Re: Spamcop listed - need help to diagnose why
On 10 Jan 2006, at 05:49, Ted Mittelstaedt wrote: So the entire discussion is academic I think. But, that doesen't make it a boring discussion. Probably way beyond a lot of the posters here, though. Given the treatment you seem to be getting, I'd agree. Ceri PGP.sig Description: This is a digitally signed message part
Re: Spamcop listed - need help to diagnose why
From: Ted Mittelstaedt [EMAIL PROTECTED] -Original Message- From: [EMAIL PROTECTED] Spam I sort through. With SpamAssassin scoring it's easy to find the low scores and concentrate on them. But somebody arrogant enough to spam me with a challenge for a message to a mailing list ends up on my procmail /dev/null rules. (I use fetchmail to grab mail and procmail to feed it to /var/spool/mail/name with stops along the way for SpamAssassin, ClamAv, and some random cleverness.) Unfortunately, jdow, since your using this setup, the spammer has already successfully delivered the mail to you. The fact that you delete the spam before reading makes no difference - the spammer doesen't know that and thinks they have successfully delivered it. No they have not. They've managed to get it onto my machine, transiently. It never got delivered to ME, the organic unit here at this email address. I do vet spam. The items redirected to /dev/null are items I do not want to bother with while vetting real spam. Denying the spam before it's even accepted into the server is a much better way. Unfortunately, a content filter means you have to If you can make fetchmail do that you're pretty clever, kemo sabe. {^_^} ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
RE: Spamcop listed - need help to diagnose why
-Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of jdow Sent: Tuesday, January 10, 2006 2:12 AM To: freebsd-questions@freebsd.org Subject: Re: Spamcop listed - need help to diagnose why Unfortunately, jdow, since your using this setup, the spammer has already successfully delivered the mail to you. The fact that you delete the spam before reading makes no difference - the spammer doesen't know that and thinks they have successfully delivered it. No they have not. They've managed to get it onto my machine, transiently. It never got delivered to ME, the organic unit here at this email address. I know that and your arguing out of your hat - simply pulling statements out of context. You know perfectly well that the to you in the sentence was to your machine, the paragraph context told you that. Unfortunately in the spam game, it only matters if the spammer thinks they didn't successfully deliver it to you. And that only happens if the machine delivering the spam gets an error when trying to deliver it, since the spammer isn't using legitimate senders addresses and cannot get feedback any other way. I've never been a fan of post-filters for this reason. For some kinds of filtering - like content filtering for example - that is the only way you can do it. But I think it the height of strangeness when SA checks blacklists and such to assign scores. If they really cared about spamfiltering, they would use the IP blacklists in the way they are intended - to block access completely to the spammer, not even let them connect to the server at all. The mail that SA is assigning scores on based on an IP blacklist shouldn't even be in the SA filter to begin with. Denying the spam before it's even accepted into the server is a much better way. Unfortunately, a content filter means you have to If you can make fetchmail do that you're pretty clever, kemo sabe. No, but I can replace the Rube Goldberg fetchmail arraingement your using with a real mailserver that is on the Internet all the time and can make use of blacklist servers and such. And yes, I'm just as good at making smart-alecky comments as you are. Probably better at it, actually. Do you want to knock it off and go back to the technical merits discussion now? ;-) Ted ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
RE: Spamcop listed - need help to diagnose why
--- Ted Mittelstaedt [EMAIL PROTECTED] wrote: -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of jdow Sent: Tuesday, January 10, 2006 2:12 AM To: freebsd-questions@freebsd.org Subject: Re: Spamcop listed - need help to diagnose why Unfortunately, jdow, since your using this setup, the spammer has already successfully delivered the mail to you. The fact that you delete the spam before reading makes no difference - the spammer doesen't know that and thinks they have successfully delivered it. No they have not. They've managed to get it onto my machine, transiently. It never got delivered to ME, the organic unit here at this email address. I know that and your arguing out of your hat - simply pulling statements out of context. You know perfectly well that the to you in the sentence was to your machine, the paragraph context told you that. Unfortunately in the spam game, it only matters if the spammer thinks they didn't successfully deliver it to you. And that only happens if the machine delivering the spam gets an error when trying to deliver it, since the spammer isn't using legitimate senders addresses and cannot get feedback any other way. I've never been a fan of post-filters for this reason. For some kinds of filtering - like content filtering for example - that is the only way you can do it. But I think it the height of strangeness when SA checks blacklists and such to assign scores. If they really cared about spamfiltering, they would use the IP blacklists in the way they are intended - to block access completely to the spammer, not even let them connect to the server at all. The mail that SA is assigning scores on based on an IP blacklist shouldn't even be in the SA filter to begin with. Denying the spam before it's even accepted into the server is a much better way. Unfortunately, a content filter means you have to If you can make fetchmail do that you're pretty clever, kemo sabe. No, but I can replace the Rube Goldberg fetchmail arraingement your using with a real mailserver that is on the Internet all the time and can make use of blacklist servers and such. And yes, I'm just as good at making smart-alecky comments as you are. Probably better at it, actually. Do you want to knock it off and go back to the technical merits discussion now? ;-) YIKES. This is what happens when you put pimply-faced kids in charge of important things like mail. The carpet bomb MECCA in order to kill a few terrorists approach to computing. Its frightening. DT __ Yahoo! DSL Something to write home about. Just $16.99/mo. or less. dsl.yahoo.com ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Spamcop listed - need help to diagnose why
From: Ted Mittelstaedt [EMAIL PROTECTED] -Original Message- From: [EMAIL PROTECTED] Unfortunately, jdow, since your using this setup, the spammer has already successfully delivered the mail to you. The fact that you delete the spam before reading makes no difference - the spammer doesen't know that and thinks they have successfully delivered it. No they have not. They've managed to get it onto my machine, transiently. It never got delivered to ME, the organic unit here at this email address. I know that and your arguing out of your hat - simply pulling statements out of context. You know perfectly well that the to you in the sentence was to your machine, the paragraph context told you that. Unfortunately in the spam game, it only matters if the spammer thinks they didn't successfully deliver it to you. And that only happens if the machine delivering the spam gets an error when trying to deliver it, since the spammer isn't using legitimate senders addresses and cannot get feedback any other way. Sonny, you define it your way and I'll define it mine. The object is to not bug the user with spam. The secondary object is to keep the machine load for spam as low as possible. You have a priority inversion there. I've never been a fan of post-filters for this reason. For some kinds of filtering - like content filtering for example - that is the only way you can do it. But I think it the height of strangeness when SA checks blacklists and such to assign scores. If they really cared about spamfiltering, they would use the IP blacklists in the way they are intended - to block access completely to the spammer, not even let them connect to the server at all. The mail that SA is assigning scores on based on an IP blacklist shouldn't even be in the SA filter to begin with. People do that and discover they have blocked paying customers and the like. If you are going to raw block on black lists at least setup a scoring system that has some wide testing behind it. Denying the spam before it's even accepted into the server is a much better way. Unfortunately, a content filter means you have to If you can make fetchmail do that you're pretty clever, kemo sabe. No, but I can replace the Rube Goldberg fetchmail arraingement your using with a real mailserver that is on the Internet all the time and can make use of blacklist servers and such. And yes, I'm just as good at making smart-alecky comments as you are. Probably better at it, actually. Do you want to knock it off and go back to the technical merits discussion now? ;-) I happen to put a priority on other things. Good enough is good enough. If I were to get into serious tinkering it would be with software defined radios rather than the mail system when it's working perfectly well for the needs here at this site. Of course, YMMV. {^_^} ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Spamcop listed - need help to diagnose why
From: Danial Thom [EMAIL PROTECTED] --- Ted Mittelstaedt [EMAIL PROTECTED] -Original Message- From: [EMAIL PROTECTED] Unfortunately, jdow, since your using this setup, the spammer has already successfully delivered the mail to you. The fact that you delete the spam before reading makes no difference - the spammer doesen't know that and thinks they have successfully delivered it. No they have not. They've managed to get it onto my machine, transiently. It never got delivered to ME, the organic unit here at this email address. I know that and your arguing out of your hat - simply pulling statements out of context. You know perfectly well that the to you in the sentence was to your machine, the paragraph context told you that. Unfortunately in the spam game, it only matters if the spammer thinks they didn't successfully deliver it to you. And that only happens if the machine delivering the spam gets an error when trying to deliver it, since the spammer isn't using legitimate senders addresses and cannot get feedback any other way. I've never been a fan of post-filters for this reason. For some kinds of filtering - like content filtering for example - that is the only way you can do it. But I think it the height of strangeness when SA checks blacklists and such to assign scores. If they really cared about spamfiltering, they would use the IP blacklists in the way they are intended - to block access completely to the spammer, not even let them connect to the server at all. The mail that SA is assigning scores on based on an IP blacklist shouldn't even be in the SA filter to begin with. Denying the spam before it's even accepted into the server is a much better way. Unfortunately, a content filter means you have to If you can make fetchmail do that you're pretty clever, kemo sabe. No, but I can replace the Rube Goldberg fetchmail arraingement your using with a real mailserver that is on the Internet all the time and can make use of blacklist servers and such. And yes, I'm just as good at making smart-alecky comments as you are. Probably better at it, actually. Do you want to knock it off and go back to the technical merits discussion now? ;-) YIKES. This is what happens when you put pimply-faced kids in charge of important things like mail. The carpet bomb MECCA in order to kill a few terrorists approach to computing. Its frightening. Yeah, maybe he'll manage to survive long enough to acquire some wisdom such as sometimes comes with age. (And without that gained wisdom getting old must be unbearable.) {^_-} ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
RE: Spamcop listed - need help to diagnose why
-Original Message- From: jdow [mailto:[EMAIL PROTECTED] Sent: Tuesday, January 10, 2006 5:23 AM To: [EMAIL PROTECTED]; Ted Mittelstaedt; freebsd-questions@freebsd.org Subject: Re: Spamcop listed - need help to diagnose why From: Danial Thom [EMAIL PROTECTED] YIKES. This is what happens when you put pimply-faced kids in charge of important things like mail. The carpet bomb MECCA in order to kill a few terrorists approach to computing. Its frightening. Yeah, maybe he'll manage to survive long enough to acquire some wisdom such as sometimes comes with age. (And without that gained wisdom getting old must be unbearable.) Uh, he's talking about you, jdow. Ted ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
RE: Spamcop listed - need help to diagnose why
-Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of jdow Sent: Tuesday, January 10, 2006 5:21 AM To: freebsd-questions@freebsd.org Subject: Re: Spamcop listed - need help to diagnose why Unfortunately in the spam game, it only matters if the spammer thinks they didn't successfully deliver it to you. And that only happens if the machine delivering the spam gets an error when trying to deliver it, since the spammer isn't using legitimate senders addresses and cannot get feedback any other way. Sonny, you define it your way and I'll define it mine. jdow, I define it by the RFC's. If the mailserver you are fetchmailing from has mail in it's mailbox for you to fetch, then according to the SMTP RFC, delivery has occurred from the spammer. I understand that these days people seem to like to redefine words to suit their beliefs of how something should work, but just because you want to define it your way doesen't make it technically correct. I'm going to continue answering your message here mainly for the other readers who might be interested in the discussion. You can just quit reading now since if your going to start redefining terms for e-mail to something other than what the standard defines them as, discussion with you is completely pointless. I wonder what would happen if you went to your wife and told her that your going to redefine marriage to mean that you can sleep with some other woman. Hell, let's all let everyone redefine words however they like. After all if it's good enough for the President of the USA, then it's good enough for Joe Blow, right?!?! I do feel sorry for you since this attitude is the same attitude of the person with a broken down car who doggedly replaces part after part until he stumbles over the broken part by accident, rather than actually learning how the thing works so he can troubleshoot it properly. I am stating the facts of how your setup works and it's inherent flaws, and you obviously don't want to hear them, so you can just go away. All systems have flaws, and if the truth of the flaws in the system your running is too much for you to bear, then you are going to be happier ignorant. The object is to not bug the user with spam. Correct. The secondary object is to keep the machine load for spam as low as possible. Also correct. You have a priority inversion there. No, not at all, you do. The typical M.O. for today's spammer is to find a system that has been compromised that they can use for relaying. Either a end-users system that's got a trojan in it, or a mailserver. These are used as a transmission device. When these transmitters get cranked up, they go from mailserver to mailserver, dumping hundreds to thousands of spams and spam attempts to the server. Once they exhaust their dictionaries and lists, they move on to the next server. When you do ALL spamfiltering in post-delivery mode as you do, then nothing prevents the transmitter from delivering hundreds of spams to your server and users. This takes a lot of machine load to deal with. The more pre-delivery filtering that you can do the less the load. If you blacklist by IP address then when the transmitter hits your server, if it's on a blacklist then not a single one of it's spams gets delivered, and your system spends 0 CPU time in post-processing (ie: stuff like virus scanning, content scanning, etc.) From the users point of view, whether you pre-filter or post-filter, the amount of mail tagged as spam or blocked as spam doesen't change. But the load on the server for pre-filtering is far less than for post-filtering. That is obvious to anyone who takes the time to understand how mail works. I've never been a fan of post-filters for this reason. For some kinds of filtering - like content filtering for example - that is the only way you can do it. But I think it the height of strangeness when SA checks blacklists and such to assign scores. If they really cared about spamfiltering, they would use the IP blacklists in the way they are intended - to block access completely to the spammer, not even let them connect to the server at all. The mail that SA is assigning scores on based on an IP blacklist shouldn't even be in the SA filter to begin with. People do that and discover they have blocked paying customers and the like. If you are going to raw block on black lists at least setup a scoring system that has some wide testing behind it. You are utterly full of bullcrap. In the last 3 years that the ISP I work at has used blacklists, we have had a grand total of ONE customer complain. This is on a server with tens of thousands of mailboxes and hundreds of domains. And our blacklists are set so that if they reject mail, a complete error message is included as to why they are being blacklisted. In fact, not only have we only had 1 customer complain, we have had DOZENS of adminstrators of OTHER domains thank us profusely for helping
RE: Spamcop listed - need help to diagnose why
-Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Ceri Davies Sent: Sunday, January 08, 2006 2:44 AM To: Ted Mittelstaedt Cc: [EMAIL PROTECTED]; Robert Slade Subject: Re: Spamcop listed - need help to diagnose why On 8 Jan 2006, at 05:03, Ted Mittelstaedt wrote: -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Robert Slade Sent: Friday, January 06, 2006 11:24 PM To: David Banning Cc: [EMAIL PROTECTED] Subject: Re: Spamcop listed - need help to diagnose why There is your problem TMDA is most likely the cause. Such programmes are in effect adding to the spam problem. Nearly all spam has a forged from address and all programmes such as TMDA do is send a challenge to an innocent 3rd party. Whist it looks like it reduces your spam all you do is in effect spam someone else. When your e-mail address has been used in a spam run by a spammer and you start getting 10s of these challenge an hour it is quite easy to report 1 my accident. If you look at the Spamcop reporting page you will see a warning about just this situation. I suppose that the real answer is to stop compounding the spam problem and use a combination of spamassassin and block lists. BTW I make it a point never to respond to challenges. Ditto, and for the same reasons. I've removed David from the cc list on this for that reason as well. Also we need to be aware of another trick that spammers have figured out, that applies to anyone running multiple MX records on a domain (I don't know if David is in that situation) Normally if a domain has a single mailserver processing incoming mail, there's a single MX record pointing to a single machine. But in many cases it's desirable to relay mail through a prefilter system before it gets to the actual mailserver. In those cases a common trick is to block the highest priority MX host off with an access list. Senders try the highest priority, it fails, they then go to the next highest priority host which is the relay host. That host gets it, does it's thing, then tries to send it to the highest priority server which should work since the access list permits that server. This technique has been mentioned in the sendmail book among others. Yes, but that is actually massively rude. The hosts listed in a domain's MX record are supposed to be hosts willing to exchange mail for that domain, so listing ones that are not it just wasting everyone's time and resources. I guess your not a fan of greylisting, then. ;-) That is a very limited view of the real issues. So limited, in fact, that it's not correct. Consider for a moment, what the point of prefiltering is. Prefilters are used on mailservers that do not have adequate or in fact, any, capabilities for antivirus and spam scanning. As in, older Exchange 5.5 servers, Lotus Notes mailservers, etc. Every time an admin brings up a prefilter on a mailserver that previously was unrestricted, it makes hundreds if not thousands of spams and virus mails that previously were delivered, now become ineffective. Thus, systems that would have previously gotten infected, now won't, and users that previously would have been duped into sending money to a criminal spammer, now are not. This reduces the critical mass of infectable mailservers that is required to sustain the chain reaction needed to make mass-mailserver viruses actually work in the wild, and it reduces income to the criminal spammer, thus making spamming less attractive as a criminal endeavor, thus fewer spammers. The damage done to the Internet by just a single host that might previously gotten infected with a mass-mailer, but now isn't, far outweighs the damage done to the Internet by having legitimate mail to a domain be delayed for a few minutes. Obviously the best choice is to replace the mailserver, good luck though in companies using Lotus Notes. Also, keep in mind that EVERY SINGLE mailserver that sends to a delayed MX setup, CHOOSES to send mail to them. If a mailserver does not want to be delayed, they can choose to blacklist the domain or otherwise not send mail to it. Otherwise, this isn't a situation of wasting everyone's time and resources it is a situation of wasting the time and resources of the people who are choosing to send mail to you. Those senders can choose to not have their time and resources wasted by this if they want. Nobody is holding a gun to your head and telling you that you have to send mail to some massively rude domain. You are choosing to mail them. This is quite a different situation than mail forgery. I frankly consider people that send me HTMLized mail to be massively rude, but I choose to send mail to them and so they are going to mail be back with their HTMLized stuff. Your bitching because you consider MX-based prefilters rude, but this only applies to the domains you are wanting to mail - you can simply choose
Re: Spamcop listed - need help to diagnose why
On Mon, Jan 09, 2006 at 02:22:19AM -0800, Ted Mittelstaedt wrote: -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Ceri Davies Sent: Sunday, January 08, 2006 2:44 AM To: Ted Mittelstaedt Cc: [EMAIL PROTECTED]; Robert Slade Subject: Re: Spamcop listed - need help to diagnose why Normally if a domain has a single mailserver processing incoming mail, there's a single MX record pointing to a single machine. But in many cases it's desirable to relay mail through a prefilter system before it gets to the actual mailserver. In those cases a common trick is to block the highest priority MX host off with an access list. Senders try the highest priority, it fails, they then go to the next highest priority host which is the relay host. That host gets it, does it's thing, then tries to send it to the highest priority server which should work since the access list permits that server. This technique has been mentioned in the sendmail book among others. Yes, but that is actually massively rude. The hosts listed in a domain's MX record are supposed to be hosts willing to exchange mail for that domain, so listing ones that are not it just wasting everyone's time and resources. I guess your not a fan of greylisting, then. ;-) I'm not, but that's not quite the same thing. A greylisting MX will still accept my message, it just might take it's time. Saying not at the moment, please try later is much more polite than ignoring someone, and has the additional benefit of not wasting my time waiting for a response I'm never going to get. The analogy fits. That is a very limited view of the real issues. So limited, in fact, that it's not correct. I'm obviously going to disagree with that. :) Consider for a moment, what the point of prefiltering is. Prefilters are used on mailservers that do not have adequate or in fact, any, capabilities for antivirus and spam scanning. As in, older Exchange 5.5 servers, Lotus Notes mailservers, etc. Agreed. Every time an admin brings up a prefilter on a mailserver that previously was unrestricted, it makes hundreds if not thousands of spams and virus mails that previously were delivered, now become ineffective. Thus, systems that would have previously gotten infected, now won't, and users that previously would have been duped into sending money to a criminal spammer, now are not. Agreed. This reduces the critical mass of infectable mailservers that is required to sustain the chain reaction needed to make mass-mailserver viruses actually work in the wild, and it reduces income to the criminal spammer, thus making spamming less attractive as a criminal endeavor, thus fewer spammers. Agreed. The damage done to the Internet by just a single host that might previously gotten infected with a mass-mailer, but now isn't, far outweighs the damage done to the Internet by having legitimate mail to a domain be delayed for a few minutes. Obviously the best choice is to replace the mailserver, good luck though in companies using Lotus Notes. Agreed, but my point is that there is no need to delay the mail. Simply not listing the MX record in the public DNS would achieve the exact same thing, without forcing my MTA to wait for a timeout. Also, keep in mind that EVERY SINGLE mailserver that sends to a delayed MX setup, CHOOSES to send mail to them. This tirade doesn't really have anything to do with my point above, but bear in mind that in order to find out if my attempt to send mail will time out, I have to try to send mail first. I don't get to choose, as the only mechanism that I have for distinguishing systems willing to receive mail from those that are not has been made meaningless. Your bitching because you consider MX-based prefilters rude, but this only applies to the domains you are wanting to mail - you can simply choose not to mail them to express your feelings. See above. Nobody else on the Internet is bothered that your own personal mail to your own recipients gets delayed, so I think your mistaken in calling this massively rude. Well of course they aren't, but nobody else on the Internet is bothered if I take a crap on your doorstep. That doesn't preclude it from being completely out of order. Massively rude is opening your trap in a restaurant and letting out a massive belch, the other diners in the restaurant do not have a choice, they have to listen to you. On the Internet, the other people on it don't have to listen to your own server retrying to your own recipients. Hopefully you get the analogy here. I don't think it applies. The other diners had a choice of going somewhere else or of staying home, except that I invited them to come and then belched. The real analogy is an advert that says: Call 123-456-7890 or 123-456-7891 to speak to us. We'd prefer it if you called 123-456-7890 as it's cheaper for us. This is exactly what
Re: Spamcop listed - need help to diagnose why
Thanks for the response, Robert. I know tmda and such services anger some people. I also find other people who ask me how they can get such a service, only because spam is so difficult to block. I guess it depends on how important email is to you. I would never ask a question on this board and expect people to confirm, but in business I find it helpful. I compare it to the benefit vs hassle of voice mail; some who must leave messages hate it, but I find both voice mail and tmda services actuals stops certain types of calls or email that I do not -want-. On the problem at hand, I used tcpdump to watch the traffic on my line and noticed one of my windows boxes was sending it - a virus as it turned out. All is well - ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Spamcop listed - need help to diagnose why
From: David Banning [EMAIL PROTECTED] Thanks for the response, Robert. I know tmda and such services anger some people. I also find other people who ask me how they can get such a service, only because spam is so difficult to block. I guess it depends on how important email is to you. I would never ask a question on this board and expect people to confirm, but in business I find it helpful. I compare it to the benefit vs hassle of voice mail; some who must leave messages hate it, but I find both voice mail and tmda services actuals stops certain types of calls or email that I do not -want-. I simply place tmda challenge addresses into my /dev/null list and never see the problem again. I treat it like spam. And I consider it to be spam. So pfft I make it gone. {^_^}Joanne ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Spamcop listed - need help to diagnose why
--- jdow [EMAIL PROTECTED] wrote: From: David Banning [EMAIL PROTECTED] Thanks for the response, Robert. I know tmda and such services anger some people. I also find other people who ask me how they can get such a service, only because spam is so difficult to block. I guess it depends on how important email is to you. I would never ask a question on this board and expect people to confirm, but in business I find it helpful. I compare it to the benefit vs hassle of voice mail; some who must leave messages hate it, but I find both voice mail and tmda services actuals stops certain types of calls or email that I do not -want-. I simply place tmda challenge addresses into my /dev/null list and never see the problem again. I treat it like spam. And I consider it to be spam. So pfft I make it gone. {^_^}Joanne I'm of the opposite thinking. I'd rather sort through a bunch of spam everyday rather than miss 1 important message. If I miss 1 inquiry it could cost me 1000s of dollars. Spam is an annoyance, nothing more. There is no sense cutting off your nose to spite your face. People with challenge systems crack me up. They wonder why they don't get their receipts when they order things, or why they miss important automated correspondence about their orders. DT __ Yahoo! DSL Something to write home about. Just $16.99/mo. or less. dsl.yahoo.com ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Spamcop listed - need help to diagnose why
From: Danial Thom [EMAIL PROTECTED] --- jdow [EMAIL PROTECTED] wrote: From: David Banning [EMAIL PROTECTED] Thanks for the response, Robert. I know tmda and such services anger some people. I also find other people who ask me how they can get such a service, only because spam is so difficult to block. I guess it depends on how important email is to you. I would never ask a question on this board and expect people to confirm, but in business I find it helpful. I compare it to the benefit vs hassle of voice mail; some who must leave messages hate it, but I find both voice mail and tmda services actuals stops certain types of calls or email that I do not -want-. I simply place tmda challenge addresses into my /dev/null list and never see the problem again. I treat it like spam. And I consider it to be spam. So pfft I make it gone. {^_^}Joanne I'm of the opposite thinking. I'd rather sort through a bunch of spam everyday rather than miss 1 important message. If I miss 1 inquiry it could cost me 1000s of dollars. Spam is an annoyance, nothing more. There is no sense cutting off your nose to spite your face. People with challenge systems crack me up. They wonder why they don't get their receipts when they order things, or why they miss important automated correspondence about their orders. Spam I sort through. With SpamAssassin scoring it's easy to find the low scores and concentrate on them. But somebody arrogant enough to spam me with a challenge for a message to a mailing list ends up on my procmail /dev/null rules. (I use fetchmail to grab mail and procmail to feed it to /var/spool/mail/name with stops along the way for SpamAssassin, ClamAv, and some random cleverness.) {^_^}Challenges are as bad as the spam they try to prevent. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
RE: Spamcop listed - need help to diagnose why
-Original Message- From: Ceri Davies [mailto:[EMAIL PROTECTED] Sent: Monday, January 09, 2006 3:17 AM To: Ted Mittelstaedt Cc: [EMAIL PROTECTED]; Robert Slade Subject: Re: Spamcop listed - need help to diagnose why The damage done to the Internet by just a single host that might previously gotten infected with a mass-mailer, but now isn't, far outweighs the damage done to the Internet by having legitimate mail to a domain be delayed for a few minutes. Obviously the best choice is to replace the mailserver, good luck though in companies using Lotus Notes. Agreed, but my point is that there is no need to delay the mail. Simply not listing the MX record in the public DNS would achieve the exact same thing, without forcing my MTA to wait for a timeout. In a perfect world it would - but the same organizations that are out there using archaic versions of Exchange, or notes mail, or whatever - these are the organizations that are often in very imperfect worlds, and you sometimes have to make compromises. As I said earlier if you have a choice between elimiinating a spam sink, and delaying everyone mailing to them a bit, and there's no other option, then which is better? Nobody else on the Internet is bothered that your own personal mail to your own recipients gets delayed, so I think your mistaken in calling this massively rude. Well of course they aren't, but nobody else on the Internet is bothered if I take a crap on your doorstep. That doesn't preclude it from being completely out of order. Hey, maybe I am low on fertillizer for the flower bed! One man's crap is another man's treasure, after all. The real analogy is an advert that says: Call 123-456-7890 or 123-456-7891 to speak to us. We'd prefer it if you called 123-456-7890 as it's cheaper for us. This is exactly what MX records state. Then you just let 123-456-7890 ring, with no intention of ever picking it up. Actually, if your entire goal is to get assholes to call you, this might be a good way to select them - you would have to run caller ID on both lines and eliminate the people who's phone number showed up on 7890 first. Although, come to think of it, assholes probably have a better chance than normal of blocking caller ID. Oh well just got to make both of them 800 numbers, then, that will defeat the caller ID blocks. Saying so don't call isn't good enough, as I have to ring it to find out that nobody is answering, and I *still* don't know if they will answer next time I call; there is certainly no indication that they won't, and I have a card in my hand that says that they will. However, you are also fundamentally missing the point of the scam as well. ANY prefilter system even if you use internal routes, or a second set of nameservers, is able to be hijacked by a spammer in this manner. And a spammer can detect prefilter hosts simply by sending a single forgery with a legitimate senders address and a bogus recipient address, and when the message is bounced, they can look at the headers and see if a prefilter is involved. They don't even have to look at the DNS MX records. I don't see how I am missing the fundamental point; I never made any attempt to address it. All I said was that listing systems that do not exchange mail in the mail exchanger records is rude, and you can not convince me otherwise. And what I said was that these sorts of setups cannot be used anymore due to the spammers using them as relays - whether or not it is a single MX listing or multiple MXes listed. I cannot in fact think of a single way now to list an MX host that only relays mail, whether or not it's a single listing or multiple listings, whether or not the multiple listings all accept mail or only some of them accept mail, whether or not you have an access.db setup that filters by domain name or not, or IP number or not, that does not create a relay host that a spammer can use for relaying. That is the fundamental point - which is that a setup like your saying where your listing a system that does not exchange mail in the mail exchanger records - just cannot exist anymore, because if it does then it means a relay MX host somewhere, which can be used for spamming. So the entire discussion is academic I think. But, that doesen't make it a boring discussion. Probably way beyond a lot of the posters here, though. Ted ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
RE: Spamcop listed - need help to diagnose why
-Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of David Banning Sent: Monday, January 09, 2006 7:21 AM To: Robert Slade Cc: [EMAIL PROTECTED] Subject: Re: Spamcop listed - need help to diagnose why Thanks for the response, Robert. I know tmda and such services anger some people. I also find other people who ask me how they can get such a service, only because spam is so difficult to block. I guess it depends on how important email is to you. I would never ask a question on this board and expect people to confirm, David, that is the fundamental problem with this kind of service. The vast, vast majority of users that do e-mail confirmations do NOT use them appropriately. If everyone that used it was like you and put some brains into turning it off when posting to a public list or some such, it wouldn't be a problem. But the fact that spam exists at all - because for spam to work you need a critical mass of stupid people willing to pay spammers for their hair tonics or whatever they are selling - should prove conclusively that there's too many stupid people out there on the e-mail network for a system like mail confirmations to be of any wide value. Ted ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
RE: Spamcop listed - need help to diagnose why
-Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Danial Thom Sent: Monday, January 09, 2006 8:14 AM To: jdow; David Banning Cc: freebsd-questions@freebsd.org Subject: Re: Spamcop listed - need help to diagnose why I'm of the opposite thinking. I'd rather sort through a bunch of spam everyday rather than miss 1 important message. If I miss 1 inquiry it could cost me 1000s of dollars. Spam is an annoyance, nothing more. There is no sense cutting off your nose to spite your face. This is coming from someone who hides behind a yahoo address. A they say - Duh - all YOU have to do when the spam gets too bad is to delete your yahoo address and create another. People that use throwaway addresses crack me up. Ted ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
RE: Spamcop listed - need help to diagnose why
-Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of jdow Sent: Monday, January 09, 2006 8:48 AM To: [EMAIL PROTECTED]; David Banning Cc: freebsd-questions@freebsd.org Subject: Re: Spamcop listed - need help to diagnose why Spam I sort through. With SpamAssassin scoring it's easy to find the low scores and concentrate on them. But somebody arrogant enough to spam me with a challenge for a message to a mailing list ends up on my procmail /dev/null rules. (I use fetchmail to grab mail and procmail to feed it to /var/spool/mail/name with stops along the way for SpamAssassin, ClamAv, and some random cleverness.) Unfortunately, jdow, since your using this setup, the spammer has already successfully delivered the mail to you. The fact that you delete the spam before reading makes no difference - the spammer doesen't know that and thinks they have successfully delivered it. Denying the spam before it's even accepted into the server is a much better way. Unfortunately, a content filter means you have to read in the DATA section of the message to get material to filter. However, there's been some experimental work done on content filter systems that will read in the message then simply stop issuing TCP acknowledgements before closing, and log IP and refuse further communication from it. The sender times out with a network failure, and thinks the message was never successfully delivered. Pretty ugly stuff, though, violates all sorts of application separation rules. Ted ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Spamcop listed - need help to diagnose why
On 8 Jan 2006, at 05:03, Ted Mittelstaedt wrote: -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Robert Slade Sent: Friday, January 06, 2006 11:24 PM To: David Banning Cc: [EMAIL PROTECTED] Subject: Re: Spamcop listed - need help to diagnose why There is your problem TMDA is most likely the cause. Such programmes are in effect adding to the spam problem. Nearly all spam has a forged from address and all programmes such as TMDA do is send a challenge to an innocent 3rd party. Whist it looks like it reduces your spam all you do is in effect spam someone else. When your e-mail address has been used in a spam run by a spammer and you start getting 10s of these challenge an hour it is quite easy to report 1 my accident. If you look at the Spamcop reporting page you will see a warning about just this situation. I suppose that the real answer is to stop compounding the spam problem and use a combination of spamassassin and block lists. BTW I make it a point never to respond to challenges. Ditto, and for the same reasons. I've removed David from the cc list on this for that reason as well. Also we need to be aware of another trick that spammers have figured out, that applies to anyone running multiple MX records on a domain (I don't know if David is in that situation) Normally if a domain has a single mailserver processing incoming mail, there's a single MX record pointing to a single machine. But in many cases it's desirable to relay mail through a prefilter system before it gets to the actual mailserver. In those cases a common trick is to block the highest priority MX host off with an access list. Senders try the highest priority, it fails, they then go to the next highest priority host which is the relay host. That host gets it, does it's thing, then tries to send it to the highest priority server which should work since the access list permits that server. This technique has been mentioned in the sendmail book among others. Yes, but that is actually massively rude. The hosts listed in a domain's MX record are supposed to be hosts willing to exchange mail for that domain, so listing ones that are not it just wasting everyone's time and resources. If you want to have such a prefilter system, there is no need to list the end system in the MX records; just use an internal route to do that. Ceri PGP.sig Description: This is a digitally signed message part
Re: Spamcop listed - need help to diagnose why
--- Robert Slade [EMAIL PROTECTED] wrote: On Sat, 2006-01-07 at 05:45, David Banning wrote: My server just was listed with Spamcop. Before I exercise my -one time- option to de-list it I need to verify that indeed my server is not sending spam. I have 3 win boxes routing through my FreeBSD box. Also there are a few windows computers in the outside world that send mail through my server via port 26 using their login and password. I know it is possible for viruses to install a stand-alone smtp server on win boxes. That is one suspicion I have. My question; What tool would I use to see if unauthorized mail is being sent via my server? Note that I am running tmda, so that I have around 80 emails per minute being sent out; to request verification on my standard incoming mail, (therefore it is too complicated to just watch -all- mail being sent out, and try and decode legitimate from illegitimate). There is your problem TMDA is most likely the cause. Such programmes are in effect adding to the spam problem. Nearly all spam has a forged from address and all programmes such as TMDA do is send a challenge to an innocent 3rd party. Whist it looks like it reduces your spam all you do is in effect spam someone else. When your e-mail address has been used in a spam run by a spammer and you start getting 10s of these challenge an hour it is quite easy to report 1 my accident. If you look at the Spamcop reporting page you will see a warning about just this situation. I suppose that the real answer is to stop compounding the spam problem and use a combination of spamassassin and block lists. BTW I make it a point never to respond to challenges. Rob Consider being listed a privilege; half the universities in the world are listed as spammers. Anyone who uses those stupid, anal-retentive services deserves to miss getting important mail. DT __ Yahoo! DSL Something to write home about. Just $16.99/mo. or less. dsl.yahoo.com ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
RE: Spamcop listed - need help to diagnose why
-Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Robert Slade Sent: Friday, January 06, 2006 11:24 PM To: David Banning Cc: [EMAIL PROTECTED] Subject: Re: Spamcop listed - need help to diagnose why There is your problem TMDA is most likely the cause. Such programmes are in effect adding to the spam problem. Nearly all spam has a forged from address and all programmes such as TMDA do is send a challenge to an innocent 3rd party. Whist it looks like it reduces your spam all you do is in effect spam someone else. When your e-mail address has been used in a spam run by a spammer and you start getting 10s of these challenge an hour it is quite easy to report 1 my accident. If you look at the Spamcop reporting page you will see a warning about just this situation. I suppose that the real answer is to stop compounding the spam problem and use a combination of spamassassin and block lists. BTW I make it a point never to respond to challenges. Ditto, and for the same reasons. I've removed David from the cc list on this for that reason as well. Also we need to be aware of another trick that spammers have figured out, that applies to anyone running multiple MX records on a domain (I don't know if David is in that situation) Normally if a domain has a single mailserver processing incoming mail, there's a single MX record pointing to a single machine. But in many cases it's desirable to relay mail through a prefilter system before it gets to the actual mailserver. In those cases a common trick is to block the highest priority MX host off with an access list. Senders try the highest priority, it fails, they then go to the next highest priority host which is the relay host. That host gets it, does it's thing, then tries to send it to the highest priority server which should work since the access list permits that server. This technique has been mentioned in the sendmail book among others. The problem is what spammers are doing now is they find one of these hosts, and pump millions of messages to the secondary, with the VICTIM address as the senders address, and a bogus address as the recipient address. The secondary gets the mail, and tries relaying it to the primary, the primary rejects the mail as user-not-found and the secondary tries to return the message to the sender - which is the victim address. So the spam targets get messages from mailer-daemon that originate from a legitimate host, but are spam. It's a warzone out there, folks. Ted ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Spamcop listed - need help to diagnose why
On Sat, 2006-01-07 at 05:45, David Banning wrote: My server just was listed with Spamcop. Before I exercise my -one time- option to de-list it I need to verify that indeed my server is not sending spam. I have 3 win boxes routing through my FreeBSD box. Also there are a few windows computers in the outside world that send mail through my server via port 26 using their login and password. I know it is possible for viruses to install a stand-alone smtp server on win boxes. That is one suspicion I have. My question; What tool would I use to see if unauthorized mail is being sent via my server? Note that I am running tmda, so that I have around 80 emails per minute being sent out; to request verification on my standard incoming mail, (therefore it is too complicated to just watch -all- mail being sent out, and try and decode legitimate from illegitimate). There is your problem TMDA is most likely the cause. Such programmes are in effect adding to the spam problem. Nearly all spam has a forged from address and all programmes such as TMDA do is send a challenge to an innocent 3rd party. Whist it looks like it reduces your spam all you do is in effect spam someone else. When your e-mail address has been used in a spam run by a spammer and you start getting 10s of these challenge an hour it is quite easy to report 1 my accident. If you look at the Spamcop reporting page you will see a warning about just this situation. I suppose that the real answer is to stop compounding the spam problem and use a combination of spamassassin and block lists. BTW I make it a point never to respond to challenges. Rob ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]