Re: Ebay Phishing
On Mon, 21 Mar 2005 14:29:46 +1030 Greg 'groggy' Lehey [EMAIL PROTECTED] wrote: Indeed. I do, and it blocks an amazing amount of spam. That's the wrong way to deal with spam, Greg. Greylisting and SPF checks are a much better solution. I do have the courtesy to say please use your ISP's mail server in the error reply. Well, as pointed out before, that's not always possible. My ISP doesn't allow any mail with a from != terra.es to pass through their mail servers. Not only that, but they will silently drop e-mail without telling you. Their POP3 server is also broken half of the time, that's why I gave up on using their mail (and dns as well) service years ago. Modulo that, the service is good enough and I've had less than a few hours of outage in 5 years, so I don't have any plans of moving to another ISP. When people reject my mail (which comes from a static IP, gpg-signed and from a host that publishes SPF records) I simply add them to my / etc/postfix/access file, so I don't waste time reading and replying to mail that won't reach its destinantion. It's that simple :) I've tried several setups to stop spam. I get about 150/day or so. I discovered that 99% of them were coming from Windows boxes. So, if you have PF you can do tricks like this: rdr on $ext_if proto tcp from any os Windows to any port smtp - 127.0.0.1 port 8025 And have all those mails end up in spamd's tarpit. However, this might send legit mail there, so I stopped using that too. I just let spamassassin do its job. Cheers, -- Miguel Mendez [EMAIL PROTECTED] http://www.energyhq.es.eu.org PGP Key: 0xDC8514F1 pgpUo464pKAli.pgp Description: PGP signature
Ebay Phishing
Hi all, Is it just me, but I've had 2 Ebay Phishing e-mails to this e-mail address that I only use for this mail list. Both mails where from Comcast users !! Rob ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Ebay Phishing
Robert Slade wrote: Hi all, Is it just me, but I've had 2 Ebay Phishing e-mails to this e-mail address that I only use for this mail list. Both mails where from Comcast users !! Rob Sounds like someone from Comcast is on this list AND using a Windows box AND is infected. Shame on you -- Best regards, Chris If you have always done it that way, it is probably wrong. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Ebay Phishing
On Sun, 20 Mar 2005, Robert Slade wrote: Is it just me, but I've had 2 Ebay Phishing e-mails to this e-mail address that I only use for this mail list. Both mails where from Comcast users !! Mail to this list is reposted on the web and through multiple mail-to-news gateways. So your address was likely harvested. As to Comcast, it's a multitude of Windows users on high-speed connections, many of them running infected machines that are broadcasting viruses and spam. If you have your own mailserver, most of this can be rejected by using greylisting or by rejecting mail from dynamic Comcast IP addresses, while still allowing mail coming from Comcast's mail servers. -Warren Block * Rapid City, South Dakota USA ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Ebay Phishing
At 10:18 3/20/2005, Robert Slade wrote: Hi all, Is it just me, but I've had 2 Ebay Phishing e-mails to this e-mail address that I only use for this mail list. Both mails where from Comcast users !! Please forward them (include headers) to: [EMAIL PROTECTED] Same for [EMAIL PROTECTED] Start Here to Find It Fast! - http://www.US-Webmasters.com/best-start-page/ $8.77 Domain Names - http://domains.us-webmasters.com/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Ebay Phishing
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 2005-03-20, Warren Block scribbled these curious markings: If you have your own mailserver, most of this can be rejected by using greylisting or by rejecting mail from dynamic Comcast IP addresses, while still allowing mail coming from Comcast's mail servers. Which is completely and totally unfair to those of us who *can* control our networks and who are more than likely being blamed for things that we aren't even doing (i.e. machines not on Comcast's network forging headers). DNS blacklisting is one of the most unfair methods of stopping spam. It's a real pain in the neck for me to edit my Postfix configuration every time some pissy netadmin decides to blacklist a whole netblock because of one or two (ignorant) miscreants. Best Regards, Christopher Nehren -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.0 (FreeBSD) iD8DBQFCPa89k/lo7zvzJioRAtqnAJ9EDa1GEhNIyphls0xSuPwvDq+48ACgh7qQ ctRpzUxRNGO9q8FCIdkyBYM= =XKVA -END PGP SIGNATURE- -- I abhor a system designed for the user, if that word is a coded pejorative meaning stupid and unsophisticated. -- Ken Thompson If you ask the wrong questions, you get answers like 42 and God. Unix is user friendly. However, it isn't idiot friendly. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Ebay Phishing
On Sun, 20 Mar 2005 10:22:23 -0600 Chris [EMAIL PROTECTED] wrote: || ||Robert Slade wrote: || Hi all, || || Is it just me, but I've had 2 Ebay Phishing e-mails to this e-mail || address that I only use for this mail list. Both mails where from || Comcast users !! || || Rob || ||Sounds like someone from Comcast is on this list AND using a Windows box ||AND is infected. || ||Shame on you || ||-- ||Best regards, ||Chris || ||If you have always done it that way, it is probably wrong. ** Reply Separator ** Sunday, March 20, 2005 1:35:28 PM 1) Did you actually confirm that the email originated from Comcast 2) Did you report the email to Comcast as well as [EMAIL PROTECTED] 3) Why does it have to be a Windows box? Anyone can access this forum and harvest email addresses. -- Gerard Seibert [EMAIL PROTECTED] They say that a dog is man's best friend. I do not believe that. How many of your friends have you had neutered? smime.p7s Description: S/MIME cryptographic signature
Re: Ebay Phishing
Gerard Seibert wrote: On Sun, 20 Mar 2005 10:22:23 -0600 Chris [EMAIL PROTECTED] wrote: || ||Robert Slade wrote: || Hi all, || || Is it just me, but I've had 2 Ebay Phishing e-mails to this e-mail || address that I only use for this mail list. Both mails where from || Comcast users !! || || Rob || ||Sounds like someone from Comcast is on this list AND using a Windows box ||AND is infected. || ||Shame on you || ||-- ||Best regards, ||Chris || ||If you have always done it that way, it is probably wrong. ** Reply Separator ** Sunday, March 20, 2005 1:35:28 PM 1) Did you actually confirm that the email originated from Comcast 2) Did you report the email to Comcast as well as [EMAIL PROTECTED] 3) Why does it have to be a Windows box? Anyone can access this forum and harvest email addresses. -- Gerard Seibert [EMAIL PROTECTED] They say that a dog is man's best friend. I do not believe that. How many of your friends have you had neutered? It is most likely it is a windows box that has been copromised due to one of the slew of M$ vulnerabilities. Some crafty programmer has turned this box into a zombie and installed a mailing package or a proxy server and is sending mail from it in concert with thousands of others just like it...al behind one keyboard. -Bob ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Ebay Phishing
On Sunday 20 March 2005 11:53 am, Bob Ababurko wrote: Gerard Seibert wrote: On Sun, 20 Mar 2005 10:22:23 -0600 Chris [EMAIL PROTECTED] wrote: ||Robert Slade wrote: || Hi all, || || Is it just me, but I've had 2 Ebay Phishing e-mails to this || e-mail address that I only use for this mail list. Both mails || where from Comcast users !! || || Rob || ||Sounds like someone from Comcast is on this list AND using a || Windows box AND is infected. || ||Shame on you || ||-- ||Best regards, ||Chris || ||If you have always done it that way, it is probably wrong. ** Reply Separator ** Sunday, March 20, 2005 1:35:28 PM 1) Did you actually confirm that the email originated from Comcast 2) Did you report the email to Comcast as well as [EMAIL PROTECTED] 3) Why does it have to be a Windows box? Anyone can access this forum and harvest email addresses. -- Gerard Seibert [EMAIL PROTECTED] They say that a dog is man's best friend. I do not believe that. How many of your friends have you had neutered? It is most likely it is a windows box that has been copromised due to one of the slew of M$ vulnerabilities. Some crafty programmer has turned this box into a zombie and installed a mailing package or a proxy server and is sending mail from it in concert with thousands of others just like it...al behind one keyboard. -Bob Just to be fair towards the OS used by common folk, a few months ago I set up a gateway machine with FreeBSD 4.11 and made the mistake of running it on my DSL line without first setting up a firewall, shutting off sendmail and unused ports. (due to lazyness impatience on my part) It took only a few hours for someone to find the open relay and use it! I didn't even know until Verizon sent me an email saying I was a bad boy and they were shutting off my email access for 24 hours, which they did! Bottom line is it can happen to anyone. -Mike ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Ebay Phishing
On Sun, 20 Mar 2005, Christopher Nehren wrote: On 2005-03-20, Warren Block scribbled these curious markings: If you have your own mailserver, most of this can be rejected by using greylisting or by rejecting mail from dynamic Comcast IP addresses, while still allowing mail coming from Comcast's mail servers. Which is completely and totally unfair to those of us who *can* control our networks and who are more than likely being blamed for things that we aren't even doing (i.e. machines not on Comcast's network forging headers). Spam from genuine Comcast dynamic IP addresses is a serious problem. If someone needs to receive email from Comcast dynamic addresses, greylisting has no more serious effect than delaying it by half an hour. And the mailservers that Comcast provides for dynamic IP users can be whitelisted, so for users who smarthost through those servers there will be no delay or inconvenience at all. (FreeBSD relevant: /usr/ports/mail/milter-greylist) DNS blacklisting is one of the most unfair methods of stopping spam. This is quite a jump from greylisting. I was thinking more of looking up the Comcast listings from blackholes.us and then adding them to /etc/mail/access. It depends on the severity of the problem. It's a real pain in the neck for me to edit my Postfix configuration every time some pissy netadmin decides to blacklist a whole netblock because of one or two (ignorant) miscreants. What do you have to edit? If you're in Comcast dynamic space, why not just smarthost through their servers? -Warren Block * Rapid City, South Dakota USA ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Ebay Phishing
On Sun, 20 Mar 2005 12:08:49 -0800 Michael C. Shultz [EMAIL PROTECTED] wrote: || ||On Sunday 20 March 2005 11:53 am, Bob Ababurko wrote: || Gerard Seibert wrote: || On Sun, 20 Mar 2005 10:22:23 -0600 Chris [EMAIL PROTECTED] ||wrote: || ||Robert Slade wrote: || || Hi all, || || || || Is it just me, but I've had 2 Ebay Phishing e-mails to this || || e-mail address that I only use for this mail list. Both mails || || where from Comcast users !! || || || || Rob || || || ||Sounds like someone from Comcast is on this list AND using a || || Windows box AND is infected. || || || ||Shame on you || || || ||-- || ||Best regards, || ||Chris || || || ||If you have always done it that way, it is probably wrong. || || ** Reply Separator ** || Sunday, March 20, 2005 1:35:28 PM || || 1) Did you actually confirm that the email originated from Comcast || 2) Did you report the email to Comcast as well as [EMAIL PROTECTED] || 3) Why does it have to be a Windows box? Anyone can access this || forum and harvest email addresses. || || -- || Gerard Seibert || [EMAIL PROTECTED] || || They say that a dog is man's best friend. I do not believe that. How || many of your friends have you had neutered? || || It is most likely it is a windows box that has been copromised due to || one of the slew of M$ vulnerabilities. Some crafty programmer has || turned this box into a zombie and installed a mailing package or a || proxy server and is sending mail from it in concert with thousands of || others just like it...al behind one keyboard. || || -Bob || || ||Just to be fair towards the OS used by common folk, a few months ago I ||set up a gateway machine with FreeBSD 4.11 and made the mistake of ||running it on my DSL line without first setting up a firewall, shutting ||off sendmail and unused ports. (due to lazyness impatience on my part) || ||It took only a few hours for someone to find the open relay and use it! ||I didn't even know until Verizon sent me an email saying I was a bad ||boy and they were shutting off my email access for 24 hours, which they ||did! Bottom line is it can happen to anyone. || ||-Mike ** Reply Separator ** Sunday, March 20, 2005 5:17:20 PM Thanks Mike, that is exactly my point. Far to many individuals blame Microsoft for every conceivable thing that happens without first fully investigating the actual event. There is a very good chance that Microsoft software may be at the heart of this matter; there is also a change that O.J. Simpson is innocent, but we do not really have to go there. For all we know, these addresses could be harvested by an individual using a MAC. The point is that as soon as someone starts using an OS other than Microsoft, they are lulled into a totally false sense of security, which anyone with any real knowledge knows is simply BS. If someone like yourself can make a mistake like you described, think how easy it is for a novice to accomplish the same feat. Worse yet, they will not even be aware that they have compromised either their own or some others security because of their incompetence. -- Gerard Seibert [EMAIL PROTECTED] Support your local medical examiner; die strangely! ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Ebay Phishing
On Sun, Mar 20, 2005 at 01:49:57PM -0700, Warren Block wrote: What do you have to edit? If you're in Comcast dynamic space, why not just smarthost through their servers? Not referring to Comcast, but for Rogers which is also blacklisted by a lot of people: their smart host likes to delay or randomly drop outbound mail making it useless for reliable email delivery, and they require you to send mail from a rogers.com address, which means you can't use personal domains (like this one). Kris pgpQe04mScGKu.pgp Description: PGP signature
Re: Ebay Phishing
- Original Message - From: Kris Kennaway [EMAIL PROTECTED] To: Warren Block [EMAIL PROTECTED] Cc: Christopher Nehren [EMAIL PROTECTED]; freebsd-questions@freebsd.org Sent: Sunday, March 20, 2005 7:12 PM Subject: Re: Ebay Phishing On Sun, Mar 20, 2005 at 01:49:57PM -0700, Warren Block wrote: What do you have to edit? If you're in Comcast dynamic space, why not just smarthost through their servers? Not referring to Comcast, but for Rogers which is also blacklisted by a lot of people: their smart host likes to delay or randomly drop outbound mail making it useless for reliable email delivery, and they require you to send mail from a rogers.com address, which means you can't use personal domains (like this one). Kris --- reply separator - Actually, what you say is not true for Rogers. I've been sending mail directly out of my Rogers-hosted machine for almost a year now, without going through their smart hosts. This was one of the reasons I switched to Rogers from Sympatico -- Sympatico locked down port 25 which forced me to use their crappy mail servers, and I was easily losing 50% of my mail. -- Matt Emmerton ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Ebay Phishing
On Sun, Mar 20, 2005 at 07:41:00PM -0500, Matt Emmerton wrote: What do you have to edit? If you're in Comcast dynamic space, why not just smarthost through their servers? Not referring to Comcast, but for Rogers which is also blacklisted by a lot of people: their smart host likes to delay or randomly drop outbound mail making it useless for reliable email delivery, and they require you to send mail from a rogers.com address, which means you can't use personal domains (like this one). Kris --- reply separator - Actually, what you say is not true for Rogers. I've been sending mail directly out of my Rogers-hosted machine for almost a year now, without going through their smart hosts. This was one of the reasons I switched to Rogers from Sympatico -- Sympatico locked down port 25 which forced me to use their crappy mail servers, and I was easily losing 50% of my mail. I don't understand what your point is...I didn't say rogers forced you to use their smarthost, only that lots of people (e.g. lots of people in europe and russia, in my experience) blacklist your emails when you don't. Kris pgp8vtroCefc5.pgp Description: PGP signature
Re: Ebay Phishing
On Sunday, 20 March 2005 at 18:50:18 -0800, Kris Kennaway wrote: On Sun, Mar 20, 2005 at 07:41:00PM -0500, Matt Emmerton wrote: What do you have to edit? If you're in Comcast dynamic space, why not just smarthost through their servers? Not referring to Comcast, but for Rogers which is also blacklisted by a lot of people: their smart host likes to delay or randomly drop outbound mail making it useless for reliable email delivery, and they require you to send mail from a rogers.com address, which means you can't use personal domains (like this one). Kris --- reply separator - Actually, what you say is not true for Rogers. I've been sending mail directly out of my Rogers-hosted machine for almost a year now, without going through their smart hosts. This was one of the reasons I switched to Rogers from Sympatico -- Sympatico locked down port 25 which forced me to use their crappy mail servers, and I was easily losing 50% of my mail. I don't understand what your point is...I didn't say rogers forced you to use their smarthost, only that lots of people (e.g. lots of people in europe and russia, in my experience) blacklist your emails when you don't. Indeed. I do, and it blocks an amazing amount of spam. I do have the courtesy to say please use your ISP's mail server in the error reply. Greg -- See complete headers for address and phone numbers. pgplp9WUTmxfY.pgp Description: PGP signature
Re: Ebay Phishing
On Sun, 2005-03-20 at 18:42, Gerard Seibert wrote: On Sun, 20 Mar 2005 10:22:23 -0600 Chris [EMAIL PROTECTED] wrote: || ||Robert Slade wrote: || Hi all, || || Is it just me, but I've had 2 Ebay Phishing e-mails to this e-mail || address that I only use for this mail list. Both mails where from || Comcast users !! || || Rob || ||Sounds like someone from Comcast is on this list AND using a Windows box ||AND is infected. || ||Shame on you || ||-- ||Best regards, ||Chris || ||If you have always done it that way, it is probably wrong. ** Reply Separator ** Sunday, March 20, 2005 1:35:28 PM 1) Did you actually confirm that the email originated from Comcast Yes: Received: from c-24-13-45-69.client.comcast.net (HELO 192.168.0.101) (24.13.45.69) Direct to my mail server. It is also significant that the sending IP is listed on a number of blacklists including SORBS. 2) Did you report the email to Comcast as well as [EMAIL PROTECTED] Yes, Ebay appear to have done something, Comcast not as the machine is still sending. 3) Why does it have to be a Windows box? Anyone can access this forum and harvest email addresses. Not my comment, but that is the most likely cause. Although there may be more to it. BTW I have just got a spam e-mail to the same address, this one came from a rr IP. It was advertising a site in ru space and the ebay one leads back to a ru site too. Rob ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]