How about redirecting known bots with nat/iptables to a spamtrap to collect the
data.
If a botnetspammer would belive that your mailserver is a spamtrap and back
off, who would complain?
- Reply message -
Från: "Dave Warren"
Till:
Rubrik: Interesting Spam Trap Idea - Fake Authenticati
On 2013-06-10 20:27, Marc Perkel wrote:
I'm not sure. I'm wondering if they use automation and maybe it's not
so smart. I don't think there is "a guy" typing passwords.
Perhaps only accepting the first password for any particular account
from a single IP, and rejecting different password atte
>One of the things I like about it is that if hackers are sending spam
>into my fake server then it takes away from their efforts on real
>accounts that they could hack. I'm wondering if enough of us put up fake
>authentication not only can we detect spam that way but we could waste a
>lot of s
Marc Perkel skrev den 2013-06-11 05:33:
We'll - it does waste their time and resources. Maybe it would be
better if it failed every time just to keep them working at it. Maybe
I should open pop and imap ports just to make it more inviting
looking.
+1 ;)
as is spammers knowing using pop3 to se
On 6/10/2013 8:38 AM, David F. Skoll wrote:
On Mon, 10 Jun 2013 08:32:35 -0700
Marc Perkel wrote:
I decided to implement and advertise that the server had SMTP
athentication even though there was nothing to authenticate. I
created an authenticator that would accept any username and password.
On 6/10/2013 8:53 AM, David F. Skoll wrote:
On Mon, 10 Jun 2013 17:49:11 +0200
John Wilcock wrote:
Theoretically you could detect such confirmation messages (logically
the first message from a given user,password pair) and actually
deliver them, then harvest the rest! But you'd have to be rea
Hi,
On Mon, Jun 10, 2013 at 8:40 PM, David B Funk
wrote:
> On Mon, 10 Jun 2013, Alex wrote:
>
>> Hi Kris,
>>
>> I'm trying to get your extract-data script running, and having some
>> difficulties. It's dying at the $spamtest->check($mail) call. It just
>> never returns. What does that function do
On Mon, 10 Jun 2013, Alex wrote:
Hi Kris,
I'm trying to get your extract-data script running, and having some
difficulties. It's dying at the $spamtest->check($mail) call. It just
never returns. What does that function do?
MSG: for (my $i=0; $i<$msgcount; $i++) {
my $msg = $imap->message_stri
Hi,
On Mon, Jun 10, 2013 at 8:09 PM, Alex wrote:
> Hi Kris,
>
> I'm trying to get your extract-data script running, and having some
> difficulties. It's dying at the $spamtest->check($mail) call. It just
> never returns. What does that function do?
>
> MSG: for (my $i=0; $i<$msgcount; $i++) {
>
Hi Kris,
I'm trying to get your extract-data script running, and having some
difficulties. It's dying at the $spamtest->check($mail) call. It just
never returns. What does that function do?
MSG: for (my $i=0; $i<$msgcount; $i++) {
my $msg = $imap->message_string($msgs[$i]);
print ".";
my
On Mon, Jun 10, 2013 at 11:45 AM, Duncan, Brian M. <
brian.dun...@kattenlaw.com> wrote:
> Over the last 7 days I have seen a large # of Spam messages making it
> through our SpamAssassin 3.3.1 install. We use around 5 RBL's also.
>
> It looks like it is all from the same sender.
>
> They all seem
Alex skrev den 2013-06-10 22:40:
How do you calculate the netblock, or do you just block the specific
IP or the whole class C?
whois
shorewall iprange -
then shorewall show cidr results
i dont know how to make it without shorewall :)
# shorewall iprange 127.0.1.0-127.1.255.255
127.0.1.0/24
David F. Skoll skrev den 2013-06-10 17:53:
Also, putting on a spammer hat (NOT that I actually own one!) if the
credentials "user/password" worked for me via SMTP AUTH, I would then
try
"user/anotherpassword" and if those *also* worked, I'd assume it was
a
honeypot and avoid it.
i would del
John Wilcock skrev den 2013-06-10 17:49:
Theoretically you could detect such confirmation messages (logically
the first message from a given user,password pair) and actually
deliver them, then harvest the rest! But you'd have to be really
careful not to become a spam relay in the process!
mang
Marc Perkel skrev den 2013-06-10 17:32:
Thoughts?
postfix recently got smtpd_relay_restrictions, wonder if it comes from
that idear, its not need auth if spam is just delivered localy not
needing relaying, but it will still be possible to make alias forwarding
so its not relaying, just deli
Alex wrote:
> Do you have a method for collecting them, or is it done manually?
My process isn't specific to a given source. I get anywhere from 50 to
several hundred messages reported as spam by customers, daily. After
sorting, I feed the messages through
https://secure.deepnet.cx/trac/dnsbl/br
On 6/10/2013 4:46 PM, David F. Skoll wrote:
> [Lost track of who wrote this]
>
>> 66.96.253.241
>> 64.120.241.228
>> 66.197.142.29
>> 66.197.142.23
>> 66.197.207.152
>> 66.197.177.174
>> 64.191.61.25
>
> Every single one of those IPs is on our "GreylistStumbler" list, meaning
> they've been gre
[Lost track of who wrote this]
> 66.96.253.241
> 64.120.241.228
> 66.197.142.29
> 66.197.142.23
> 66.197.207.152
> 66.197.177.174
> 64.191.61.25
Every single one of those IPs is on our "GreylistStumbler" list, meaning
they've been greylisted, but have not been seen to pass greylisting.
Implement
Hi,
>> They all seem to be coming from IP's all by the same netblock owner.
>>
>> Here are some of them, but there are many many more.. It just started like
>> 5 days ago.
>>
>> 66.96.253.241
>> 64.120.241.228
>> 66.197.142.29
>> 66.197.142.23
>> 66.197.207.152
>> 66.197.177.174
>> 64.191.61.25
-Original Message-
From: Kris Deugau [mailto:kdeu...@vianet.ca]
Sent: Monday, June 10, 2013 2:21 PM
To: spamassassin-users
Subject: Re: Large # of Spam getting through all of a sudden.
>*nod* I recently flagged them as a nuisance netblock owner in the
>internal DNSBL[1] here. I've been
(When creating a new thread, please create a new message instead of
replying to an existing message as your "new" thread will be buried
under that old thread for most people using a threading mail reader.)
Duncan, Brian M. wrote:
> Over the last 7 days I have seen a large # of Spam messages making
On 6/10/2013 2:45 PM, Duncan, Brian M. wrote:
> I rarely have seen any SpamAssasin hits on the bodies of these messages.
>
> (cached, score=-0.125,required 6.5, autolearn=not spam,
> RP_MATCHES_RCVD -0.12)
Do you train the Bayes database manually? Or via autolearn only?
I use SA via AMa
On 6/10/2013 2:45 PM, Duncan, Brian M. wrote:
> I rarely have seen any SpamAssasin hits on the bodies of these messages.
>
> (cached, score=-0.125,required 6.5, autolearn=not spam,
> RP_MATCHES_RCVD -0.12)
Do you train the Bayes database manually? Or via autolearn only?
I use SA v
On Mon, 2013-06-10 at 09:55 -0700, Brent Gardner wrote:
> > For basics of writing SA rules, maybe look at
> > http://wiki.apache.org/spamassassin/WritingRules
> Where's a good place to look if I want to go beyond the basics?
The docs [1], lurking on this list, and possibly having a look at the
st
On 06/06/2013 03:26 PM, Wolfgang Zeikat wrote:
In an older episode, on 2013-06-07 00:17, Rejaine Monteiro wrote:
tala was only an example, thanks for the tip, I will test here
For basics of writing SA rules, maybe look at
http://wiki.apache.org/spamassassin/WritingRules
Hope this helps,
wol
On Mon, 10 Jun 2013 17:49:11 +0200
John Wilcock wrote:
> Theoretically you could detect such confirmation messages (logically
> the first message from a given user,password pair) and actually
> deliver them, then harvest the rest! But you'd have to be really
> careful not to become a spam relay i
For general research - can save you time before re-inventing the wheel
http://spamlinks.net/
Le 10/06/2013 17:38, David F. Skoll a écrit :
That's an interesting honeypot. I've seen spammers crack SMTP AUTH
passwords, but in most cases the first thing they do is send an email
to a freemail account with a subject like:
192.168.33.55,user,passwd
and if they don't get the round-tr
On Mon, 10 Jun 2013, Marc Perkel wrote:
I'm experimenting with an interesting spam trap idea. Normally I run many
inbound servers as spam filters (Using Exim) with no SMTP authentication. But
then I got this idea
I decided to implement and advertise that the server had SMTP athentication
On Mon, 10 Jun 2013 08:32:35 -0700
Marc Perkel wrote:
> I decided to implement and advertise that the server had SMTP
> athentication even though there was nothing to authenticate. I
> created an authenticator that would accept any username and password.
> But it's obviously spam. Then I harvest
I'm experimenting with an interesting spam trap idea. Normally I run
many inbound servers as spam filters (Using Exim) with no SMTP
authentication. But then I got this idea
I decided to implement and advertise that the server had SMTP
athentication even though there was nothing to authent
On Mon, 10 Jun 2013, emailitis.com wrote:
I tried to send the source from one such email but it was rejected with a
Spam score of 13:
Remote host said: 552 spam score (13.6) exceeded threshold
HTML_MESSAGE,SPF_HELO_PASS,SPF_PASS,URIBL_BLACK,URIBL_DBL_SPAM,URIBL_JP_SURB
L,URIBL_RHS_DOB,URIBL_WS
We are getting a lot of Spam which is an image with random words at the
bottom. Is there a rule that someone has created which we can include to
get rid of this.
I tried to send the source from one such email but it was rejected with a
Spam score of 13:
Remote host said: 552 spam score (13
33 matches
Mail list logo
