ukazatelite, zatova vseki blacklist opisva na web site-a si ili drugade
znachenieto na vseki ukazatel. Naprimer:
* 127.0.0.2 - open relays
* 127.0.0.3 - dial-up/dynamic IP ranges
* 127.0.0.4 - Spam Sources
This will include both commercial spammers as well as some dial-up
direct-to-mx spammers and open proxies as it's not always possible to
differentiate between these sources. For commercial spammers, once we have
spam on file from some of their IPs, we may add their entire IP range if it
can be reliably determined.
* 127.0.0.5 Multi-stage open relays
Before adding multi-stage open relays to our list, we make an attempt to
notify the NIC contacts for their IP space and give them at least one week to
fix their systems.
* 127.0.0.8 Systems with insecure formmail.cgi or similar CGI scripts
which turn them into open relays
This includes the output IP when a server with an insecure formmail CGI
smarthosts outgoing email through another server or servers.
* 127.0.0.9 Open proxy servers
i t.n...
Vyzmozhni sa i drugi konvencii. Niakoi software-i mogat da se suobraziavat
s konvenciite, ako tova tova byde ukazano. Shte stane tvyrde dylgo, ako
pochna da opisvam. Niakoi dnsbl izpolzvat samo edin ukazatel. Edna selekcia
na ednoukazatelni dnsbl mozhete da vidite na adres:
http://www.declude.com/JunkMail/Support/ip4r.htm
Prevencii.
Filtriraite adresnite prostranstva po RFC 1918, ako ne ochakvate vryzki ot
IP adresi v tehnia systav za predavane na mail kym vashi MTA. Tova mozhe da
byde napraveno i po interace-i. Filtriraite syshto taka multikast adresnite
prostranstva otkym dostyp do 25/tcp (ako razbira se shte filtrirate samo
e-mail).
Postaviane na zapis za proverka.
Za da proverite dali deistva vashata zona mozhete da postavite slednia
zapis:
$ORIGIN
