On 23 September 1999 at 16:36, [EMAIL PROTECTED] told the list:
MDP>> If anyone on the list has any other views to express, I would be
MDP>> pleased to hear from you. If it's just a 'Me too', you can send
MDP>> that privately.
TF> The only spam filter I could think of is a kill filter for
TF> messages addressed to [EMAIL PROTECTED] I'd appreciate some tips.
There was a posting to the old list from Leif Gregory which detailed a
'Hard Core' solution to spam handling.
.. and here is the content of that missive (a bit big, but worth it).
_____________________________________________________________________
Funny you should mention that. I've been playing with this idea for a
week now. What I did was to create a new account called Anti-Spam. The
next thing I did was to send an e-mail to myself, but I screwed up the
name (before the @ symbol) to force a bounce. In the Anti-Spam account
properties, I took the FROM info and FROM address and entered those
into the account FROM and REPLY-TO addresses. For me they were:
Address: [EMAIL PROTECTED]
From: Mail Delivery Subsystem
Next I cut and pasted the whole bounce text (except for the text that
was in it when I sent the initial mail (i.e. sig etc.) and pasted it
into a template for the REPLY global for account. Next I went through
and replaced all the time/date stamps with the macro:
%DATE %TIMELONG
After the timelong macro, I added the text CST for Central Standard
Time (add whichever timezone fits with where your mail server is.)
Next I changed every occurrence of the fudged address (the one I sent
to for a forced bounce) with my e-mail address. I also pinged my mail
server to get it's IP address and replaced every occurrence of my IP
with it's IP.
Then I used the SUBJECT macro to make the subject the same as the
bounce message I received, which was:
%SUBJECT="Returned mail: User unknown"
Below all the header junk that normally gets bounced, they also show
you the text of the original message, but it's not quoted, so I used
the %TEXT macro to simulate that.
All in all, here is my final template to fake a bounce. So far it has
seemed to work, because I used to get one mail every couple of days
about a free Florida vacation, and I haven't gotten one since last
week.
START TEMPLATE *******
The original message was received at %DATE %TIMELONG
from [EMAIL PROTECTED] [204.57.67.65]
----- The following addresses had permanent fatal errors -----
<[EMAIL PROTECTED]>
----- Transcript of session follows -----
... while talking to [EMAIL PROTECTED]:
>>> RCPT To:<[EMAIL PROTECTED]>
<<< 550 <[EMAIL PROTECTED]>... User unknown
550 <[EMAIL PROTECTED]>... User unknown
Original message follows.
Received: from nf7.netforward.com (nf7.netforward.com [204.57.67.54])
by
[EMAIL PROTECTED]
(8.8.8+Spin/3.6Wbeta7-CONS(03/02/99)) id SAA10348; %DATE %TIMELONG CST
Received: from localhost (localhost) by [EMAIL PROTECTED]
(8.8.8+Spin/3.6Wbeta7-CONS(03/02/99)) id
SAA10340; %DATE %TIMELONG CST
Date: %DATE %TIMELONG CST
From: Mail Delivery Subsystem <[EMAIL PROTECTED]>
Subject: Returned mail: User unknown
Message-Id: <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
MIME-Version: 1.0
Content-Type: multipart/report; report-type=delivery-status;
boundary="SAA10340.923306366/biogate.com"
Auto-Submitted: auto-generated (failure)
X-UIDL: de118350884f15c008bf0cdfaac0e504
%TEXT
%SUBJECT="Returned mail: User unknown"
END TEMPLATE *******
One other note, is to make sure you don't wordwrap your lines as I've
never seen a bounce that did. To ensure you don't do this, either cut
and paste directly to the template or use notepad first.
Hope this helps someone else. As long as the SPAM message has a valid
REPLY-TO address, then this might work. If they faked an address then
your fake bounce will really bounce off whatever mail server they
listed.
One thing I was not able to do was to to attach a file called
part3.nws which I see in bounces from my server. Actually, I mean I
could attach it, but it has time/date stamp info in it, and you can't
use macros in attached files. You can in %PUT, but that just appends
the text from the external file and I needed an actual attachment.
Maybe this is something we could put in the wish list for those of us
hardcore anti-spammers. Basically it would allow the use of macros in
attached files. I don't know how complicated that would be for Max and
Stefan though.
_____________________________________________________________________
Cheers,
Marck
--
Marck D. Pearlstone, Consultant Software Engineer
Co-moderator TBUDL / TBBETA discussion lists
www: http://www.silverstones.com
PGP key: <mailto:[EMAIL PROTECTED]?Body=GET%20MARCKKEY>
-----------------------------------------
Using The Bat! 1.36 Beta/4
under Windows 98 4.10 Build 1998
--
--------------------------------------------------------------
View the TBUDL archive at http://tbudl.thebat.dutaint.com
To Unsubscribe from TBUDL, click below and send the generated message.
<mailto:[EMAIL PROTECTED]>
--------------------------------------------------------------
