Re: Spam problem
* Rob 'Feztaa' Park ([EMAIL PROTECTED]) wrote: Hey guys, I've been having this terrible problem with email spam and I was wondering if you guys have similar problems, and if so, what you do about them. I vote for taking the spammer out and having him/her/them drawn and quartered. Anyway, I keep getting advertisements for really disgusting porn. They all seem to come from different addresses (although they're all from hotmail, and they're all obviously spoofed - replies bounce). yep, typical. However, I am quite lucky, because they all have one thing in common that lets me filter them fairly easily: :0 * ^Message-.*mx.+mail.home.com $MAILDIR/spam :D So far, that procmail filter has filtered every single one, and hasn't caught anything not-spam (as for the mx.+mail part, the message id always ends with @mx, then a number or two, a hyphen, then two or three seemingly random letters, then mail.home.com. If it's @home's mail server, it's probably an open relay somewhere, either from @home itself or some idiot set up his mail server wrong on his home machine and now it's being used for spam. Report though spamcop (www.spamcop.net) and/or to @home ([EMAIL PROTECTED]). I've spoken with my ISP about this, and they basically said Hey, not our fault, go away. also typical. True, but typical. -- Carl B. Constantine University of Victoria Programmer Analyst http://www.uvic.ca UNIX System Administrator Victoria, BC, Canada [EMAIL PROTECTED]
Re: Spam problem
On Mon, Oct 29, 2001 at 01:35:16AM -0500, Justin R. Miller (dis)graced my inbox with: Thus spake Rob 'Feztaa' Park ([EMAIL PROTECTED]): Hey guys, I've been having this terrible problem with email spam and I was wondering if you guys have similar problems, and if so, what you do about them. I started using SpamAssassin a few weeks ago and have been very happy with it. I finally did a little write-up of how I have things going if you are interested: http://codesorcery.net/docs/spamtricks.html Please let me know if you'd like any clarifications. Hey, that looks really good. I'll take a better look at it when I get some freetime (hopefully today). Thanks :) -- Rob 'Feztaa' Park [EMAIL PROTECTED] -- I would have made a good Pope. -- Richard Nixon PGP signature
Re: Spam problem
If you are using pop3 check out mailfilter, you should find it on sourceforge. You have to specify the mails you do not want to recieve (using regexp's) and those mails will be deleted on the server before you download them to your machine. There is also an option to run it in test mode before you go fully *online* with it so you know which mails will be deleted. hth, regards, Sharukh. Rob 'Feztaa' Park muttered: Hey guys, I've been having this terrible problem with email spam and I was wondering if you guys have similar problems, and if so, what you do about them. snip -- Dr. Sharukh K. R. Pavri Mumbai, India.
Re: Spam problem
Thus spake Rob 'Feztaa' Park ([EMAIL PROTECTED]): Hey guys, I've been having this terrible problem with email spam and I was wondering if you guys have similar problems, and if so, what you do about them. I started using SpamAssassin a few weeks ago and have been very happy with it. I finally did a little write-up of how I have things going if you are interested: http://codesorcery.net/docs/spamtricks.html Please let me know if you'd like any clarifications. -- Justin R. Miller [EMAIL PROTECTED] PGP/GnuPG Key ID 0xC9C40C31 (preferred) PGP signature
Spam problem
Hey guys, I've been having this terrible problem with email spam and I was wondering if you guys have similar problems, and if so, what you do about them. Anyway, I keep getting advertisements for really disgusting porn. They all seem to come from different addresses (although they're all from hotmail, and they're all obviously spoofed - replies bounce). However, I am quite lucky, because they all have one thing in common that lets me filter them fairly easily: :0 * ^Message-.*mx.+mail.home.com $MAILDIR/spam :D So far, that procmail filter has filtered every single one, and hasn't caught anything not-spam (as for the mx.+mail part, the message id always ends with @mx, then a number or two, a hyphen, then two or three seemingly random letters, then mail.home.com. I've spoken with my ISP about this, and they basically said Hey, not our fault, go away. This is getting really bad. It just keeps coming, and I can't stop it. Does anybody know how I can get these guys shut down? -- Rob 'Feztaa' Park [EMAIL PROTECTED] -- When I was a kid I used to pray every night for a new bicycle. Then I realized that the Lord doesn't work that way, so I stole one and asked Him to forgive me. -- Emo Philips
Re: Spam problem
Rob 'Feztaa' Park wrote: Hey guys, I've been having this terrible problem with email spam and I was wondering if you guys have similar problems, and if so, what you do about them. Anyway, I keep getting advertisements for really disgusting porn. They all seem to come from different addresses (although they're all from hotmail, and they're all obviously spoofed - replies bounce). well for your own sanity, i highly recommend a set of procmail filters like spambouncer... www.spambouncer.org you still need to check your spam folder occasionally, and sometimes there will be spam that makes it through or legit / semi legit mail that makes it into your spam folder (and it takes a bit of time to get configured right) BUT it does keep a very high percentage of spam out of your inbox. you can also set it up to notify people with 'borderline' mail that their mail has been held, and allows them to send you mail by using a specific password... and it can send fake 'bounces' back to known spammers to try to get you off their lists. I've spoken with my ISP about this, and they basically said Hey, not our fault, go away. This is getting really bad. It just keeps coming, and I can't stop it. Does anybody know how I can get these guys shut down? probably not, but you might use spamcop to report it, or read the headers and report the spammer to their ISP. a good amount of spam comes from shady isps in other countries, so reporting it isn't always a good idea. you should also report them to the netblock owners of their website, return email address, DNS providers, etc. of course some people might suggest doing some research and getting some sort of revenge on them, but i wouldn't suggest doing anything like that :p if you have control over your mail server you might be able to setup something to reject the mail before it even enters your server. w -- GPG Public Key: http://infinitejazz.net/will/pgp/
Re: Spam problem
On Fri, Oct 26, 2001 at 05:49:03PM -0700, Will Yardley (dis)graced my inbox with: Rob 'Feztaa' Park wrote: Hey guys, I've been having this terrible problem with email spam and I was wondering if you guys have similar problems, and if so, what you do about them. Anyway, I keep getting advertisements for really disgusting porn. They all seem to come from different addresses (although they're all from hotmail, and they're all obviously spoofed - replies bounce). well for your own sanity, i highly recommend a set of procmail filters like spambouncer... www.spambouncer.org Cool, I'll check that out. you still need to check your spam folder occasionally, and sometimes there will be spam that makes it through or legit / semi legit mail that makes it into your spam folder (and it takes a bit of time to get configured right) BUT it does keep a very high percentage of spam out of your inbox. Well, I check my spam folder whenever there's something new in it (which kinda defeats the purpose of filtering the spam, because I still see it). That rule I mentioned does kill 100% of the spam from that particular spammer, and hasn't caught any legit mail at all (yet...), so I'm thinking of changing the third line to /dev/null :) you can also set it up to notify people with 'borderline' mail that their mail has been held, and allows them to send you mail by using a specific password... and it can send fake 'bounces' back to known spammers to try to get you off their lists. Would that work? I thought most spammers added little send email here to unsubscribe to the bottom of their emails just so they could confirm that they are actually spamming a real address... In other words, email me to let me know I'm doing a good job! I've spoken with my ISP about this, and they basically said Hey, not our fault, go away. This is getting really bad. It just keeps coming, and I can't stop it. Does anybody know how I can get these guys shut down? probably not, but you might use spamcop to report it, or read the headers and report the spammer to their ISP. a good amount of spam comes from shady isps in other countries, so reporting it isn't always a good idea. Funny thing about the headers is, as far as I can tell from the hostnames, it's coming from _my_ ISP. But they deny it. you should also report them to the netblock owners of their website, return email address, DNS providers, etc. That's the thing, though. The message is _very_ well spoofed. It's hard to track down. Then again, I'm no expert, so perhaps I should attach a copy of the headers for you (perhaps I'll do that privately). of course some people might suggest doing some research and getting some sort of revenge on them, but i wouldn't suggest doing anything like that :p I'm generally opposed to breaking the law when I take action here, but if push comes to shove... if you have control over your mail server you might be able to setup something to reject the mail before it even enters your server. Now that's something I don't know much about. I am running a mail server on my machine, but I don't actually use it for receiving mail - I use fetchmail to get my mail from my ISP-given email address. As far as I know, fetchmail just passes it right along to postfix normally, right? Or does it just drop the mail straight into my spool file? If it's the former, I might be able to do that... -- Rob 'Feztaa' Park [EMAIL PROTECTED] -- Ever notice something? Unix comes with compilers. NT comes with solitaire. -- Adep
Re: Spam problem
Rob 'Feztaa' Park wrote: On Fri, Oct 26, 2001 at 05:49:03PM -0700, Will Yardley (dis)graced my inbox with: Well, I check my spam folder whenever there's something new in it (which kinda defeats the purpose of filtering the spam, because I still see it). That rule I mentioned does kill 100% of the spam from that particular spammer, and hasn't caught any legit mail at all (yet...), so I'm thinking of changing the third line to /dev/null :) yeah i just don't have my spam folder set as a mailbox that receives mail... but then i check it a couple times a day, or at least every couple days. as long as i don't have to get it in my inbox i'm pretty happy tho. changing the one line to /dev/null might be ok Would that work? I thought most spammers added little send email here to unsubscribe to the bottom of their emails just so they could confirm that they are actually spamming a real address... In other words, email me to let me know I'm doing a good job! yes but a lot of them have valid return-path or From: headers that they use purely to tell what addresses are valid. so if a bounce is convincing enough, they might unsub you... Funny thing about the headers is, as far as I can tell from the hostnames, it's coming from _my_ ISP. But they deny it. that's unlikely. you might want to run the headers through spamcop. it _is_ possible that they're using a direct SMTP connection to your ISP's mailserver, but the originating IP will still show. you can forward me the full headers privately if you want and while it might be a bit OT, i'm sure someone on this list would know where it's coming from. headers can be faked to an extent, but they rarely lie. That's the thing, though. The message is _very_ well spoofed. It's hard to track down. Then again, I'm no expert, so perhaps I should attach a copy of the headers for you (perhaps I'll do that privately). yeah do that. i'm not the best at this but i've done a bit of it. if you have control over your mail server you might be able to setup something to reject the mail before it even enters your server. Now that's something I don't know much about. I am running a mail server on my machine, but I don't actually use it for receiving mail - I use fetchmail to get my mail from my ISP-given email address. As far as I know, fetchmail just passes it right along to postfix normally, right? Or does it just drop the mail straight into my spool file? If it's the former, I might be able to do that... yeah if you're using fetchmail i don't think that will help so much if you actually run a mail server (esp. with postfix) you can do regex checks on headers so that the message is rejected before it even gets delivered / filtered by procmail. i think http://postfix.org/uce/ has some info, and there's an unnoficial set of header check regexs for uce at http://www.mrbill.net/postfix/ you can also sub to blacklists of varying degrees of usefulness... a lot of these will cause your machine to reject mail that you want to receive tho spambouncer can use these blacklists as well, although of course once the mail is received, the spammer has already wasted more bandwidth and time than you'd like them to in any event this is definitely getting a bit OT.. w -- GPG Public Key: http://infinitejazz.net/will/pgp/
Re: Spam problem
Rob 'Feztaa' Park mutt [26/10/01 21:58 -0600]: On Fri, Oct 26, 2001 at 05:49:03PM -0700, Will Yardley (dis)graced my inbox if you have control over your mail server you might be able to setup something to reject the mail before it even enters your server. Now that's something I don't know much about. I am running a mail server on my machine, but I don't actually use it for receiving mail - I use fetchmail to get my mail from my ISP-given email address. As far as I Try this - http://www.linuxgazette.com/issue66/suresh.html - it might help. know, fetchmail just passes it right along to postfix normally, right? Or does it just drop the mail straight into my spool file? If it's the former, I might be able to do that... Depends on how you configure fetchmail. The default is for fetchmail to talk to localhost:25 so your postfix (look at the sample pcre file in the postfix example configs for help) should bounce things rather nicely. -srs PGP signature
Re: Spam problem
On Sat, Oct 27, 2001 at 11:15:08AM +0530, Suresh Ramasubramanian (dis)graced my inbox with: Now that's something I don't know much about. I am running a mail server on my machine, but I don't actually use it for receiving mail - I use fetchmail to get my mail from my ISP-given email address. As far as I Try this - http://www.linuxgazette.com/issue66/suresh.html - it might help. Will do. know, fetchmail just passes it right along to postfix normally, right? Or does it just drop the mail straight into my spool file? If it's the former, I might be able to do that... Depends on how you configure fetchmail. The default is for fetchmail to talk to localhost:25 so your postfix (look at the sample pcre file in the postfix example configs for help) should bounce things rather nicely. Well, when I ran fetchmailconf, I did a novice config. So I just configured what users one what servers are me, the rest is default settings. I guess that means fetchmail sends mail to postfix automatically. I think I can prove that by showing you the fetchmail and postfix Received: headers on my incoming mail :P -- Rob 'Feztaa' Park [EMAIL PROTECTED] -- What's the three words you never want to hear while making love? 'Honey, I'm home.' -- Ken Hammond PGP signature