Rob 'Feztaa' Park wrote: > On Fri, Oct 26, 2001 at 05:49:03PM -0700, Will Yardley (dis)graced my inbox with:
> Well, I check my spam folder whenever there's something new in it > (which kinda defeats the purpose of filtering the spam, because I > still see it). That rule I mentioned does kill 100% of the spam from > that particular spammer, and hasn't caught any legit mail at all > (yet...), so I'm thinking of changing the third line to /dev/null :) yeah i just don't have my spam folder set as a mailbox that receives mail... but then i check it a couple times a day, or at least every couple days. as long as i don't have to get it in my inbox i'm pretty happy tho. changing the one line to /dev/null might be ok.... > Would that work? I thought most spammers added little "send email here > to unsubscribe" to the bottom of their emails just so they could confirm > that they are actually spamming a real address... In other words, "email > me to let me know I'm doing a good job!" yes but a lot of them have valid return-path or From: headers that they use purely to tell what addresses are valid. so if a bounce is convincing enough, they might unsub you... > Funny thing about the headers is, as far as I can tell from the > hostnames, it's coming from _my_ ISP. But they deny it. that's unlikely. you might want to run the headers through spamcop. it _is_ possible that they're using a direct SMTP connection to your ISP's mailserver, but the originating IP will still show. you can forward me the full headers privately if you want.... and while it might be a bit OT, i'm sure someone on this list would know where it's coming from. headers can be faked to an extent, but they rarely lie. > That's the thing, though. The message is _very_ well spoofed. It's hard > to track down. Then again, I'm no expert, so perhaps I should attach a > copy of the headers for you (perhaps I'll do that privately). yeah do that. i'm not the best at this but i've done a bit of it. > > if you have control over your mail server you might be able to setup > > something to reject the mail before it even enters your server. > > Now that's something I don't know much about. I am running a mail > server on my machine, but I don't actually use it for receiving mail - > I use fetchmail to get my mail from my ISP-given email address. As far > as I know, fetchmail just passes it right along to postfix normally, > right? Or does it just drop the mail straight into my spool file? If > it's the former, I might be able to do that... yeah if you're using fetchmail i don't think that will help so much.... if you actually run a mail server (esp. with postfix) you can do regex checks on headers so that the message is rejected before it even gets delivered / filtered by procmail. i think http://postfix.org/uce/ has some info, and there's an unnoficial set of header check regexs for uce at http://www.mrbill.net/postfix/ you can also sub to blacklists of varying degrees of usefulness... a lot of these will cause your machine to reject mail that you want to receive tho.... spambouncer can use these blacklists as well, although of course once the mail is received, the spammer has already wasted more bandwidth and time than you'd like them to.... in any event this is definitely getting a bit OT...... w -- GPG Public Key: http://infinitejazz.net/will/pgp/
