On Tue, 25 Nov 2003 10:40:09 -0800 Steve Thomas <[EMAIL PROTECTED]> wrote:
> On Tue, Nov 25, 2003 at 01:22:51PM -0500, Tony Bunce is rumored to have said:
> >
> > I have been seeing lots of spam like this getting through recently
> >
> > Anyone have any ideas how to reduce this type of spam from
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Robert Menschel writes:
>-BEGIN PGP SIGNED MESSAGE-
>Hash: SHA1
>
>Hello Steve,
>
>Tuesday, November 25, 2003, 10:40:09 AM, you wrote:
>
>ST> I noticed that this guy's using our domain name as the argument to
>ST> the HELO command during the S
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hello Steve,
Tuesday, November 25, 2003, 10:40:09 AM, you wrote:
ST> I noticed that this guy's using our domain name as the argument to
ST> the HELO command during the SMTP transaction. So if the address he's
ST> spamming is [EMAIL PROTECTED], his ra
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Tony
Bunce
Sent: Tuesday, November 25, 2003 1:23 PM
To: [EMAIL PROTECTED]
Subject: [SAtalk] Ideas
I have been seeing lots of spam like this getting through recently
Anyone have any ideas how to reduce
-Original Message-
From: Larry Gilson
Sent: Tuesday, November 25, 2003 3:30 PM
To: 'Tony Bunce'; '[EMAIL PROTECTED]'
Subject: RE: [SAtalk] Ideas
Attached is a custom rule file. It has been working rather well and I will
be increasing the score from 0.5 to 1.0.
EMAIL PROTECTED]
Subject: Re: [SAtalk] Ideas
On Tue, Nov 25, 2003 at 01:22:51PM -0500, Tony Bunce is rumored to have
said:
>
> I have been seeing lots of spam like this getting through recently
>
> Anyone have any ideas how to reduce this type of spam from getting
> through?
I not
D]
[mailto:[EMAIL PROTECTED] On Behalf Of Tony
Bunce
Sent: Tuesday, November 25, 2003 1:23 PM
To: [EMAIL PROTECTED]
Subject: [SAtalk] Ideas
I have been seeing lots of spam like this getting through recently
Anyone have any ideas how to reduce this type of spam from getting
through?
Thanks,
To
On Tue, Nov 25, 2003 at 01:22:51PM -0500, Tony Bunce is rumored to have said:
>
> I have been seeing lots of spam like this getting through recently
>
> Anyone have any ideas how to reduce this type of spam from getting
> through?
I noticed that this guy's using our domain name as the argument t
I have been seeing lots of spam like this getting through
recently
Anyone have any ideas how to reduce this type of spam from
getting through?
Thanks,
Tony B, CCNA, Network+
Systems Administration
GO Concepts, Inc. / www.go-concepts.com
Are you on the GO yet?
What about those y
Dear Jim Ford,
Date: Wed, 25 Jun 2003 17:13:32 +0100
From: Jim Ford <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
Subject: Re: [SAtalk] Ideas on dealing with Joe Job?
...
Any pointers as to how to trace email from the headers - they're pretty
cryptic to a non IT professional like myself?
"Kai Schaetzl" <[EMAIL PROTECTED]> wrote:
Kelson Vibber wrote on Thu, 26 Jun 2003 17:30:07 -0700:
> If someone claims to be your own mail server - and isn't - it's a pretty
> safe bet they're up to no good.
That's a rule I use in SA, but unfortunately, I don't know of a way to tell
sendmail to do
Kelson Vibber wrote on Thu, 26 Jun 2003 17:30:07 -0700:
> If someone claims to be your own mail server - and isn't - it's a pretty
> safe bet they're up to no good.
>
That's a rule I use in SA, but unfortunately, I don't know of a way to tell
sendmail to do this. It only rejects so-called BOGUS
* Bob Apthorpe <[EMAIL PROTECTED]>:
> > > reject_unknown_hostname drops connections from machines without DNS A or
> > > MX record (twitchy)
> >
> > No. This rejects mail from machines that use a non-resolving hostname
> > as argument to the EHLO/HELO.
>
> Rather, no rDNS (PTR)?
Yep. It must res
Simon Byrnand <[EMAIL PROTECTED]> wrote:
My thoughts exactly, which is why I suggested the HELO credentials are
pretty much useless these days, at least for blocking spam.
What do you check for ?
If someone claims to be your own mail server - and isn't - it's a pretty
safe bet they're up to no goo
Hi,
[apologies for turning SA-Talk into a chapter of "Postfix Configuration
For Dummies"...]
On Fri, 27 Jun 2003, Ralf Hildebrandt wrote:
> * Bob Apthorpe <[EMAIL PROTECTED]>:
> > reject_unknown_hostname drops connections from machines without DNS A or
> > MX record (twitchy)
>
> No. This reject
[EMAIL PROTECTED] writes:
>as you point out, the problem is spammers can forge what's in the helo
>message just as they forge what's in MAIL FROM.
>
>but also, unfortunately, a way large percentage of sites do not have
>correctly configured names in their helos.
>
>(some have ip addresses. some h
At 22:31 26/06/03 +0200, Kai Schaetzl wrote:
Tony Earnshaw wrote on Thu, 26 Jun 2003 15:34:17 +0200:
> I, and many other (increasingly many other) mailadmins refuse on invalid
> HELO/EHLO credentials. Many can not afford to, many see this as a main
> weapon against non-ham.
>
Well, what do you exa
* Bob Apthorpe <[EMAIL PROTECTED]>:
> HELO/EHLO credentials don't have to match an existing host name but
> they do have to be formatted properly (i.e. FQDN) I reject on broken
> HELO format with Postfix using:
>
> smtpd_helo_required = yes
>
> smtpd_helo_restrictions = permit_mynetworks,
> hash
as you point out, the problem is spammers can forge what's in the helo
message just as they forge what's in MAIL FROM.
but also, unfortunately, a way large percentage of sites do not have
correctly configured names in their helos.
(some have ip addresses. some have their non-fully-qualified name
Hi,
On Thu, 26 Jun 2003, Kai Schaetzl wrote:
> Tony Earnshaw wrote on Thu, 26 Jun 2003 15:34:17 +0200:
>
> > I, and many other (increasingly many other) mailadmins refuse on invalid
> > HELO/EHLO credentials. Many can not afford to, many see this as a main
> > weapon against non-ham.
>
> Well, wh
--On Thursday, June 26, 2003 10:31 PM +0200 Kai Schaetzl
<[EMAIL PROTECTED]> wrote:
Tony Earnshaw wrote on Thu, 26 Jun 2003 15:34:17 +0200:
I, and many other (increasingly many other) mailadmins refuse on invalid
HELO/EHLO credentials. Many can not afford to, many see this as a main
weapon again
Tony Earnshaw wrote on Thu, 26 Jun 2003 15:34:17 +0200:
> I, and many other (increasingly many other) mailadmins refuse on invalid
> HELO/EHLO credentials. Many can not afford to, many see this as a main
> weapon against non-ham.
>
Well, what do you exactly do to refuse them? Do a reverse looku
Simon Byrnand wrote:
The HELO or EHLO commands are supposed to be used to identify the name
of the mail server making the connection, but is essentially meaningless
these days and is just a vestige of a time long forgotten when everyone
played nice and gave valid information. Think of it as the
--On Thursday, June 26, 2003 11:20 AM +1200 Simon Byrnand
<[EMAIL PROTECTED]> wrote:
At 12:25 25/06/03 -0500, Bob Apthorpe wrote:
Some caveats: 1) Bogus Received headers are common but always occur
below the last legitimate header (once you find one bogus one the rest
are probably junk too), 2)
At 12:25 25/06/03 -0500, Bob Apthorpe wrote:
Some caveats: 1) Bogus Received headers are common but always occur
below the last legitimate header (once you find one bogus one the rest
are probably junk too), 2) envelope sender (helo_name) is often forged,
Just being pedantic here, but the helo na
On Wed, Jun 25, 2003 at 05:13:32PM +0100, Jim Ford wrote:
> On Tue, Jun 24, 2003 at 03:30:40PM -0700, Abigail Marshall wrote:
>
> > As to proving where it comes from, I'm just not sure it's
> > worth the effort on an individual basis -- a lot of time &
> > expense involved. That's another thing t
--On Wednesday, June 25, 2003 5:13 PM +0100 Jim Ford
<[EMAIL PROTECTED]> wrote:
On Tue, Jun 24, 2003 at 03:30:40PM -0700, Abigail Marshall wrote:
As to proving where it comes from, I'm just not sure it's
worth the effort on an individual basis -- a lot of time &
expense involved. That's another
http://www.spamcop.net does a great job of taking apart headers.
Harold
> On Tue, Jun 24, 2003 at 03:30:40PM -0700, Abigail Marshall wrote:
>
>> As to proving where it comes from, I'm just not sure it's
>> worth the effort on an individual basis -- a lot of time &
>> expense involved. That's ano
Hi,
On Wed, 25 Jun 2003, Jim Ford wrote:
> On Tue, Jun 24, 2003 at 03:30:40PM -0700, Abigail Marshall wrote:
>
> > As to proving where it comes from, I'm just not sure it's
> > worth the effort on an individual basis -- a lot of time &
> > expense involved. That's another thing the big ISP's cou
On Tue, Jun 24, 2003 at 03:30:40PM -0700, Abigail Marshall wrote:
> As to proving where it comes from, I'm just not sure it's
> worth the effort on an individual basis -- a lot of time &
> expense involved. That's another thing the big ISP's could
Any pointers as to how to trace email from the h
RP> I'm willing to bet that it's probably still within the court system, and
RP> within mostly one state on top of that. ;-)
Florida? (Just hazarding a guess)
RP> Just proving these losers are
RP> exploiting open proxies the world over is the very difficult part.
RP> Depending on how your ch
- Original Message -
From: "Abigail Marshall" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Tuesday, June 24, 2003 1:14 AM
Subject: Re[2]: [SAtalk] Ideas on dealing with Joe Job?
> Hello David,
>
> Monday, June 23, 2003, 9:16:52 PM, you wrote:
>
&g
Harold Hallikainen wrote:
I'm getting a BUNCH of bounces where someone has used a return address
that returns to me. This address is commonly used by spammers (it's an
invalid address here, but I get all the mail with invalid usernames). The
mail is promoting onlineclicks.biz . With all the bounce
Hello David,
Monday, June 23, 2003, 9:16:52 PM, you wrote:
DC> Technically speaking you could go after the
DC> spammer/spamvertized site for identity theft and
DC> defamation of character. In fact I wouldn't hesitate,
DC> you have nothing to loose.
Er, the ones that keep doing this to us seem to
]>
Sent: Monday, June 23, 2003 7:34 PM
Subject: Re: [SAtalk] Ideas on dealing with Joe Job?
> HH> Not SA, but you people are my spam experts...
>
> HH> I'm getting a BUNCH of bounces where someone has used a return address
> HH> that returns to me. This address is com
HH> Not SA, but you people are my spam experts...
HH> I'm getting a BUNCH of bounces where someone has used a return address
HH> that returns to me. This address is commonly used by spammers (it's an
HH> invalid address here, but I get all the mail with invalid usernames). The
HH> mail is promotin
Not SA, but you people are my spam experts...
I'm getting a BUNCH of bounces where someone has used a return address
that returns to me. This address is commonly used by spammers (it's an
invalid address here, but I get all the mail with invalid usernames). The
mail is promoting onlineclicks.biz .
> Justin Mason wrote:
> > BTW, just met with some researchers in Trinity College here in Dublin for
> > lunch, an AI guy and a distributed-systems peer-to-peer guy, they're
> > *both* looking at starting anti-spam projects.
> >
> > So, wondering -- does anyone have good ideas for new systems in tho
Justin Mason wrote:
BTW, just met with some researchers in Trinity College here in Dublin for
lunch, an AI guy and a distributed-systems peer-to-peer guy, they're
*both* looking at starting anti-spam projects.
So, wondering -- does anyone have good ideas for new systems in those
areas, that can h
BTW, just met with some researchers in Trinity College here in Dublin for
lunch, an AI guy and a distributed-systems peer-to-peer guy, they're
*both* looking at starting anti-spam projects.
So, wondering -- does anyone have good ideas for new systems in those
areas, that can help in spamfiltering?
40 matches
Mail list logo
