On Tue, 25 Nov 2003 10:40:09 -0800 Steve Thomas <[EMAIL PROTECTED]> wrote:
> On Tue, Nov 25, 2003 at 01:22:51PM -0500, Tony Bunce is rumored to have said:
> >
> > I have been seeing lots of spam like this getting through recently
> >
> > Anyone have any ideas how to reduce this type of spam from
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Tony
Bunce
Sent: Tuesday, November 25, 2003 1:23 PM
To: [EMAIL PROTECTED]
Subject: [SAtalk] Ideas
I have been seeing lots of spam like this getting through recently
Anyone have any ideas how to reduce thi
-Original Message-
From: Larry Gilson
Sent: Tuesday, November 25, 2003 3:30 PM
To: 'Tony Bunce'; '[EMAIL PROTECTED]'
Subject: RE: [SAtalk] Ideas
Attached is a custom rule file. It has been working rather well and I will
be increasing the score from 0.5 to 1.0.
EMAIL PROTECTED]
Subject: Re: [SAtalk] Ideas
On Tue, Nov 25, 2003 at 01:22:51PM -0500, Tony Bunce is rumored to have
said:
>
> I have been seeing lots of spam like this getting through recently
>
> Anyone have any ideas how to reduce this type of spam from getting
> through?
I not
Chris' EVILRULES gets the score up by 3 on that. See
http://www.merchantsoverseas.com/wwwroot/gorilla/sa_rules.htm. Also,
Colin A. Bartlett had posted a spam sentences rule set that adds an
additional 2 points to that email. His original score I think was 10
for each sentence, but I decreased it
On Tue, Nov 25, 2003 at 01:22:51PM -0500, Tony Bunce is rumored to have said:
>
> I have been seeing lots of spam like this getting through recently
>
> Anyone have any ideas how to reduce this type of spam from getting
> through?
I noticed that this guy's using our domain name as the argument t
Dear Jim Ford,
Date: Wed, 25 Jun 2003 17:13:32 +0100
From: Jim Ford <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
Subject: Re: [SAtalk] Ideas on dealing with Joe Job?
...
Any pointers as to how to trace email from the headers - they're pretty
cryptic to a non IT professional like myself?
"Kai Schaetzl" <[EMAIL PROTECTED]> wrote:
Kelson Vibber wrote on Thu, 26 Jun 2003 17:30:07 -0700:
> If someone claims to be your own mail server - and isn't - it's a pretty
> safe bet they're up to no good.
That's a rule I use in SA, but unfortunately, I don't know of a way to tell
sendmail to do
Kelson Vibber wrote on Thu, 26 Jun 2003 17:30:07 -0700:
> If someone claims to be your own mail server - and isn't - it's a pretty
> safe bet they're up to no good.
>
That's a rule I use in SA, but unfortunately, I don't know of a way to tell
sendmail to do this. It only rejects so-called BOGUS
* Bob Apthorpe <[EMAIL PROTECTED]>:
> > > reject_unknown_hostname drops connections from machines without DNS A or
> > > MX record (twitchy)
> >
> > No. This rejects mail from machines that use a non-resolving hostname
> > as argument to the EHLO/HELO.
>
> Rather, no rDNS (PTR)?
Yep. It must res
Simon Byrnand <[EMAIL PROTECTED]> wrote:
My thoughts exactly, which is why I suggested the HELO credentials are
pretty much useless these days, at least for blocking spam.
What do you check for ?
If someone claims to be your own mail server - and isn't - it's a pretty
safe bet they're up to no goo
Hi,
[apologies for turning SA-Talk into a chapter of "Postfix Configuration
For Dummies"...]
On Fri, 27 Jun 2003, Ralf Hildebrandt wrote:
> * Bob Apthorpe <[EMAIL PROTECTED]>:
> > reject_unknown_hostname drops connections from machines without DNS A or
> > MX record (twitchy)
>
> No. This reject
[EMAIL PROTECTED] writes:
>as you point out, the problem is spammers can forge what's in the helo
>message just as they forge what's in MAIL FROM.
>
>but also, unfortunately, a way large percentage of sites do not have
>correctly configured names in their helos.
>
>(some have ip addresses. some h
At 22:31 26/06/03 +0200, Kai Schaetzl wrote:
Tony Earnshaw wrote on Thu, 26 Jun 2003 15:34:17 +0200:
> I, and many other (increasingly many other) mailadmins refuse on invalid
> HELO/EHLO credentials. Many can not afford to, many see this as a main
> weapon against non-ham.
>
Well, what do you exa
* Bob Apthorpe <[EMAIL PROTECTED]>:
> HELO/EHLO credentials don't have to match an existing host name but
> they do have to be formatted properly (i.e. FQDN) I reject on broken
> HELO format with Postfix using:
>
> smtpd_helo_required = yes
>
> smtpd_helo_restrictions = permit_mynetworks,
> hash
as you point out, the problem is spammers can forge what's in the helo
message just as they forge what's in MAIL FROM.
but also, unfortunately, a way large percentage of sites do not have
correctly configured names in their helos.
(some have ip addresses. some have their non-fully-qualified name
Hi,
On Thu, 26 Jun 2003, Kai Schaetzl wrote:
> Tony Earnshaw wrote on Thu, 26 Jun 2003 15:34:17 +0200:
>
> > I, and many other (increasingly many other) mailadmins refuse on invalid
> > HELO/EHLO credentials. Many can not afford to, many see this as a main
> > weapon against non-ham.
>
> Well, wh
--On Thursday, June 26, 2003 10:31 PM +0200 Kai Schaetzl
<[EMAIL PROTECTED]> wrote:
Tony Earnshaw wrote on Thu, 26 Jun 2003 15:34:17 +0200:
I, and many other (increasingly many other) mailadmins refuse on invalid
HELO/EHLO credentials. Many can not afford to, many see this as a main
weapon again
Tony Earnshaw wrote on Thu, 26 Jun 2003 15:34:17 +0200:
> I, and many other (increasingly many other) mailadmins refuse on invalid
> HELO/EHLO credentials. Many can not afford to, many see this as a main
> weapon against non-ham.
>
Well, what do you exactly do to refuse them? Do a reverse looku
Simon Byrnand wrote:
The HELO or EHLO commands are supposed to be used to identify the name
of the mail server making the connection, but is essentially meaningless
these days and is just a vestige of a time long forgotten when everyone
played nice and gave valid information. Think of it as the
--On Thursday, June 26, 2003 11:20 AM +1200 Simon Byrnand
<[EMAIL PROTECTED]> wrote:
At 12:25 25/06/03 -0500, Bob Apthorpe wrote:
Some caveats: 1) Bogus Received headers are common but always occur
below the last legitimate header (once you find one bogus one the rest
are probably junk too), 2)
At 12:25 25/06/03 -0500, Bob Apthorpe wrote:
Some caveats: 1) Bogus Received headers are common but always occur
below the last legitimate header (once you find one bogus one the rest
are probably junk too), 2) envelope sender (helo_name) is often forged,
Just being pedantic here, but the helo na
On Wed, Jun 25, 2003 at 05:13:32PM +0100, Jim Ford wrote:
> On Tue, Jun 24, 2003 at 03:30:40PM -0700, Abigail Marshall wrote:
>
> > As to proving where it comes from, I'm just not sure it's
> > worth the effort on an individual basis -- a lot of time &
> > expense involved. That's another thing t
--On Wednesday, June 25, 2003 5:13 PM +0100 Jim Ford
<[EMAIL PROTECTED]> wrote:
On Tue, Jun 24, 2003 at 03:30:40PM -0700, Abigail Marshall wrote:
As to proving where it comes from, I'm just not sure it's
worth the effort on an individual basis -- a lot of time &
expense involved. That's another
http://www.spamcop.net does a great job of taking apart headers.
Harold
> On Tue, Jun 24, 2003 at 03:30:40PM -0700, Abigail Marshall wrote:
>
>> As to proving where it comes from, I'm just not sure it's
>> worth the effort on an individual basis -- a lot of time &
>> expense involved. That's ano
Hi,
On Wed, 25 Jun 2003, Jim Ford wrote:
> On Tue, Jun 24, 2003 at 03:30:40PM -0700, Abigail Marshall wrote:
>
> > As to proving where it comes from, I'm just not sure it's
> > worth the effort on an individual basis -- a lot of time &
> > expense involved. That's another thing the big ISP's cou
On Tue, Jun 24, 2003 at 03:30:40PM -0700, Abigail Marshall wrote:
> As to proving where it comes from, I'm just not sure it's
> worth the effort on an individual basis -- a lot of time &
> expense involved. That's another thing the big ISP's could
Any pointers as to how to trace email from the h
Harold Hallikainen wrote:
I'm getting a BUNCH of bounces where someone has used a return address
that returns to me. This address is commonly used by spammers (it's an
invalid address here, but I get all the mail with invalid usernames). The
mail is promoting onlineclicks.biz . With all the bounce
]>
Sent: Monday, June 23, 2003 7:34 PM
Subject: Re: [SAtalk] Ideas on dealing with Joe Job?
> HH> Not SA, but you people are my spam experts...
>
> HH> I'm getting a BUNCH of bounces where someone has used a return address
> HH> that returns to me. This address is com
HH> Not SA, but you people are my spam experts...
HH> I'm getting a BUNCH of bounces where someone has used a return address
HH> that returns to me. This address is commonly used by spammers (it's an
HH> invalid address here, but I get all the mail with invalid usernames). The
HH> mail is promotin
> Justin Mason wrote:
> > BTW, just met with some researchers in Trinity College here in Dublin for
> > lunch, an AI guy and a distributed-systems peer-to-peer guy, they're
> > *both* looking at starting anti-spam projects.
> >
> > So, wondering -- does anyone have good ideas for new systems in tho
Justin Mason wrote:
BTW, just met with some researchers in Trinity College here in Dublin for
lunch, an AI guy and a distributed-systems peer-to-peer guy, they're
*both* looking at starting anti-spam projects.
So, wondering -- does anyone have good ideas for new systems in those
areas, that can h
32 matches
Mail list logo
