Re: Anybody else getting bombarded with "I RECORDED YOU" spam?
Using Sendmail. I added milter-regex which allows very simple rules eg. reject "Unsolicited Spam" - make this as rude as you like. body /I RECORDED YOU/i Done and dusted. It's available as an RPM frpm epel for RedHat and variants. *** REPLY SEPARATOR *** On 11/11/2023 at 1:09 PM Mike Bostock via users wrote: >In your message regarding Re: Anybody else getting bombarded with "I >RECORDED YOU" spam? dated 11/11/2023, Noel Butler said ... > >> On 11/11/2023 22:37, Mike Bostock via users wrote: > >> > There is a way to whitelist domains with no RDNS but so far I haven't >> > found a way to do this in the .mc file. >> > >> > Thanks again > >> /etc/mail/access > >> Connect:foo OK > >Of course, du! ;-) > > >-- >Mike
Re: Anybody else getting bombarded with "I RECORDED YOU" spam?
In your message regarding Re: Anybody else getting bombarded with "I RECORDED YOU" spam? dated 11/11/2023, Noel Butler said ... > On 11/11/2023 22:37, Mike Bostock via users wrote: > > There is a way to whitelist domains with no RDNS but so far I haven't > > found a way to do this in the .mc file. > > > > Thanks again > /etc/mail/access > Connect:foo OK Of course, du! ;-) -- Mike
Re: Anybody else getting bombarded with "I RECORDED YOU" spam?
On 11/11/2023 22:37, Mike Bostock via users wrote: There is a way to whitelist domains with no RDNS but so far I haven't found a way to do this in the .mc file. Thanks again /etc/mail/access Connect:foo OK -- Regards, Noel Butler This Email, including attachments, may contain legally privileged information, therefore at all times remains confidential and subject to copyright protected under international law. You may not disseminate this message without the authors express written authority to do so. If you are not the intended recipient, please notify the sender then delete all copies of this message including attachments immediately. Confidentiality, copyright, and legal privilege are not waived or lost by reason of the mistaken delivery of this message.
Re: Anybody else getting bombarded with "I RECORDED YOU" spam?
In your message regarding Re: Anybody else getting bombarded with "I RECORDED YOU" spam? dated 10/11/2023, Mark London said ... > Sendmail didn't introduce FEATURE(require_rdns) until 2007. I'm sure > I've been using it longer than that. And by default it's not enabled. > It doesn't totally block the "I RECOVERED YOU" spams. Occasional some > come through with ip addresses that have valid reverse lookups. But the > number getting blocked, is still huge. Mark, thank you for this. I have just added this feature to my Sendmail and installed pyspf-milter as well and I would say it has reduced my spam by 95%. There is a way to whitelist domains with no RDNS but so far I haven't found a way to do this in the .mc file. Thanks again -- Mike
Re: Anybody else getting bombarded with "I RECORDED YOU" spam?
I don't have the specifics at hand but I created a rule that places a heavy score (like 2.0) on anything that matches existing sex and bitcoin rules. These messages usually match a bunch of other signals and that rule pushes the score over my delete-on-sight threshold (8.0). On 2023-11-10 05:51, giova...@paclan.it wrote: To block this type of spam I've increased the score of GB_HASHBL_BTC (Bitcoin rbl) rule. Giovanni On 11/10/23 11:01, Mark London wrote: Sendmail didn't introduce FEATURE(require_rdns) until 2007. I'm sure I've been using it longer than that. And by default it's not enabled. It doesn't totally block the "I RECOVERED YOU" spams. Occasional some come through with ip addresses that have valid reverse lookups. But the number getting blocked, is still huge. On 11/10/2023 4:48 AM, Reindl Harald (privat) wrote: Am 10.11.23 um 08:40 schrieb Mark London: Marc - You are correct. All the IP sources of this spam, don't a valid reverse lookup of the IP address, to an IP name. That will solve my problem. Thanks! - Mark in other words your MTA is misconfigured https://www.postfix.org/postconf.5.html#reject_unknown_reverse_client_hostname On 11/9/2023 12:38 PM, Marc wrote: Do you at least verify the reverse lookup? That already stops a lot of such networks. -- For SpamAssassin Users List
Re: Anybody else getting bombarded with "I RECORDED YOU" spam?
To block this type of spam I've increased the score of GB_HASHBL_BTC (Bitcoin rbl) rule. Giovanni On 11/10/23 11:01, Mark London wrote: Sendmail didn't introduce FEATURE(require_rdns) until 2007. I'm sure I've been using it longer than that. And by default it's not enabled. It doesn't totally block the "I RECOVERED YOU" spams. Occasional some come through with ip addresses that have valid reverse lookups. But the number getting blocked, is still huge. On 11/10/2023 4:48 AM, Reindl Harald (privat) wrote: Am 10.11.23 um 08:40 schrieb Mark London: Marc - You are correct. All the IP sources of this spam, don't a valid reverse lookup of the IP address, to an IP name. That will solve my problem. Thanks! - Mark in other words your MTA is misconfigured https://www.postfix.org/postconf.5.html#reject_unknown_reverse_client_hostname On 11/9/2023 12:38 PM, Marc wrote: Do you at least verify the reverse lookup? That already stops a lot of such networks. OpenPGP_signature.asc Description: OpenPGP digital signature
Re: Anybody else getting bombarded with "I RECORDED YOU" spam?
Sendmail didn't introduce FEATURE(require_rdns) until 2007. I'm sure I've been using it longer than that. And by default it's not enabled. It doesn't totally block the "I RECOVERED YOU" spams. Occasional some come through with ip addresses that have valid reverse lookups. But the number getting blocked, is still huge. On 11/10/2023 4:48 AM, Reindl Harald (privat) wrote: Am 10.11.23 um 08:40 schrieb Mark London: Marc - You are correct. All the IP sources of this spam, don't a valid reverse lookup of the IP address, to an IP name. That will solve my problem. Thanks! - Mark in other words your MTA is misconfigured https://www.postfix.org/postconf.5.html#reject_unknown_reverse_client_hostname On 11/9/2023 12:38 PM, Marc wrote: Do you at least verify the reverse lookup? That already stops a lot of such networks.
RE: Anybody else getting bombarded with "I RECORDED YOU" spam?
Yes that is fucked up that experience and wisdom comes with getting older ;) https://faculty.cs.niu.edu/~rickert/cf/hack/require_rdns.m4 > > Marc - You are correct. All the IP sources of this spam, don't a valid > reverse lookup of the IP address, to an IP name. That will solve my > problem. Thanks! - Mark > > On 11/9/2023 12:38 PM, Marc wrote: > > Do you at least verify the reverse lookup? That already stops a lot of > such networks.
Re: Anybody else getting bombarded with "I RECORDED YOU" spam?
Marc - You are correct. All the IP sources of this spam, don't a valid reverse lookup of the IP address, to an IP name. That will solve my problem. Thanks! - Mark On 11/9/2023 12:38 PM, Marc wrote: Do you at least verify the reverse lookup? That already stops a lot of such networks.
RE: Anybody else getting bombarded with "I RECORDED YOU" spam?
> > Heck, maybe I should just block the whole country. :) You have to be careful with this. I think there are 'organisations' that specifically abuse with the intend to provoke you to have blanket block a specific region/range.
Re: Anybody else getting bombarded with "I RECORDED YOU" spam?
Unfortunately most of the ip addresses do have reverse lookups. On the other hand, I do see that some have common domains. So I could use block by domain using sendmail. Heck, maybe I should just block the whole country. :) On 11/9/2023 12:38 PM, Marc wrote: The spam is coming from many different IP ranges, with little repetition. Most of them are from countries like Afghanistan, Kyrgyzstan, Azerbaijan, Kazakhstan, and Uzbekistan. Are these the latest sources that spam software is using, because other countries have tightened up their security? Do you at least verify the reverse lookup? That already stops a lot of such networks. I've been using spamassassin for almost several decades, and I've never noticed anything like this. I don't understand why the spam continues to be sent over and over. I do reject emails with a very high spam, which these spams have. So I tried changing my configuration to discard the email instead, hoping the spammer software would decide that the email had been received. This didn't help. I'm curious if anyone is noticing this spam. Thanks. - Mark This takes a while (afaik months at least).
RE: Anybody else getting bombarded with "I RECORDED YOU" spam?
> > The spam is coming from many different IP ranges, with little > repetition. Most of them are from countries like Afghanistan, > Kyrgyzstan, Azerbaijan, Kazakhstan, and Uzbekistan. Are these the > latest sources that spam software is using, because other countries have > tightened up their security? Do you at least verify the reverse lookup? That already stops a lot of such networks. > I've been using spamassassin for almost several decades, and I've never > noticed anything like this. I don't understand why the spam continues > to be sent over and over. I do reject emails with a very high spam, > which these spams have. So I tried changing my configuration to discard > the email instead, hoping the spammer software would decide that the > email had been received. This didn't help. I'm curious if anyone is > noticing this spam. Thanks. - Mark > This takes a while (afaik months at least).