Re: Spam fighting

[Arthur Machlas]

On Mon, Jul 5, 2010 at 4:52 PM, Jim Popovitch  wrote:
> On Mon, Jul 5, 2010 at 17:38, Arthur Machlas  wrote:
>> Forward all mail to a gmail account, then forward back to Debian's
>> list-servs. Spam problem solved.
>
> except Debian pushes hard for their outbound mail host to be
> whitelisted...  which is also a reason the default Spamassassin will
> generally not block spam that comes via Debian.

I have no idea what that means. Nor do I want to. I'm very happy to
let other people do the hard work of eliminating most spam, and it
seems to go pretty well.

The real story here is that Adobe hired a new Marketing Manager who
subscribes to the Donald Rumsfield school of marketing: Ready, Fire,
Aim.


--
To UNSUBSCRIBE, email to debian-security-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: 
http://lists.debian.org/aanlktim4yptv7jfaza1btcz-4fakt0ef2qine96de...@mail.gmail.com

Re: Spam fighting

[Paul Tagliamonte]

Guys, this is all spam to me. It's coming to the point where I just
want to usubscribe rather then keep watching this ridiculous flame
war.

Let's be big boys and gals and stop fighting.


On Mon, Jul 5, 2010 at 5:52 PM, Jim Popovitch  wrote:
> On Mon, Jul 5, 2010 at 17:38, Arthur Machlas  wrote:
>> Forward all mail to a gmail account, then forward back to Debian's
>> list-servs. Spam problem solved.
>
> except Debian pushes hard for their outbound mail host to be
> whitelisted...  which is also a reason the default Spamassassin will
> generally not block spam that comes via Debian.
>
> -Jim P.
>
>
> --
> To UNSUBSCRIBE, email to debian-security-requ...@lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
> Archive: 
> http://lists.debian.org/aanlktinncdurb-luvwj8uuaxmarc8cwmxfgqcwh9z...@mail.gmail.com
>
>



-- 
#define sizeof(x) rand()
:wq


--
To UNSUBSCRIBE, email to debian-security-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: 
http://lists.debian.org/aanlktim1d7ibvvkxmg6_zjmegda2952tbbek_jc0r...@mail.gmail.com

Re: Spam fighting

[Jim Popovitch]

On Mon, Jul 5, 2010 at 17:38, Arthur Machlas  wrote:
> Forward all mail to a gmail account, then forward back to Debian's
> list-servs. Spam problem solved.

except Debian pushes hard for their outbound mail host to be
whitelisted...  which is also a reason the default Spamassassin will
generally not block spam that comes via Debian.

-Jim P.


-- 
To UNSUBSCRIBE, email to debian-security-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: 
http://lists.debian.org/aanlktinncdurb-luvwj8uuaxmarc8cwmxfgqcwh9z...@mail.gmail.com

Re: Spam fighting

[Arthur Machlas]

On Mon, Jul 5, 2010 at 3:31 PM, CaT  wrote:
> On Mon, Jul 05, 2010 at 02:23:03PM +0200, Wojciech Ziniewicz wrote:
>> Personally i get 0-5 spam messages per month from the debian-isp and
>> debian-security list that are not filtered and appear as non-spam messages.
>> Moreover i see that in my spam folder i have like 3-7 spam messages per
>> hour.
>
> I'm 600 short of 100,000 pieces of spam since 26/1/2010. :) This isn't just
> from debian lists, though. It's all-up.
>
> This does not take into account the false negatives. I'm pretty sure I'm
> over 102,000 with those. That may seem a tad high to some but imo a false
> negative is better than a false positive.
>
> On top of this there are 2,300 virus laden emails over the same time
> period.
>
>> What's the problem actually ?
>
> Unrealistic expectations, I'd say.

Forward all mail to a gmail account, then forward back to Debian's
list-servs. Spam problem solved.

http://www.broadwayworld.com/columnpic/49094_1234281442.jpg
[Caption: You're welcome.]

/sarcasm

Arthur.


-- 
To UNSUBSCRIBE, email to debian-security-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: 
http://lists.debian.org/aanlktimdygbqiujmelzqit89kmfaphwqhdfwmecwn...@mail.gmail.com

Re: Spam fighting

[CaT]

On Mon, Jul 05, 2010 at 02:23:03PM +0200, Wojciech Ziniewicz wrote:
> Personally i get 0-5 spam messages per month from the debian-isp and
> debian-security list that are not filtered and appear as non-spam messages.
> Moreover i see that in my spam folder i have like 3-7 spam messages per
> hour.

I'm 600 short of 100,000 pieces of spam since 26/1/2010. :) This isn't just
from debian lists, though. It's all-up.

This does not take into account the false negatives. I'm pretty sure I'm
over 102,000 with those. That may seem a tad high to some but imo a false
negative is better than a false positive.

On top of this there are 2,300 virus laden emails over the same time
period.

> What's the problem actually ?

Unrealistic expectations, I'd say.

-- 
  "A search of his car uncovered pornography, a homemade sex aid, women's 
  stockings and a Jack Russell terrier."
- http://www.news.com.au/story/0%2C27574%2C24675808-421%2C00.html


-- 
To UNSUBSCRIBE, email to debian-security-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/20100705203151.gr2...@zip.com.au

Re: Spam fighting

[Jim Popovitch]

On Mon, Jul 5, 2010 at 09:49, Roger Hanna  wrote:
> Ok Folks, really, your mails about the spam are starting to actually spam!
>
> Wait, this email is then also considered a spam about spamming.
>
> You just can't win.

Good thing the FOSS ppl don't think like that.

-Jim P.


-- 
To UNSUBSCRIBE, email to debian-security-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: 
http://lists.debian.org/aanlktil_c5pupz-xx-z0jvy2hxjw_6kwidfp8k4rm...@mail.gmail.com

RE: Spam fighting

[Roger Hanna]

Ok Folks, really, your mails about the spam are starting to actually spam!

Wait, this email is then also considered a spam about spamming.

You just can't win.


-- 
To UNSUBSCRIBE, email to debian-security-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/000c01cb1c48$f5aa68c0$e0ff3a...@com

Re: Spam fighting

[Bjoern Meier]

hi,

2010/7/5 Wojciech Ziniewicz :
> 2010/7/5 Bjoern Meier 

> Personally i get 0-5 spam messages per month from the debian-isp and
> debian-security list that are not filtered and appear as non-spam messages.
> Moreover i see that in my spam folder i have like 3-7 spam messages per
> hour.
> What's the problem actually ?

Well, where did I say there is any problem? The possibility to track
the blocked-spam ratio would stop this and further discussion. Just
this.
The lists are an open system and should - IMHO - lets track how
effective the security is. I don't want to know how it's done, but it
would be NTH to see the stats.
Almost everything else could be tracked in Debian, but not the
security on the list? I can accept that, but a simple mailgraph [1]
could be enough (and make any obvious calculations unnecessary).

Just 2 cents, not a complaint

Greetings,
Björn

[1]: http://mailgraph.schweikert.ch/


--
To UNSUBSCRIBE, email to debian-security-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: 
http://lists.debian.org/aanlktilbicew5yjhhfw8zktoqiiu35kv_zwak3ebg...@mail.gmail.com

Re: Spam fighting

[Eliad B]

On 07/05/2010 04:19 PM, Bjoern Meier wrote:
> hi,
>
> 2010/7/5 Eduardo M KALINOWSKI :
> . No system will ever be 100% accurate
>   
>> and filter all spams.
>> 
> Right. But less then 99.8% - for a private system (which the list is
> not) - is not tolerable. Can the list track how spam is blocked and -
> maybe - an overview how effective this is (like graphs over a few
> periods)?
>
> greetings,
> Björ
Hi,

just some obvious calculations:

assuming that all blocked emails are indeed spams, we have:

/blocked-spams / all-spams = blocked-mail / ( blocked-mail +
not-blocked-spam )/

So,

/blocked-spams / all-spams = 0.95/ / ( 0.95 + 0.05 * /(not-blocked-spam
/ legitimate-mails) )

Y = X/(1-X) * (1/A -1)

in which,
A: //blocked-spams / all-spams/
/X: //blocked-mail / all-mails/
/Y:// not-blocked-spam / legitimate-mail/s
/
/Assuming the goal is to have /blocked-spams / all-spams/ higher than
"0.998", it can be shown that /(not-blocked-spam / legitimate-mail)
/must be less than/ 0.038/. And I *think* it is.

Conclusion: *The system is good enough. *

Yours truly,
Eliad

Re: Spam fighting

[Wojciech Ziniewicz]

2010/7/5 Bjoern Meier 

> hi,
>
> 2010/7/5 Eduardo M KALINOWSKI :
> . No system will ever be 100% accurate
> > and filter all spams.
>
> Right. But less then 99.8% - for a private system (which the list is
> not) - is not tolerable. Can the list track how spam is blocked and -
> maybe - an overview how effective this is (like graphs over a few
> periods)?
>
>
[...]

Personally i get 0-5 spam messages per month from the debian-isp and
debian-security list that are not filtered and appear as non-spam messages.
Moreover i see that in my spam folder i have like 3-7 spam messages per
hour.
What's the problem actually ?

regards
WZ

-- 
Wojciech Ziniewicz
http://www.rfc-editor.org/rfc/rfc2324.txt

Re: Spam fighting

[Bjoern Meier]

hi,

2010/7/5 Eduardo M KALINOWSKI :
. No system will ever be 100% accurate
> and filter all spams.

Right. But less then 99.8% - for a private system (which the list is
not) - is not tolerable. Can the list track how spam is blocked and -
maybe - an overview how effective this is (like graphs over a few
periods)?

greetings,
Björn


--
To UNSUBSCRIBE, email to debian-security-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: 
http://lists.debian.org/aanlktimcrp9e-h2lvxqfwy2hbfa6vzqpkzd7zt5ax...@mail.gmail.com

Re: Spam fighting

[Eduardo M KALINOWSKI]

On Dom, 04 Jul 2010, Jim Popovitch wrote:

I beleive d.o can (and should)
attempt to block 100% of spam.


While I'm in no way associated with Debian mailing list management,  
I'm pretty certain they do attempt to block 100% of spam. But  
attempting it and achieving it are two different things. No system  
will ever be 100% accurate and filter all spams.



--
If I were to walk on water, the press would say I'm only doing it
because I can't swim.
-- Bob Stanfield

Eduardo M KALINOWSKI
edua...@kalinowski.com.br


--
To UNSUBSCRIBE, email to debian-security-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: 
http://lists.debian.org/20100705081928.604248k6mvi9c...@mail.kalinowski.com.br

Re: [ SPAM! ] [SECURITY] [DSA 1594-1] New imlib2 packages fix arbitrary code execution

[Michael Loftis]

--On June 11, 2008 10:44:02 PM +0200 [EMAIL PROTECTED] wrote:


Bonjour

Je suis absent jusqu'au 16 juin.
Vous pouvez envoyer vos demandes à [EMAIL PROTECTED]


I am out of the office until june the 16th.
You can send your request to [EMAIL PROTECTED]


I'm not sure what is worse here.  The fact the autobot responded to the 
list, or the fact that it responded to something that had been identified 
as SPAM.





--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: [ SPAM! ] [SECURITY] [DSA 1594-1] New imlib2 packages fix arbitrary code execution

[nicolas . foucher]

Bonjour

Je suis absent jusqu'au 16 juin.
Vous pouvez envoyer vos demandes à [EMAIL PROTECTED]


I am out of the office until june the 16th.
You can send your request to [EMAIL PROTECTED]



-- 
Nicolas Foucher - [EMAIL PROTECTED]
Responsable Technique
CARRENET - Solutions CRM 100% Web
01.56.56.56.00



-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: {Spam?} Re: woody kernel image

[Adam Majer]

Michelle Konzack wrote:

>Am 2005-01-30 15:32:25, schrieb Sam Morris:
>
>  
>
>>Wow, I missed that! Should not the kernel-image-2.4.28-* packages be 
>>removed from the archive, since they are unsupported, and *very* 
>>dangerous to use?
>>
>>
>
>Sorry, that I ask, but where ist 2.4.28 ?
>
>The Kernel-Maintainer-Team has stoped adapting 2.4.28 to Debian,
>because 2.4.27 is definitivly in SARGE and its installer.
>  
>
Maybe because 2.4.29 is out?

- Adam

-- 
The email address used to send this email is temporary.
It is bound to disappear at any time. Please thank the
morons that buy crap from spammers for this.



-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: {Spam?} Re: woody kernel image

[Norbert Tretkowski]

* Michelle Konzack wrote:
> There will be no new version of 2.4.XX

Wrong.

Message-ID: <[EMAIL PROTECTED]>

Norbert


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: {Spam?} Re: {Spam?} Re: woody kernel image

[Sam Morris]

Michelle Konzack wrote:
Generaly there is no reason to remove 2.4.18.
But I think, there is a need to a note about Servers like
 where they can get newer Kernels.
Well it seems sensible to remove such unmaintained packages from the 
archive. It will prevent people from installing, 
kernel-image-2.4.18-something and assuming that, since it is in the 
stable distribution, it will recieve security updates like any other 
package.

If the packages are not to be removed, then there should definatly be a 
big flashing red warning in the install and reference manuals saying "Do 
not use kernel-image-2.4.18-* packages! They contain security flaws!" :)

Greetings
Michelle
--
Sam Morris
http://robots.org.uk/
PGP key id 5EA01078
Fingerprint 3412 EA18 1277 354B 991B  C869 B219 7FDB 5EA0 1078
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: {Spam?} Re: {Spam?} Re: woody kernel image

[Michelle Konzack]

Am 2005-01-30 16:02:23, schrieb Sam Morris:
> Sam Morris wrote:
> >Wow, I missed that! Should not the kernel-image-2.4.28-* packages be 
>   ^
> should be 2.4.18, sorry :)

:-)

Generaly there is no reason to remove 2.4.18.
But I think, there is a need to a note about Servers like
 where they can get newer Kernels.

Greetings
Michelle

-- 
Linux-User #280138 with the Linux Counter, http://counter.li.org/ 
Michelle Konzack   Apt. 917  ICQ #328449886
   50, rue de Soultz MSM LinuxMichi
0033/3/8845235667100 Strasbourg/France   IRC #Debian (irc.icq.com)


signature.pgp
Description: Digital signature

Re: {Spam?} Re: woody kernel image

[Michelle Konzack]

Am 2005-01-30 15:32:25, schrieb Sam Morris:

> Wow, I missed that! Should not the kernel-image-2.4.28-* packages be 
> removed from the archive, since they are unsupported, and *very* 
> dangerous to use?

Sorry, that I ask, but where ist 2.4.28 ?

The Kernel-Maintainer-Team has stoped adapting 2.4.28 to Debian,
because 2.4.27 is definitivly in SARGE and its installer.

There will be no new version of 2.4.XX
All people are working with 2.6.XX

Greetings
Michelle

-- 
Linux-User #280138 with the Linux Counter, http://counter.li.org/ 
Michelle Konzack   Apt. 917  ICQ #328449886
   50, rue de Soultz MSM LinuxMichi
0033/3/8845235667100 Strasbourg/France   IRC #Debian (irc.icq.com)


signature.pgp
Description: Digital signature

{Spam?} Re: {Spam?} Re: woody kernel image

[Sam Morris]

Sam Morris wrote:
Wow, I missed that! Should not the kernel-image-2.4.28-* packages be 
  ^
should be 2.4.18, sorry :)
--
Sam Morris
http://robots.org.uk/
PGP key id 5EA01078
Fingerprint 3412 EA18 1277 354B 991B  C869 B219 7FDB 5EA0 1078
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: !SPAM! [Full-Disclosure] Automated ssh scanning

[Florian Weimer]

* Jan Luehr:

> So your point is, there a much already known local root exploits on an 
> standard woody system no one cares about?

For those of you who don't subscribe to full-disclosure, the following
information might be a bit reassuring.  A clearer image of what's
going is now emerging (a version "1" kernel is not part of woody).

From: Matt Zimmerman <[EMAIL PROTECTED]>
Subject: Re: [Full-Disclosure] Automated ssh scanning
To: [EMAIL PROTECTED]
Date: Thu, 26 Aug 2004 15:23:25 -0700
Message-ID: <[EMAIL PROTECTED]>

On Thu, Aug 26, 2004 at 09:46:36PM +0200, Richard Verwayen wrote:

> ii  kernel-image-2 1  Linux kernel binary image for version 2.4.18
> ii  kernel-image-2 1  Linux kernel binary image for version 2.4.19

You are running a custom kernel.  If you run a custom kernel, obviously you
don't benefit from the patches to the stock kernel.  Install the 2.4.18-1
kernel if you want security updates.


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: !SPAM! [Full-Disclosure] Automated ssh scanning

[Ron DuFresne]

On Thu, 26 Aug 2004, Jan Luehr wrote:

> Greetings,
>
> Am Donnerstag, 26. August 2004 16:43 schrieb Ron DuFresne:
> > On Thu, 26 Aug 2004, Richard Verwayen wrote:
> > > On Thu, 2004-08-26 at 15:12, Todd Towles wrote:
> > > >  The kernel could be save. But with weak passwords, you are toast. Any
> > > > automated tool would test guest/guest.
> > >
> > > Hello Todd!
> > >
> > > You are right about the passwords, but guest is only a unprivileged
> > > account as you may have on many prodruction machines. But they managed
> > > to become root on this machine due to a kernel(?) exploit!
> > > Should I then consider any woody system to be insecure to let people
> > > work at?
> >
> > If your uasers are not trustable, then they should not have access to
> > local systems of yours.  Once a person has a shell, then they are 95% to
> > root.
>
> So your point is, there a much already known local root exploits on an
> standard woody system no one cares about?
>

I'm quite sure the debian folks as well as the other dist maintainers
would be as interested as the offending package maintainers in finding out
the what, where and how of the compromise, to mitigates its direct threats
in the future.  Will this make a fullblown installed *nix of any real
flavor secure from a similiar comprise hours, day or weeks in the future?
Highly unlikely.

No, my point is that it is much more likely there is a package installed
that was sploited.  If the system was as up to date and fully patched as
claimed, it's likely not a kernel sploit that got them root.

My point is this was a 'local user' compromise.  There are reasons that
many list 75% and more risk is done from the 'inside' then from remote
roots.

Folks do not seem to understand the implications of 'guest' accounts, or
handing out shells to every person they happen to chat with in IRC and
such.

Thanks,

Ron DuFresne
~~
"Cutting the space budget really restores my faith in humanity.  It
eliminates dreams, goals, and ideals and lets us get straight to the
business of hate, debauchery, and self-annihilation." -- Johnny Hart
***testing, only testing, and damn good at it too!***

OK, so you're a Ph.D.  Just don't touch anything.


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: !SPAM! [Full-Disclosure] Automated ssh scanning

[Jan Luehr]

Greetings,

Am Donnerstag, 26. August 2004 16:43 schrieb Ron DuFresne:
> On Thu, 26 Aug 2004, Richard Verwayen wrote:
> > On Thu, 2004-08-26 at 15:12, Todd Towles wrote:
> > >  The kernel could be save. But with weak passwords, you are toast. Any
> > > automated tool would test guest/guest.
> >
> > Hello Todd!
> >
> > You are right about the passwords, but guest is only a unprivileged
> > account as you may have on many prodruction machines. But they managed
> > to become root on this machine due to a kernel(?) exploit!
> > Should I then consider any woody system to be insecure to let people
> > work at?
>
> If your uasers are not trustable, then they should not have access to
> local systems of yours.  Once a person has a shell, then they are 95% to
> root.

So your point is, there a much already known local root exploits on an 
standard woody system no one cares about?

fup2 [EMAIL PROTECTED]

Keep smiling
yanosz


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: Hashcash - was re: Spam fights

[Michael Stone]

On Wed, Jun 16, 2004 at 11:38:10AM -0400, Hubert Chan wrote:

tokens in order to get any effect from SpamAssassin.  Other than using
zombies, I don't think spammers could afford to generate real tokens
for every recipient.


Well, since there are millions of vulnerable systems all over the 'net
that doesn't seem like such a stretch, does it?

Mike Stone

Re: Hashcash - was re: Spam fights

[Hubert Chan]

> "Daniel" == Daniel Pittman <[EMAIL PROTECTED]> writes:

Daniel> On 16 Jun 2004, Hubert Chan wrote:

>> SpamAssassin will check for hashcash in the future. Support is
>> already present in the development version of SpamAssassin.

Daniel> ...makes you wonder how long it will take before someone does
Daniel> generate the headers in SPAM, then.  Being in SpamAssassin seems
Daniel> to be a trigger point for a whole lot of things to be worth
Daniel> avoiding/abusing for spammers - the silly haiku header thing
Daniel> being one example.

Well SpamAssassin, AFAIK, will do proper hashcash checking, including
the double-spend database.  It won't assign any extra credit to bogus
hashcash headers (probably eventually will even increase spamicity for
those emails).  It also won't credit tiny hashcash tokens (I think the
minimum is 20 bits).  So spammers would have to generate real hashcash
tokens in order to get any effect from SpamAssassin.  Other than using
zombies, I don't think spammers could afford to generate real tokens
for every recipient.

-- 
Hubert Chan <[EMAIL PROTECTED]> - http://www.uhoreg.ca/
PGP/GnuPG key: 1024D/124B61FA
Fingerprint: 96C5 012F 5F74 A5F7 1FF7  5291 AF29 C719 124B 61FA
Key available at wwwkeys.pgp.net.   Encrypted e-mail preferred.

Re: Hashcash - was re: Spam fights

[Michael Stone]

On Wed, Jun 16, 2004 at 11:38:10AM -0400, Hubert Chan wrote:
tokens in order to get any effect from SpamAssassin.  Other than using
zombies, I don't think spammers could afford to generate real tokens
for every recipient.
Well, since there are millions of vulnerable systems all over the 'net
that doesn't seem like such a stretch, does it?
Mike Stone
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: Hashcash - was re: Spam fights

[Hubert Chan]

> "Daniel" == Daniel Pittman <[EMAIL PROTECTED]> writes:

Daniel> On 16 Jun 2004, Hubert Chan wrote:

>> SpamAssassin will check for hashcash in the future. Support is
>> already present in the development version of SpamAssassin.

Daniel> ...makes you wonder how long it will take before someone does
Daniel> generate the headers in SPAM, then.  Being in SpamAssassin seems
Daniel> to be a trigger point for a whole lot of things to be worth
Daniel> avoiding/abusing for spammers - the silly haiku header thing
Daniel> being one example.

Well SpamAssassin, AFAIK, will do proper hashcash checking, including
the double-spend database.  It won't assign any extra credit to bogus
hashcash headers (probably eventually will even increase spamicity for
those emails).  It also won't credit tiny hashcash tokens (I think the
minimum is 20 bits).  So spammers would have to generate real hashcash
tokens in order to get any effect from SpamAssassin.  Other than using
zombies, I don't think spammers could afford to generate real tokens
for every recipient.

-- 
Hubert Chan <[EMAIL PROTECTED]> - http://www.uhoreg.ca/
PGP/GnuPG key: 1024D/124B61FA
Fingerprint: 96C5 012F 5F74 A5F7 1FF7  5291 AF29 C719 124B 61FA
Key available at wwwkeys.pgp.net.   Encrypted e-mail preferred.


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: Hashcash - was re: Spam fights

[Daniel Pittman]

On 16 Jun 2004, Hubert Chan wrote:
>> "Russell" == Russell Coker <[EMAIL PROTECTED]> writes:
> Russell> On Fri, 11 Jun 2004 22:34, Patrick Maheral <[EMAIL PROTECTED]> wrote:

[...]

> SpamAssassin will check for hashcash in the future. Support is already
> present in the development version of SpamAssassin.

...makes you wonder how long it will take before someone does generate
the headers in SPAM, then.  Being in SpamAssassin seems to be a trigger
point for a whole lot of things to be worth avoiding/abusing for
spammers - the silly haiku header thing being one example. 


> Russell> Besides, with an army of Windows Zombies you could generate
> Russell> those signatures anyway...
>
> Although eating up gobs of CPU will probably be more easily noticed
> than just sending out lots of traffic.  Then again, some users are
> pretty clueless...

...and Windows does have a meaningful "low" priority for threads which
will result in this being pretty much unnoticed by most users, even the
observant ones.  Sure, you need more machines to get the same effect,
but it isn't like there is a shortage of them...


OTOH, HashCash sucks a lot less than the other "solutions" out there, so
I am all for it being more widely used; it would be interesting to see
if it actually managed to take off. :)

Daniel
-- 
Organization and method mean much, but contagious human characters mean more
in a university, where a few undisciplinables ... may be infinitely more
precious than a faculty full of orderly routinists.
-- William James

Re: Hashcash - was re: Spam fights

[Hubert Chan]

> "Russell" == Russell Coker <[EMAIL PROTECTED]> writes:

Russell> On Fri, 11 Jun 2004 23:43, [EMAIL PROTECTED] (Rens Houben) wrote:
>> Why bother, when said windows machines will have perfectly good
>> signatures stored on them somewhere already?

Russell> Presumably the signature would be based on the envelope
Russell> recipient and therefore signatures you find on someone else's
Russell> machine would not do any good.  If it was otherwise then a
Russell> single signature would work for an entire spam run.

Yes.  In hashcash, the hashcash token uses the recipient's address, as
well as a date.  The recipient can keep a database of received tokens
to make sure that the same token isn't used twice.  Old tokens can be
expired, since the token contains the date too.

-- 
Hubert Chan <[EMAIL PROTECTED]> - http://www.uhoreg.ca/
PGP/GnuPG key: 1024D/124B61FA
Fingerprint: 96C5 012F 5F74 A5F7 1FF7  5291 AF29 C719 124B 61FA
Key available at wwwkeys.pgp.net.   Encrypted e-mail preferred.

Re: Hashcash - was re: Spam fights

[Hubert Chan]

> "Russell" == Russell Coker <[EMAIL PROTECTED]> writes:

Russell> On Fri, 11 Jun 2004 22:34, Patrick Maheral <[EMAIL PROTECTED]> wrote:
>> It seems that most people here don't like CR systems, and I'd have to
>> agree with that consensus.
>> 
>> I'm just wondering what is the general feeling about using hashcash
>> and other header signatures systems.

Russell> Currently you can't accept only such messages because almost
Russell> no-one sends them.  Most people see no need to send them
Russell> because almost no-one checks for them when receiving a message.

SpamAssassin will check for hashcash in the future.  Support is already
present in the development version of SpamAssassin.

[...]

Russell> Besides, with an army of Windows Zombies you could generate
Russell> those signatures anyway...

Although eating up gobs of CPU will probably be more easily noticed
than just sending out lots of traffic.  Then again, some users are
pretty clueless...

(P.S.  I'm the hashcash package maintainer.)

-- 
Hubert Chan <[EMAIL PROTECTED]> - http://www.uhoreg.ca/
PGP/GnuPG key: 1024D/124B61FA
Fingerprint: 96C5 012F 5F74 A5F7 1FF7  5291 AF29 C719 124B 61FA
Key available at wwwkeys.pgp.net.   Encrypted e-mail preferred.

Re: Hashcash - was re: Spam fights

[Daniel Pittman]

On 16 Jun 2004, Hubert Chan wrote:
>> "Russell" == Russell Coker <[EMAIL PROTECTED]> writes:
> Russell> On Fri, 11 Jun 2004 22:34, Patrick Maheral <[EMAIL PROTECTED]> wrote:

[...]

> SpamAssassin will check for hashcash in the future. Support is already
> present in the development version of SpamAssassin.

...makes you wonder how long it will take before someone does generate
the headers in SPAM, then.  Being in SpamAssassin seems to be a trigger
point for a whole lot of things to be worth avoiding/abusing for
spammers - the silly haiku header thing being one example. 


> Russell> Besides, with an army of Windows Zombies you could generate
> Russell> those signatures anyway...
>
> Although eating up gobs of CPU will probably be more easily noticed
> than just sending out lots of traffic.  Then again, some users are
> pretty clueless...

...and Windows does have a meaningful "low" priority for threads which
will result in this being pretty much unnoticed by most users, even the
observant ones.  Sure, you need more machines to get the same effect,
but it isn't like there is a shortage of them...


OTOH, HashCash sucks a lot less than the other "solutions" out there, so
I am all for it being more widely used; it would be interesting to see
if it actually managed to take off. :)

Daniel
-- 
Organization and method mean much, but contagious human characters mean more
in a university, where a few undisciplinables ... may be infinitely more
precious than a faculty full of orderly routinists.
-- William James


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: Hashcash - was re: Spam fights

[Hubert Chan]

> "Russell" == Russell Coker <[EMAIL PROTECTED]> writes:

Russell> On Fri, 11 Jun 2004 23:43, [EMAIL PROTECTED] (Rens Houben) wrote:
>> Why bother, when said windows machines will have perfectly good
>> signatures stored on them somewhere already?

Russell> Presumably the signature would be based on the envelope
Russell> recipient and therefore signatures you find on someone else's
Russell> machine would not do any good.  If it was otherwise then a
Russell> single signature would work for an entire spam run.

Yes.  In hashcash, the hashcash token uses the recipient's address, as
well as a date.  The recipient can keep a database of received tokens
to make sure that the same token isn't used twice.  Old tokens can be
expired, since the token contains the date too.

-- 
Hubert Chan <[EMAIL PROTECTED]> - http://www.uhoreg.ca/
PGP/GnuPG key: 1024D/124B61FA
Fingerprint: 96C5 012F 5F74 A5F7 1FF7  5291 AF29 C719 124B 61FA
Key available at wwwkeys.pgp.net.   Encrypted e-mail preferred.


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: Hashcash - was re: Spam fights

[Hubert Chan]

> "Russell" == Russell Coker <[EMAIL PROTECTED]> writes:

Russell> On Fri, 11 Jun 2004 22:34, Patrick Maheral <[EMAIL PROTECTED]> wrote:
>> It seems that most people here don't like CR systems, and I'd have to
>> agree with that consensus.
>> 
>> I'm just wondering what is the general feeling about using hashcash
>> and other header signatures systems.

Russell> Currently you can't accept only such messages because almost
Russell> no-one sends them.  Most people see no need to send them
Russell> because almost no-one checks for them when receiving a message.

SpamAssassin will check for hashcash in the future.  Support is already
present in the development version of SpamAssassin.

[...]

Russell> Besides, with an army of Windows Zombies you could generate
Russell> those signatures anyway...

Although eating up gobs of CPU will probably be more easily noticed
than just sending out lots of traffic.  Then again, some users are
pretty clueless...

(P.S.  I'm the hashcash package maintainer.)

-- 
Hubert Chan <[EMAIL PROTECTED]> - http://www.uhoreg.ca/
PGP/GnuPG key: 1024D/124B61FA
Fingerprint: 96C5 012F 5F74 A5F7 1FF7  5291 AF29 C719 124B 61FA
Key available at wwwkeys.pgp.net.   Encrypted e-mail preferred.


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: Spam fights

[Alain Tesio]

Can the mailing list software add a X-Subscribed : yes/no in the
mail headers ? Then people decide to filter it out or not.

Alain

Re: Spam fights

[Alain Tesio]

Can the mailing list software add a X-Subscribed : yes/no in the
mail headers ? Then people decide to filter it out or not.

Alain


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: Spam fights

[Russell Coker]

On Sat, 12 Jun 2004 04:22, "s. keeling" <[EMAIL PROTECTED]> wrote:
> Incoming from Rick Moen:
> > Quoting Russell Coker ([EMAIL PROTECTED]):
> > > Some of the anti-spam people are very enthusiastic about their work.  I
> > > wouldn't be surprised if someone writes a bot to deal with CR systems.
> >
> > A bot to detect C-R queries and add them to the refused-mail ACL list
> > would be most useful.  ;->
>
> A better one would be one that successfully negotiates the C-R
> itself.  Then we can give the spammers a copy and teach the C-R
> nitwits a lesson.

Proof that I am correct.

-- 
http://www.coker.com.au/selinux/   My NSA Security Enhanced Linux packages
http://www.coker.com.au/bonnie++/  Bonnie++ hard drive benchmark
http://www.coker.com.au/postal/Postal SMTP/POP benchmark
http://www.coker.com.au/~russell/  My home page

Re: Spam fights

[Russell Coker]

On Sat, 12 Jun 2004 04:22, "s. keeling" <[EMAIL PROTECTED]> wrote:
> Incoming from Rick Moen:
> > Quoting Russell Coker ([EMAIL PROTECTED]):
> > > Some of the anti-spam people are very enthusiastic about their work.  I
> > > wouldn't be surprised if someone writes a bot to deal with CR systems.
> >
> > A bot to detect C-R queries and add them to the refused-mail ACL list
> > would be most useful.  ;->
>
> A better one would be one that successfully negotiates the C-R
> itself.  Then we can give the spammers a copy and teach the C-R
> nitwits a lesson.

Proof that I am correct.

-- 
http://www.coker.com.au/selinux/   My NSA Security Enhanced Linux packages
http://www.coker.com.au/bonnie++/  Bonnie++ hard drive benchmark
http://www.coker.com.au/postal/Postal SMTP/POP benchmark
http://www.coker.com.au/~russell/  My home page


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: Hashcash - was re: Spam fights

[Russell Coker]

On Fri, 11 Jun 2004 23:43, [EMAIL PROTECTED] (Rens Houben) wrote:
> In other news for Fri, Jun 11, 2004 at 11:24:05PM +1000, Russell Coker has 
been seen typing:
> > Besides, with an army of Windows Zombies you could generate those
> > signatures anyway...
>
> Why bother, when said windows machines will have perfectly good
> signatures stored on them somewhere already?

Presumably the signature would be based on the envelope recipient and 
therefore signatures you find on someone else's machine would not do any 
good.  If it was otherwise then a single signature would work for an entire 
spam run.

I am assuming that the sending machine would not store the signatures for 
messages it sent, which could be re-used if the spam messages were to have an 
ancient time-stamp.  However this still wouldn't be of any great use, not 
many people have more than 10,000 messages stored in their sent-mail folder 
and the common case is far less.  Capturing a lot of zombies to generate 
signatures would probably be easier than trying to find a machine that had a 
large sent-mail folder.

-- 
http://www.coker.com.au/selinux/   My NSA Security Enhanced Linux packages
http://www.coker.com.au/bonnie++/  Bonnie++ hard drive benchmark
http://www.coker.com.au/postal/Postal SMTP/POP benchmark
http://www.coker.com.au/~russell/  My home page

Re: Hashcash - was re: Spam fights

[Russell Coker]

On Fri, 11 Jun 2004 23:43, [EMAIL PROTECTED] (Rens Houben) wrote:
> In other news for Fri, Jun 11, 2004 at 11:24:05PM +1000, Russell Coker has 
been seen typing:
> > Besides, with an army of Windows Zombies you could generate those
> > signatures anyway...
>
> Why bother, when said windows machines will have perfectly good
> signatures stored on them somewhere already?

Presumably the signature would be based on the envelope recipient and 
therefore signatures you find on someone else's machine would not do any 
good.  If it was otherwise then a single signature would work for an entire 
spam run.

I am assuming that the sending machine would not store the signatures for 
messages it sent, which could be re-used if the spam messages were to have an 
ancient time-stamp.  However this still wouldn't be of any great use, not 
many people have more than 10,000 messages stored in their sent-mail folder 
and the common case is far less.  Capturing a lot of zombies to generate 
signatures would probably be easier than trying to find a machine that had a 
large sent-mail folder.

-- 
http://www.coker.com.au/selinux/   My NSA Security Enhanced Linux packages
http://www.coker.com.au/bonnie++/  Bonnie++ hard drive benchmark
http://www.coker.com.au/postal/Postal SMTP/POP benchmark
http://www.coker.com.au/~russell/  My home page


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: Spam fights

[s. keeling]

Incoming from Rick Moen:
> Quoting Russell Coker ([EMAIL PROTECTED]):
> 
> > Some of the anti-spam people are very enthusiastic about their work.  I 
> > wouldn't be surprised if someone writes a bot to deal with CR systems.
> 
> A bot to detect C-R queries and add them to the refused-mail ACL list
> would be most useful.  ;->

A better one would be one that successfully negotiates the C-R
itself.  Then we can give the spammers a copy and teach the C-R
nitwits a lesson.


-- 
Any technology distinguishable from magic is insufficiently advanced.
(*)   http://www.spots.ab.ca/~keeling 
- -

Re: Spam fights

[Rick Moen]

Quoting Russell Coker ([EMAIL PROTECTED]):

> Some of the anti-spam people are very enthusiastic about their work.  I 
> wouldn't be surprised if someone writes a bot to deal with CR systems.

A bot to detect C-R queries and add them to the refused-mail ACL list
would be most useful.  ;->

Re: Spam fights

[s. keeling]

Incoming from Rick Moen:
> Quoting Russell Coker ([EMAIL PROTECTED]):
> 
> > Some of the anti-spam people are very enthusiastic about their work.  I 
> > wouldn't be surprised if someone writes a bot to deal with CR systems.
> 
> A bot to detect C-R queries and add them to the refused-mail ACL list
> would be most useful.  ;->

A better one would be one that successfully negotiates the C-R
itself.  Then we can give the spammers a copy and teach the C-R
nitwits a lesson.


-- 
Any technology distinguishable from magic is insufficiently advanced.
(*)   http://www.spots.ab.ca/~keeling 
- -


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: Spam fights

[Rick Moen]

Quoting Russell Coker ([EMAIL PROTECTED]):

> Some of the anti-spam people are very enthusiastic about their work.  I 
> wouldn't be surprised if someone writes a bot to deal with CR systems.

A bot to detect C-R queries and add them to the refused-mail ACL list
would be most useful.  ;->



-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: Hashcash - was re: Spam fights

[Rens Houben]

In other news for Fri, Jun 11, 2004 at 11:24:05PM +1000, Russell Coker has been 
seen typing:
> Besides, with an army of Windows Zombies you could generate those signatures 
> anyway...

Why bother, when said windows machines will have perfectly good
signatures stored on them somewhere already?

> -- 
> http://www.coker.com.au/selinux/   My NSA Security Enhanced Linux packages
> http://www.coker.com.au/bonnie++/  Bonnie++ hard drive benchmark
> http://www.coker.com.au/postal/Postal SMTP/POP benchmark
> http://www.coker.com.au/~russell/  My home page

-- 
Rens Houben   |opinions are mine
Resident linux guru and sysadmin  | if my employers have one
Systemec Internet Services.   |they'll tell you themselves
PGP key at http://swordbreaker.systemec.nl/~shadur/shadur.key.asc

Re: Hashcash - was re: Spam fights

[Russell Coker]

On Fri, 11 Jun 2004 22:34, Patrick Maheral <[EMAIL PROTECTED]> wrote:
> It seems that most people here don't like CR systems, and I'd have to
> agree with that consensus.
>
> I'm just wondering what is the general feeling about using hashcash and
> other header signatures systems.

Currently you can't accept only such messages because almost no-one sends 
them.  Most people see no need to send them because almost no-one checks for 
them when receiving a message.

Anti-spam measures may be used on workstations eventually, but have to be 
initially installed at servers if they are to become popular.  The people who 
run big mail servers (AOL, Hotmail, etc) don't want to install hashcash for 
the same reason that spammers won't install it.

Besides, with an army of Windows Zombies you could generate those signatures 
anyway...

-- 
http://www.coker.com.au/selinux/   My NSA Security Enhanced Linux packages
http://www.coker.com.au/bonnie++/  Bonnie++ hard drive benchmark
http://www.coker.com.au/postal/Postal SMTP/POP benchmark
http://www.coker.com.au/~russell/  My home page

Re: Spam fights

[Russell Coker]

On Fri, 11 Jun 2004 21:38, Dale Amon <[EMAIL PROTECTED]> wrote:
> That said, those who can afford it will hire human
> operators to act as email gatekeepers; those who can't
> will use whatever a salesman can convince them is
> affordable and works. Whether we like it or not will
> not figure into the decision.

Some of the anti-spam people are very enthusiastic about their work.  I 
wouldn't be surprised if someone writes a bot to deal with CR systems.

It should not be technically difficult to publish some email addresses, wait 
for challenge messages to come in response to virus messages, and then have 
it automatically send an appropriate response to the challenge followed by a 
series of flames.

> As to the "type in this random code from a jpeg",
> I use that on samizdata (a major blog for which I'm
> one of the editors). It stopped the problem of blog-spam
> cold; the human entry is stopped cold by having
> a team of writers who delete on sight.

One -> many communication is different.  If you want to get a letter to the 
editor published in a newspaper you have to confirm your identity and contact 
details before it will be considered.  This can involve a journalist phoning 
you to confirm your identity and permission for publication.  If you want to 
send mail to most mailing lists you have to subscribe first.  Blogs are in 
the same category so I agree with what you are doing there.

> At the end of the day, dealing with spam is an
> employment opportunity, not something that will be
> solved technically. Human problems require human
> solutions.

Sometimes human solutions involve humans writing and installing programs to 
implement them.  Totally stopping spam in an automatic manner is not 
possible.  Reducing it by a factor of 100 so that humans can manually deal 
with the residue is possible.

-- 
http://www.coker.com.au/selinux/   My NSA Security Enhanced Linux packages
http://www.coker.com.au/bonnie++/  Bonnie++ hard drive benchmark
http://www.coker.com.au/postal/Postal SMTP/POP benchmark
http://www.coker.com.au/~russell/  My home page

Hashcash - was re: Spam fights

[Patrick Maheral]

It seems that most people here don't like CR systems, and I'd have to
agree with that consensus.

I'm just wondering what is the general feeling about using hashcash and
other header signatures systems.

Patrick

Re: Spam fights

[Greg Folkert]

Sent to list.
On Thu, 2004-06-10 at 14:31, Jaroslaw Tabor wrote:
> Hello!
> 
> W liście z czw, 10-06-2004, godz. 19:06, Greg Folkert pisze: 
> > > Don't do it.  Confirmation systems are just as bad as the problems that 
> > > they 
> > > try to solve.
> > 
> > Here, here. Agreement on all fronts. If I get a challenge, I put it into
> > /dev/null
> 
> I'm really surprised with your opinion. Is it so big problem, to press
> reply, when you are sending first email to someone new ?
> You are receving confirmation request whenever you are trying to update
> DNS, subscribe to newsgroup or talking with any automatic service. Is it
> so difficult ?
You see there is a difference there. *I* initiated them, not some
spammer. If someone doesn't want mail that could be very valuable to
them, especially if they asked for it on D-U... forcing me to write
another e-mail JUST to help them... nope, ain't gonna happen.

> Currently, in many cases when I'm sending email to address found on
> website I'm receiving challenge, and I fully understand people doing it.
> Whitelist with email/IP can decrease also number of challenges from
> spammers: email comming from different IP can be treated as spam
> automatically.

I implemented SPAM Filtering software and have continued to train it
with ham and spam. I started when last year when I was getting ~ 6,000
Swen e-mails a day. My e-mail address is posted EVERYWHERE.

Since that point, I get maybe 3 a day. When they ("they" being the
spmmers) find a new way to trick the Bayesian testing I use I'll get a
spat of about 12 or so for a few days then back to maybe 3 a day. I use
server side software (maildrop and procmail) to do the sorting after it
has been graded by the filter.

I still get upto 1000 e-mail messages a day, but those are from mailing
lists and people I support via e-mail. If I had a CR system in place,
I'd have to maintain more than I want. Consider in a given day, I e-mail
about 30+ new people a day.

I also can be and am very busy in Debian's Mailing list(s), Samba, Exim,
Grip, Elitists and many other venues. If I got a CR back for every one
of the e-mails I sent to a mailing list, I'd be answering thousands of
NEW Challenges a week. Sounds like SPAM to me. When you understand that
nearly every challenge I get comes from a forged envelope-from(or
similar), I can't see how it reduces the problem, it just double perhaps
triples the amount of mail traffic. Plus some are web-server driven
auth, thereby causing a loading of the program and grabbing of the URI
indicated in the e-mail I got from the Challenge.

So, basically: You get a piece of SPAM, your systems sends out another
piece of e-mail that is in response to the forged envelope, (assume) I
get this e-mail and then have to delete this mail or respond to it (a
third message) or goto a URI inside the Challenge (more processor time
and bandwidth) just so *YOU* can verify my message was or was not SPAM?

I consider sending me e-mail in Challenge form as unsolicited e-mail.
Therefore under my classification SPAM. Why should *I* verify your SPAM
problem for you. I deal with mine, and mine alone. I am not going to
spend resources (at my cost of those resources) to verify or not it
being SPAM.

Of course if everyone just affirmed the Challenge every time, it would
definitely not work. Where as my solution would continue to.

I also drop all of the "courtesy" notifications that *I* sent an
infected e-mail to a certain domain's user. There is another example of
Unsolicited E-Mail. I don't care to know that someone forged my e-mail
addy inside the one someone got. It does me absolutely ZERO good to even
read these. I have an automated system to send those to /dev/null as
well. 

I deal with enough mail per day, CR systems DO NOT reduce my number,
Spam filtering does.

BY the way, I do support Whitelisting and Blacklisting to make sure
things I want to absolutely get through do, and things I don't won't.

BTW, are you not glad *I* don't CR everyone that e-mails me? It could
have taken you 3 messages to get me to see one.
-- 
[EMAIL PROTECTED]
REMEMBER ED CURRY! http://www.iwethey.org/ed_curry

Novell's Directory Services is a competitive product to Microsoft's
Active Directory in much the same way that the Saturn V is a competitive
product to those dinky little model rockets that kids light off down at
the playfield. -- Thane Walkup


signature.asc
Description: This is a digitally signed message part

Re: Hashcash - was re: Spam fights

[Rens Houben]

In other news for Fri, Jun 11, 2004 at 11:24:05PM +1000, Russell Coker has been seen 
typing:
> Besides, with an army of Windows Zombies you could generate those signatures 
> anyway...

Why bother, when said windows machines will have perfectly good
signatures stored on them somewhere already?

> -- 
> http://www.coker.com.au/selinux/   My NSA Security Enhanced Linux packages
> http://www.coker.com.au/bonnie++/  Bonnie++ hard drive benchmark
> http://www.coker.com.au/postal/Postal SMTP/POP benchmark
> http://www.coker.com.au/~russell/  My home page

-- 
Rens Houben   |opinions are mine
Resident linux guru and sysadmin  | if my employers have one
Systemec Internet Services.   |they'll tell you themselves
PGP key at http://swordbreaker.systemec.nl/~shadur/shadur.key.asc


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: Spam fights

[Dale Amon]

On Fri, Jun 11, 2004 at 08:39:12PM +1000, Russell Coker wrote:
> It won't work because challenge-response systems are technically no good.  
> While CR systems are almost never used because the people who use them are 
> universally regarded as cretins, the spammers won't bother about trying to 
> fool them.

First of all, keep in mind that I am strictly talking about 
people for whom email is an office tool equivalent to the 
paper mail coming into their physical inbox. They don't
know how the US/B/other/PO gets it there and don't care.

That said, those who can afford it will hire human 
operators to act as email gatekeepers; those who can't
will use whatever a salesman can convince them is
affordable and works. Whether we like it or not will
not figure into the decision.

I already whitelist; unless I have manually pre-cleared
you, I won't see your mail for some time. Basically until
I have time to wade thorugh the sludge, assuming I'm not
back from a trip and just look for one or two expected mails
before deleting. I imagine I'm not alone. CR may not
be the solution, but more and more people are only
taking pre-authorized (whitelist) mail.

If your business requires recieving unsolicted email,
then your business model will include the wages of 
a presorter. They are cheaper than a knowledgeable
mail admin.

As to the "type in this random code from a jpeg",
I use that on samizdata (a major blog for which I'm
one of the editors). It stopped the problem of blog-spam
cold; the human entry is stopped cold by having 
a team of writers who delete on sight.

At the end of the day, dealing with spam is an
employment opportunity, not something that will be
solved technically. Human problems require human 
solutions.

-- 
--
   Dale Amon [EMAIL PROTECTED]+44-7802-188325
   International linux systems consultancy
 Hardware & software system design, security
and networking, systems programming and Admin
  "Have Laptop, Will Travel"
--

Re: Hashcash - was re: Spam fights

[Russell Coker]

On Fri, 11 Jun 2004 22:34, Patrick Maheral <[EMAIL PROTECTED]> wrote:
> It seems that most people here don't like CR systems, and I'd have to
> agree with that consensus.
>
> I'm just wondering what is the general feeling about using hashcash and
> other header signatures systems.

Currently you can't accept only such messages because almost no-one sends 
them.  Most people see no need to send them because almost no-one checks for 
them when receiving a message.

Anti-spam measures may be used on workstations eventually, but have to be 
initially installed at servers if they are to become popular.  The people who 
run big mail servers (AOL, Hotmail, etc) don't want to install hashcash for 
the same reason that spammers won't install it.

Besides, with an army of Windows Zombies you could generate those signatures 
anyway...

-- 
http://www.coker.com.au/selinux/   My NSA Security Enhanced Linux packages
http://www.coker.com.au/bonnie++/  Bonnie++ hard drive benchmark
http://www.coker.com.au/postal/Postal SMTP/POP benchmark
http://www.coker.com.au/~russell/  My home page


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: Spam fights

[Russell Coker]

On Fri, 11 Jun 2004 21:38, Dale Amon <[EMAIL PROTECTED]> wrote:
> That said, those who can afford it will hire human
> operators to act as email gatekeepers; those who can't
> will use whatever a salesman can convince them is
> affordable and works. Whether we like it or not will
> not figure into the decision.

Some of the anti-spam people are very enthusiastic about their work.  I 
wouldn't be surprised if someone writes a bot to deal with CR systems.

It should not be technically difficult to publish some email addresses, wait 
for challenge messages to come in response to virus messages, and then have 
it automatically send an appropriate response to the challenge followed by a 
series of flames.

> As to the "type in this random code from a jpeg",
> I use that on samizdata (a major blog for which I'm
> one of the editors). It stopped the problem of blog-spam
> cold; the human entry is stopped cold by having
> a team of writers who delete on sight.

One -> many communication is different.  If you want to get a letter to the 
editor published in a newspaper you have to confirm your identity and contact 
details before it will be considered.  This can involve a journalist phoning 
you to confirm your identity and permission for publication.  If you want to 
send mail to most mailing lists you have to subscribe first.  Blogs are in 
the same category so I agree with what you are doing there.

> At the end of the day, dealing with spam is an
> employment opportunity, not something that will be
> solved technically. Human problems require human
> solutions.

Sometimes human solutions involve humans writing and installing programs to 
implement them.  Totally stopping spam in an automatic manner is not 
possible.  Reducing it by a factor of 100 so that humans can manually deal 
with the residue is possible.

-- 
http://www.coker.com.au/selinux/   My NSA Security Enhanced Linux packages
http://www.coker.com.au/bonnie++/  Bonnie++ hard drive benchmark
http://www.coker.com.au/postal/Postal SMTP/POP benchmark
http://www.coker.com.au/~russell/  My home page


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: Spam fights

[Vassilii Khachaturov]

[snip]
> If CR systems get popular then spammers will start replying to the
> messages. Most spammers have working email addresses, so it would not be
> difficult to automate a response to a CR system.  Any CR system which just
> requires that you "reply to this email" will be trivially broken by
> spammers.
[snip]

You are right in everything except the tense - it's already happening.
I've had friends that use the CR systems reporting that spammers did reply
to their challenges. Apparently this is done by the "put your computer to
work" victims that spam from their home accounts sometimes even w/o the full 
understanding of what they're doing.

V

Re: Spam fights

[Russell Coker]

On Fri, 11 Jun 2004 19:29, Dale Amon <[EMAIL PROTECTED]> wrote:
> On Fri, Jun 11, 2004 at 10:45:44AM +1000, Russell Coker wrote:
> > It is anti-social for every idiot on the net to think that they are
> > important enough to require a subscription from everyone who wants to
> > send them email.
>
> Like it or not (and I don't) that is where we are
> headed if other solutions to spam are not implimented
> that cover non-NANOG type persons. I strongly suspect

It won't work because challenge-response systems are technically no good.  
While CR systems are almost never used because the people who use them are 
universally regarded as cretins, the spammers won't bother about trying to 
fool them.

If CR systems get popular then spammers will start replying to the messages.  
Most spammers have working email addresses, so it would not be difficult to 
automate a response to a CR system.  Any CR system which just requires that 
you "reply to this email" will be trivially broken by spammers.

One CR system I saw used a web page with some obscured text that is 
(supposedly) only readable by humans.  There are two ways of solving this (if 
it ever becomes popular).  One way is to make entering such things a 
condition for downloading free porn from a porn site (a document on using 
porn sites to subscribe to hotmail etc was published some time ago).  The 
other way is better OCR software.

Finally, a large chunk of spam is entered by humans.  The "Nigerian" spammers 
often do things manually with cut/paste and don't have software to automate 
it (a friend witnessed a "Nigerian" spammer doing this at an Internet cafe).  
Such people will get past any CR system that could be devised.

> we'll see a generation of mail systems which greylist
> by default at the very least. Perhaps a future
> secreterial job will be to wade through the muck and
> query the boss as to whether one or two should be
> allowed access.

That is a secretarial job today.  Some people (such as Bill Gates) employ a 
team of people to filter their email.

> For some people, even the volume of non-spam mail
> could be rather intolerable. Imagine if you were
> Tom Hanks and your private email got out and you
> had to go through thousands of adoring fan mails
> to find that movie contract from your agent...

It's quite easy to search on From: field.  Of course you need a decently fast 
Internet connection to download all the messages, but I'm sure Tom can afford 
that.

-- 
http://www.coker.com.au/selinux/   My NSA Security Enhanced Linux packages
http://www.coker.com.au/bonnie++/  Bonnie++ hard drive benchmark
http://www.coker.com.au/postal/Postal SMTP/POP benchmark
http://www.coker.com.au/~russell/  My home page

Hashcash - was re: Spam fights

[Patrick Maheral]

It seems that most people here don't like CR systems, and I'd have to
agree with that consensus.

I'm just wondering what is the general feeling about using hashcash and
other header signatures systems.

Patrick


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: Spam fights

[Greg Folkert]

Sent to list.
On Thu, 2004-06-10 at 14:31, Jaroslaw Tabor wrote:
> Hello!
> 
> W liście z czw, 10-06-2004, godz. 19:06, Greg Folkert pisze: 
> > > Don't do it.  Confirmation systems are just as bad as the problems that they 
> > > try to solve.
> > 
> > Here, here. Agreement on all fronts. If I get a challenge, I put it into
> > /dev/null
> 
> I'm really surprised with your opinion. Is it so big problem, to press
> reply, when you are sending first email to someone new ?
> You are receving confirmation request whenever you are trying to update
> DNS, subscribe to newsgroup or talking with any automatic service. Is it
> so difficult ?
You see there is a difference there. *I* initiated them, not some
spammer. If someone doesn't want mail that could be very valuable to
them, especially if they asked for it on D-U... forcing me to write
another e-mail JUST to help them... nope, ain't gonna happen.

> Currently, in many cases when I'm sending email to address found on
> website I'm receiving challenge, and I fully understand people doing it.
> Whitelist with email/IP can decrease also number of challenges from
> spammers: email comming from different IP can be treated as spam
> automatically.

I implemented SPAM Filtering software and have continued to train it
with ham and spam. I started when last year when I was getting ~ 6,000
Swen e-mails a day. My e-mail address is posted EVERYWHERE.

Since that point, I get maybe 3 a day. When they ("they" being the
spmmers) find a new way to trick the Bayesian testing I use I'll get a
spat of about 12 or so for a few days then back to maybe 3 a day. I use
server side software (maildrop and procmail) to do the sorting after it
has been graded by the filter.

I still get upto 1000 e-mail messages a day, but those are from mailing
lists and people I support via e-mail. If I had a CR system in place,
I'd have to maintain more than I want. Consider in a given day, I e-mail
about 30+ new people a day.

I also can be and am very busy in Debian's Mailing list(s), Samba, Exim,
Grip, Elitists and many other venues. If I got a CR back for every one
of the e-mails I sent to a mailing list, I'd be answering thousands of
NEW Challenges a week. Sounds like SPAM to me. When you understand that
nearly every challenge I get comes from a forged envelope-from(or
similar), I can't see how it reduces the problem, it just double perhaps
triples the amount of mail traffic. Plus some are web-server driven
auth, thereby causing a loading of the program and grabbing of the URI
indicated in the e-mail I got from the Challenge.

So, basically: You get a piece of SPAM, your systems sends out another
piece of e-mail that is in response to the forged envelope, (assume) I
get this e-mail and then have to delete this mail or respond to it (a
third message) or goto a URI inside the Challenge (more processor time
and bandwidth) just so *YOU* can verify my message was or was not SPAM?

I consider sending me e-mail in Challenge form as unsolicited e-mail.
Therefore under my classification SPAM. Why should *I* verify your SPAM
problem for you. I deal with mine, and mine alone. I am not going to
spend resources (at my cost of those resources) to verify or not it
being SPAM.

Of course if everyone just affirmed the Challenge every time, it would
definitely not work. Where as my solution would continue to.

I also drop all of the "courtesy" notifications that *I* sent an
infected e-mail to a certain domain's user. There is another example of
Unsolicited E-Mail. I don't care to know that someone forged my e-mail
addy inside the one someone got. It does me absolutely ZERO good to even
read these. I have an automated system to send those to /dev/null as
well. 

I deal with enough mail per day, CR systems DO NOT reduce my number,
Spam filtering does.

BY the way, I do support Whitelisting and Blacklisting to make sure
things I want to absolutely get through do, and things I don't won't.

BTW, are you not glad *I* don't CR everyone that e-mails me? It could
have taken you 3 messages to get me to see one.
-- 
[EMAIL PROTECTED]
REMEMBER ED CURRY! http://www.iwethey.org/ed_curry

Novell's Directory Services is a competitive product to Microsoft's
Active Directory in much the same way that the Saturn V is a competitive
product to those dinky little model rockets that kids light off down at
the playfield. -- Thane Walkup


signature.asc
Description: This is a digitally signed message part

Re: Spam fights

[Dale Amon]

On Fri, Jun 11, 2004 at 08:39:12PM +1000, Russell Coker wrote:
> It won't work because challenge-response systems are technically no good.  
> While CR systems are almost never used because the people who use them are 
> universally regarded as cretins, the spammers won't bother about trying to 
> fool them.

First of all, keep in mind that I am strictly talking about 
people for whom email is an office tool equivalent to the 
paper mail coming into their physical inbox. They don't
know how the US/B/other/PO gets it there and don't care.

That said, those who can afford it will hire human 
operators to act as email gatekeepers; those who can't
will use whatever a salesman can convince them is
affordable and works. Whether we like it or not will
not figure into the decision.

I already whitelist; unless I have manually pre-cleared
you, I won't see your mail for some time. Basically until
I have time to wade thorugh the sludge, assuming I'm not
back from a trip and just look for one or two expected mails
before deleting. I imagine I'm not alone. CR may not
be the solution, but more and more people are only
taking pre-authorized (whitelist) mail.

If your business requires recieving unsolicted email,
then your business model will include the wages of 
a presorter. They are cheaper than a knowledgeable
mail admin.

As to the "type in this random code from a jpeg",
I use that on samizdata (a major blog for which I'm
one of the editors). It stopped the problem of blog-spam
cold; the human entry is stopped cold by having 
a team of writers who delete on sight.

At the end of the day, dealing with spam is an
employment opportunity, not something that will be
solved technically. Human problems require human 
solutions.

-- 
--
   Dale Amon [EMAIL PROTECTED]+44-7802-188325
   International linux systems consultancy
 Hardware & software system design, security
and networking, systems programming and Admin
  "Have Laptop, Will Travel"
--


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: Spam fights

[Michelle Konzack]

Hello Alain, 

Am 2004-06-10 22:03:54, schrieb Alain Tesio:

>Not if the message if refused by the smtp server before it's delivered, right ?
>It's not that antisocial to ask the 1% people who aren't subscribed to 
>subscribe
>before sending a message.

I am subscribed to severa mailinglists on postgresql.org, php.net, 
mutt.org, exim.org and others where I get not more then a half 
SPAM per month.

I am on 146 Mailinglists 46 and on this list I get 80% of the 
normal SPAM (not the last two days)

Because the SPAM filter of murphy works quiet well, I like to 
see a subscriber only List too.

Maybe the Listmaster can istall as script which send a REMINDER 
to people which are not subscribed to subscribe on l-d-o.

>Alain

Greetings
Michelle

-- 
Linux-User #280138 with the Linux Counter, http://counter.li.org/ 
Michelle Konzack   Apt. 917  ICQ #328449886
   50, rue de Soultz MSM LinuxMichi
0033/3/8845235667100 Strasbourg/France   IRC #Debian (irc.icq.com)


signature.pgp
Description: Digital signature

Re: Spam fights

[Dale Amon]

On Fri, Jun 11, 2004 at 10:45:44AM +1000, Russell Coker wrote:
> It is anti-social for every idiot on the net to think that they are important 
> enough to require a subscription from everyone who wants to send them email.

Like it or not (and I don't) that is where we are
headed if other solutions to spam are not implimented
that cover non-NANOG type persons. I strongly suspect
we'll see a generation of mail systems which greylist 
by default at the very least. Perhaps a future 
secreterial job will be to wade through the muck and
query the boss as to whether one or two should be
allowed access.

For some people, even the volume of non-spam mail
could be rather intolerable. Imagine if you were
Tom Hanks and your private email got out and you
had to go through thousands of adoring fan mails
to find that movie contract from your agent...

Pre-authorization for email is the way things are
going to go. 

-- 
--
   Dale Amon [EMAIL PROTECTED]+44-7802-188325
   International linux systems consultancy
 Hardware & software system design, security
and networking, systems programming and Admin
  "Have Laptop, Will Travel"
--

Re: Spam fights

[Vassilii Khachaturov]

[snip]
> If CR systems get popular then spammers will start replying to the
> messages. Most spammers have working email addresses, so it would not be
> difficult to automate a response to a CR system.  Any CR system which just
> requires that you "reply to this email" will be trivially broken by
> spammers.
[snip]

You are right in everything except the tense - it's already happening.
I've had friends that use the CR systems reporting that spammers did reply
to their challenges. Apparently this is done by the "put your computer to
work" victims that spam from their home accounts sometimes even w/o the full 
understanding of what they're doing.

V


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: Spam fights

[Russell Coker]

On Fri, 11 Jun 2004 19:29, Dale Amon <[EMAIL PROTECTED]> wrote:
> On Fri, Jun 11, 2004 at 10:45:44AM +1000, Russell Coker wrote:
> > It is anti-social for every idiot on the net to think that they are
> > important enough to require a subscription from everyone who wants to
> > send them email.
>
> Like it or not (and I don't) that is where we are
> headed if other solutions to spam are not implimented
> that cover non-NANOG type persons. I strongly suspect

It won't work because challenge-response systems are technically no good.  
While CR systems are almost never used because the people who use them are 
universally regarded as cretins, the spammers won't bother about trying to 
fool them.

If CR systems get popular then spammers will start replying to the messages.  
Most spammers have working email addresses, so it would not be difficult to 
automate a response to a CR system.  Any CR system which just requires that 
you "reply to this email" will be trivially broken by spammers.

One CR system I saw used a web page with some obscured text that is 
(supposedly) only readable by humans.  There are two ways of solving this (if 
it ever becomes popular).  One way is to make entering such things a 
condition for downloading free porn from a porn site (a document on using 
porn sites to subscribe to hotmail etc was published some time ago).  The 
other way is better OCR software.

Finally, a large chunk of spam is entered by humans.  The "Nigerian" spammers 
often do things manually with cut/paste and don't have software to automate 
it (a friend witnessed a "Nigerian" spammer doing this at an Internet cafe).  
Such people will get past any CR system that could be devised.

> we'll see a generation of mail systems which greylist
> by default at the very least. Perhaps a future
> secreterial job will be to wade through the muck and
> query the boss as to whether one or two should be
> allowed access.

That is a secretarial job today.  Some people (such as Bill Gates) employ a 
team of people to filter their email.

> For some people, even the volume of non-spam mail
> could be rather intolerable. Imagine if you were
> Tom Hanks and your private email got out and you
> had to go through thousands of adoring fan mails
> to find that movie contract from your agent...

It's quite easy to search on From: field.  Of course you need a decently fast 
Internet connection to download all the messages, but I'm sure Tom can afford 
that.

-- 
http://www.coker.com.au/selinux/   My NSA Security Enhanced Linux packages
http://www.coker.com.au/bonnie++/  Bonnie++ hard drive benchmark
http://www.coker.com.au/postal/Postal SMTP/POP benchmark
http://www.coker.com.au/~russell/  My home page


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: Spam fights

[Michelle Konzack]

Hello Alain, 

Am 2004-06-10 22:03:54, schrieb Alain Tesio:

>Not if the message if refused by the smtp server before it's delivered, right ?
>It's not that antisocial to ask the 1% people who aren't subscribed to subscribe
>before sending a message.

I am subscribed to severa mailinglists on postgresql.org, php.net, 
mutt.org, exim.org and others where I get not more then a half 
SPAM per month.

I am on 146 Mailinglists 46 and on this list I get 80% of the 
normal SPAM (not the last two days)

Because the SPAM filter of murphy works quiet well, I like to 
see a subscriber only List too.

Maybe the Listmaster can istall as script which send a REMINDER 
to people which are not subscribed to subscribe on l-d-o.

>Alain

Greetings
Michelle

-- 
Linux-User #280138 with the Linux Counter, http://counter.li.org/ 
Michelle Konzack   Apt. 917  ICQ #328449886
   50, rue de Soultz MSM LinuxMichi
0033/3/8845235667100 Strasbourg/France   IRC #Debian (irc.icq.com)


signature.pgp
Description: Digital signature

Re: Spam fights

[Dale Amon]

On Fri, Jun 11, 2004 at 10:45:44AM +1000, Russell Coker wrote:
> It is anti-social for every idiot on the net to think that they are important 
> enough to require a subscription from everyone who wants to send them email.

Like it or not (and I don't) that is where we are
headed if other solutions to spam are not implimented
that cover non-NANOG type persons. I strongly suspect
we'll see a generation of mail systems which greylist 
by default at the very least. Perhaps a future 
secreterial job will be to wade through the muck and
query the boss as to whether one or two should be
allowed access.

For some people, even the volume of non-spam mail
could be rather intolerable. Imagine if you were
Tom Hanks and your private email got out and you
had to go through thousands of adoring fan mails
to find that movie contract from your agent...

Pre-authorization for email is the way things are
going to go. 

-- 
--
   Dale Amon [EMAIL PROTECTED]+44-7802-188325
   International linux systems consultancy
 Hardware & software system design, security
and networking, systems programming and Admin
  "Have Laptop, Will Travel"
--


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: Spam fights

[Russell Coker]

On Fri, 11 Jun 2004 06:03, Alain Tesio <[EMAIL PROTECTED]> wrote:
> On Thu, 10 Jun 2004 18:58:33 +1000
>
> Russell Coker <[EMAIL PROTECTED]> wrote:
> > For mailing lists this can be achieved by making the list
> > subscriber-only. For individual accounts such behaviour is very
> > anti-social as it results in confirmation messages being sent in response
> > to virus messages.
>
> Not if the message if refused by the smtp server before it's delivered,
> right ? It's not that antisocial to ask the 1% people who aren't subscribed
> to subscribe before sending a message.

It is not anti-social for a mailing list of (potentially) thousands of people 
to require a subscription before posting.

It is anti-social for every idiot on the net to think that they are important 
enough to require a subscription from everyone who wants to send them email.

-- 
http://www.coker.com.au/selinux/   My NSA Security Enhanced Linux packages
http://www.coker.com.au/bonnie++/  Bonnie++ hard drive benchmark
http://www.coker.com.au/postal/Postal SMTP/POP benchmark
http://www.coker.com.au/~russell/  My home page

Re: Spam fights

[Russell Coker]

On Fri, 11 Jun 2004 06:03, Alain Tesio <[EMAIL PROTECTED]> wrote:
> On Thu, 10 Jun 2004 18:58:33 +1000
>
> Russell Coker <[EMAIL PROTECTED]> wrote:
> > For mailing lists this can be achieved by making the list
> > subscriber-only. For individual accounts such behaviour is very
> > anti-social as it results in confirmation messages being sent in response
> > to virus messages.
>
> Not if the message if refused by the smtp server before it's delivered,
> right ? It's not that antisocial to ask the 1% people who aren't subscribed
> to subscribe before sending a message.

It is not anti-social for a mailing list of (potentially) thousands of people 
to require a subscription before posting.

It is anti-social for every idiot on the net to think that they are important 
enough to require a subscription from everyone who wants to send them email.

-- 
http://www.coker.com.au/selinux/   My NSA Security Enhanced Linux packages
http://www.coker.com.au/bonnie++/  Bonnie++ hard drive benchmark
http://www.coker.com.au/postal/Postal SMTP/POP benchmark
http://www.coker.com.au/~russell/  My home page


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: Spam fights

[Vassilii Khachaturov]

> > For mailing lists this can be achieved by making the list
> > subscriber-only.  For individual accounts such behaviour is very
> > anti-social as it results in confirmation messages being sent in
> > response to virus messages.
>
> Not if the message if refused by the smtp server before it's delivered,
> right ? It's not that antisocial to ask the 1% people who aren't
> subscribed to subscribe before sending a message.

3 days ago I got blacklisted by outblaze when I  got framed by some virus
that triggered my majordomo to respond to a forged subscription request
with an outblaze's spamtrap "original" address. Luckily, the outblaze
postmaster was very quick to respond and whitelist me back.

I don't actually know how to prevent this happening in the future.
A bit unexpected mode of spamtrap operation, isn't it?

V.
P.S. maybe we should move the thread to NANAE?

Re: Spam fights

[Alain Tesio]

On Thu, 10 Jun 2004 18:58:33 +1000
Russell Coker <[EMAIL PROTECTED]> wrote:

> For mailing lists this can be achieved by making the list subscriber-only.  
> For individual accounts such behaviour is very anti-social as it results in 
> confirmation messages being sent in response to virus messages.

Not if the message if refused by the smtp server before it's delivered, right ?
It's not that antisocial to ask the 1% people who aren't subscribed to subscribe
before sending a message.

Alain

Re: Spam fights

[Vassilii Khachaturov]

> > For mailing lists this can be achieved by making the list
> > subscriber-only.  For individual accounts such behaviour is very
> > anti-social as it results in confirmation messages being sent in
> > response to virus messages.
>
> Not if the message if refused by the smtp server before it's delivered,
> right ? It's not that antisocial to ask the 1% people who aren't
> subscribed to subscribe before sending a message.

3 days ago I got blacklisted by outblaze when I  got framed by some virus
that triggered my majordomo to respond to a forged subscription request
with an outblaze's spamtrap "original" address. Luckily, the outblaze
postmaster was very quick to respond and whitelist me back.

I don't actually know how to prevent this happening in the future.
A bit unexpected mode of spamtrap operation, isn't it?

V.
P.S. maybe we should move the thread to NANAE?


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: Spam fights

[Alain Tesio]

On Thu, 10 Jun 2004 18:58:33 +1000
Russell Coker <[EMAIL PROTECTED]> wrote:

> For mailing lists this can be achieved by making the list subscriber-only.  
> For individual accounts such behaviour is very anti-social as it results in 
> confirmation messages being sent in response to virus messages.

Not if the message if refused by the smtp server before it's delivered, right ?
It's not that antisocial to ask the 1% people who aren't subscribed to subscribe
before sending a message.

Alain


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: Spam fights

[Alvin Oga]

hi ya jaroslaw

On Thu, 10 Jun 2004, Jaroslaw Tabor wrote:

> In mean time, I've found additional way for spam filtering, but it
> requires some development. The basic idea is simple and already in use:
> We are allowing all emails from whitelits.

already done ... most MTA support a whitelist and blacklists

> For unknown sender, automated confirmation request is send. If
> confirmation comes, receiver can decide to put new sender on white or
> black list (by reply with prepared subject and token).


> I'm planning to develop this feauture, but It will be nice to hear from 
> what you thing about this idea.

if you're developing a challenge thingie ... don't bother ...
(i'll be the 6th to discourage your efforts on that front )

if you're writing a whitelist/blacklist stuff ... why ???

but if you're writting code to take incoming spam, and add it to
the blacklist automatically... that'd be tricky ...

- what is the definition of "spam" ?
(i say anyting that is left, after i finished reading the emails)
- "hundred dozens" other definitions of "what is spam"

- than i run my silly script and it all goes to the 'blacklist'

- if you make your rbl ( blacklist ) available for others
to use .. that has some merit .. as long as one can also
prove that they spammed ya ( since spammers are sometimes sue
happy )

- i hate and never reply to challenge systems and i go do business
  elsewhere
- even those silly whois database queries at the domain registrars
are starting to get super annoying

c ya
alvin

Re: Spam fights

[Greg Folkert]

On Thu, 2004-06-10 at 04:58, Russell Coker wrote:
> On Thu, 10 Jun 2004 18:21, Jaroslaw Tabor <[EMAIL PROTECTED]> wrote:
> > I'm planning to develop this feauture, but It will be nice to hear from
> > what you thing about this idea.
> 
> Don't do it.  Confirmation systems are just as bad as the problems that they 
> try to solve.

Here, here. Agreement on all fronts. If I get a challenge, I put it into
/dev/null

Whomever came up with those things (like TMDA and brethren), must have
been pulling them out of /dev/ass
-- 
[EMAIL PROTECTED]
REMEMBER ED CURRY! http://www.iwethey.org/ed_curry

Novell's Directory Services is a competitive product to Microsoft's
Active Directory in much the same way that the Saturn V is a competitive
product to those dinky little model rockets that kids light off down at
the playfield. -- Thane Walkup


signature.asc
Description: This is a digitally signed message part

Re: Spam fights

[Alvin Oga]

hi ya jaroslaw

On Thu, 10 Jun 2004, Jaroslaw Tabor wrote:

> In mean time, I've found additional way for spam filtering, but it
> requires some development. The basic idea is simple and already in use:
> We are allowing all emails from whitelits.

already done ... most MTA support a whitelist and blacklists

> For unknown sender, automated confirmation request is send. If
> confirmation comes, receiver can decide to put new sender on white or
> black list (by reply with prepared subject and token).


> I'm planning to develop this feauture, but It will be nice to hear from 
> what you thing about this idea.

if you're developing a challenge thingie ... don't bother ...
(i'll be the 6th to discourage your efforts on that front )

if you're writing a whitelist/blacklist stuff ... why ???

but if you're writting code to take incoming spam, and add it to
the blacklist automatically... that'd be tricky ...

- what is the definition of "spam" ?
(i say anyting that is left, after i finished reading the emails)
- "hundred dozens" other definitions of "what is spam"

- than i run my silly script and it all goes to the 'blacklist'

- if you make your rbl ( blacklist ) available for others
to use .. that has some merit .. as long as one can also
prove that they spammed ya ( since spammers are sometimes sue
happy )

- i hate and never reply to challenge systems and i go do business
  elsewhere
- even those silly whois database queries at the domain registrars
are starting to get super annoying

c ya
alvin


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: Spam fights

[Greg Folkert]

On Thu, 2004-06-10 at 04:58, Russell Coker wrote:
> On Thu, 10 Jun 2004 18:21, Jaroslaw Tabor <[EMAIL PROTECTED]> wrote:
> > I'm planning to develop this feauture, but It will be nice to hear from
> > what you thing about this idea.
> 
> Don't do it.  Confirmation systems are just as bad as the problems that they 
> try to solve.

Here, here. Agreement on all fronts. If I get a challenge, I put it into
/dev/null

Whomever came up with those things (like TMDA and brethren), must have
been pulling them out of /dev/ass
-- 
[EMAIL PROTECTED]
REMEMBER ED CURRY! http://www.iwethey.org/ed_curry

Novell's Directory Services is a competitive product to Microsoft's
Active Directory in much the same way that the Saturn V is a competitive
product to those dinky little model rockets that kids light off down at
the playfield. -- Thane Walkup


signature.asc
Description: This is a digitally signed message part

Re: Spam fights

[Richard Atterer]

On Thu, Jun 10, 2004 at 12:27:04PM +0300, Dmitry Golubev wrote:
> I second that. If I receive a confirmation message I never respond to it! 

If *I* receive a confirmation message, I always respond to it!

That's because all confirmation messages I get are in response to spam with
my address in the From field. If I confirm, the person sending me the
confirmation message will be delivered the spam. If more people did this, 
confirmation senders would notice that the system doesn't work.

  Richard

-- 
  __   _
  |_) /|  Richard Atterer |  GnuPG key:
  | \/¯|  http://atterer.net  |  0x888354F7
  ¯ '` ¯

challenge-response antispam systems in the BTS (was Re: Spam fights)

[Adeodato Simó]

  [this is offtopic here, but since the issue was raised on d-security,
  I thought I'd follow up there and move to d-devel if it's worth a
  discussion.]

* Dmitry Golubev [Thu, 10 Jun 2004 12:27:04 +0300]:

> On Thursday 10 June 2004 11:58, Russell Coker <[EMAIL PROTECTED]> wrote:
> > On Thu, 10 Jun 2004 18:21, Jaroslaw Tabor <[EMAIL PROTECTED]> wrote:

> > > For unknown sender, automated confirmation request is send. If

> > My response to these scumbags who send me the confirmation messages is that
> > if they are on a mailing list I'm on then I black-list their email address
> > if it's known (or their mail server if their email address is not clear). 
> > If a confirmation message appears to be in response to a virus then I
> > respond to it.  Let the scumbag get another copy of the virus...

> > > I'm planning to develop this feauture, but It will be nice to hear from
> > > what you thing about this idea.

> > Don't do it.  Confirmation systems are just as bad as the problems that
> > they try to solve.

> I second that. If I receive a confirmation message I never respond to it! 
> (well, when I first received such a message, I wanted to try how it works - 
> that was the only confirmation I responded to). Maybe that's impolite, but I 
> do not want to waste my time answering to that spam.

has it been discussed before the usage of such systems by bug
submitters? I've come up with this situation twice or so, and I
found myself thinking "what the hell, they're putting extra work on
*anybody* wanting to help with *their* problem!"

so, do you think an address with such system qualifies as non-valid
for the BTS? for me, I guess, it's pretty as if they had posted with
"[EMAIL PROTECTED]" in the From: line.

OTOH, if all mail to the submitter was sent to [EMAIL PROTECTED],
the user could whitelist [EMAIL PROTECTED], but this is not common
practice ATM and would also prevent us from stating our dislike for
such systems.

any thoguths?

-- 
Adeodato Simó
EM: asp16 [ykwim] alu.ua.es | PK: DA6AE621
 
As an adolescent I aspired to lasting fame, I craved factual certainty,
and I thirsted for a meaningful vision of human life -- so I became a
scientist. This is like becoming an archbishop so you can meet girls.
-- Matt Cartmill

Re: Spam fights

[Michael Stone]

On Thu, Jun 10, 2004 at 12:27:04PM +0300, Dmitry Golubev wrote:
I second that. If I receive a confirmation message I never respond to it! 


Me three. I take a confirmation thingy as a sign that the person doesn't
really need my email. Hint: if you require confirmations from people who
are replying to a request for help, don't expect much help.

Mike Stone

Re: Spam fights

[Dmitry Golubev]

I second that. If I receive a confirmation message I never respond to it! 
(well, when I first received such a message, I wanted to try how it works - 
that was the only confirmation I responded to). Maybe that's impolite, but I 
do not want to waste my time answering to that spam.

Dmitry

On Thursday 10 June 2004 11:58, Russell Coker <[EMAIL PROTECTED]> wrote:
> On Thu, 10 Jun 2004 18:21, Jaroslaw Tabor <[EMAIL PROTECTED]> wrote:
> > We are allowing all emails from whitelits.
>
> Who is "we" in this context?  Individual users or mailing list
> administrators?
>
> > For unknown sender, automated confirmation request is send. If
>
> For mailing lists this can be achieved by making the list subscriber-only.
> For individual accounts such behaviour is very anti-social as it results in
> confirmation messages being sent in response to virus messages.  This means
> that even though my anti-virus software is updated regularly I still get
> hit by viruses through those stupid confirmation messages!
>
> My response to these scumbags who send me the confirmation messages is that
> if they are on a mailing list I'm on then I black-list their email address
> if it's known (or their mail server if their email address is not clear). 
> If a confirmation message appears to be in response to a virus then I
> respond to it.  Let the scumbag get another copy of the virus...
>
> > I'm planning to develop this feauture, but It will be nice to hear from
> > what you thing about this idea.
>
> Don't do it.  Confirmation systems are just as bad as the problems that
> they try to solve.
>
> --
> http://www.coker.com.au/selinux/   My NSA Security Enhanced Linux packages
> http://www.coker.com.au/bonnie++/  Bonnie++ hard drive benchmark
> http://www.coker.com.au/postal/Postal SMTP/POP benchmark
> http://www.coker.com.au/~russell/  My home page

Re: Spam fights

[Russell Coker]

On Thu, 10 Jun 2004 18:21, Jaroslaw Tabor <[EMAIL PROTECTED]> wrote:
> We are allowing all emails from whitelits.

Who is "we" in this context?  Individual users or mailing list administrators?

> For unknown sender, automated confirmation request is send. If

For mailing lists this can be achieved by making the list subscriber-only.  
For individual accounts such behaviour is very anti-social as it results in 
confirmation messages being sent in response to virus messages.  This means 
that even though my anti-virus software is updated regularly I still get hit 
by viruses through those stupid confirmation messages!

My response to these scumbags who send me the confirmation messages is that if 
they are on a mailing list I'm on then I black-list their email address if 
it's known (or their mail server if their email address is not clear).  If a 
confirmation message appears to be in response to a virus then I respond to 
it.  Let the scumbag get another copy of the virus...

> I'm planning to develop this feauture, but It will be nice to hear from
> what you thing about this idea.

Don't do it.  Confirmation systems are just as bad as the problems that they 
try to solve.

-- 
http://www.coker.com.au/selinux/   My NSA Security Enhanced Linux packages
http://www.coker.com.au/bonnie++/  Bonnie++ hard drive benchmark
http://www.coker.com.au/postal/Postal SMTP/POP benchmark
http://www.coker.com.au/~russell/  My home page

Re: Spam fights

[Richard Atterer]

On Thu, Jun 10, 2004 at 12:27:04PM +0300, Dmitry Golubev wrote:
> I second that. If I receive a confirmation message I never respond to it! 

If *I* receive a confirmation message, I always respond to it!

That's because all confirmation messages I get are in response to spam with
my address in the From field. If I confirm, the person sending me the
confirmation message will be delivered the spam. If more people did this, 
confirmation senders would notice that the system doesn't work.

  Richard

-- 
  __   _
  |_) /|  Richard Atterer |  GnuPG key:
  | \/¯|  http://atterer.net  |  0x888354F7
  ¯ '` ¯


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

challenge-response antispam systems in the BTS (was Re: Spam fights)

[Adeodato Simó]

  [this is offtopic here, but since the issue was raised on d-security,
  I thought I'd follow up there and move to d-devel if it's worth a
  discussion.]

* Dmitry Golubev [Thu, 10 Jun 2004 12:27:04 +0300]:

> On Thursday 10 June 2004 11:58, Russell Coker <[EMAIL PROTECTED]> wrote:
> > On Thu, 10 Jun 2004 18:21, Jaroslaw Tabor <[EMAIL PROTECTED]> wrote:

> > > For unknown sender, automated confirmation request is send. If

> > My response to these scumbags who send me the confirmation messages is that
> > if they are on a mailing list I'm on then I black-list their email address
> > if it's known (or their mail server if their email address is not clear). 
> > If a confirmation message appears to be in response to a virus then I
> > respond to it.  Let the scumbag get another copy of the virus...

> > > I'm planning to develop this feauture, but It will be nice to hear from
> > > what you thing about this idea.

> > Don't do it.  Confirmation systems are just as bad as the problems that
> > they try to solve.

> I second that. If I receive a confirmation message I never respond to it! 
> (well, when I first received such a message, I wanted to try how it works - 
> that was the only confirmation I responded to). Maybe that's impolite, but I 
> do not want to waste my time answering to that spam.

has it been discussed before the usage of such systems by bug
submitters? I've come up with this situation twice or so, and I
found myself thinking "what the hell, they're putting extra work on
*anybody* wanting to help with *their* problem!"

so, do you think an address with such system qualifies as non-valid
for the BTS? for me, I guess, it's pretty as if they had posted with
"[EMAIL PROTECTED]" in the From: line.

OTOH, if all mail to the submitter was sent to [EMAIL PROTECTED],
the user could whitelist [EMAIL PROTECTED], but this is not common
practice ATM and would also prevent us from stating our dislike for
such systems.

any thoguths?

-- 
Adeodato Simó
EM: asp16 [ykwim] alu.ua.es | PK: DA6AE621
 
As an adolescent I aspired to lasting fame, I craved factual certainty,
and I thirsted for a meaningful vision of human life -- so I became a
scientist. This is like becoming an archbishop so you can meet girls.
-- Matt Cartmill


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: Spam fights

[Michael Stone]

On Thu, Jun 10, 2004 at 12:27:04PM +0300, Dmitry Golubev wrote:
I second that. If I receive a confirmation message I never respond to it! 
Me three. I take a confirmation thingy as a sign that the person doesn't
really need my email. Hint: if you require confirmations from people who
are replying to a request for help, don't expect much help.
Mike Stone
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: Spam fights

[Dmitry Golubev]

I second that. If I receive a confirmation message I never respond to it! 
(well, when I first received such a message, I wanted to try how it works - 
that was the only confirmation I responded to). Maybe that's impolite, but I 
do not want to waste my time answering to that spam.

Dmitry

On Thursday 10 June 2004 11:58, Russell Coker <[EMAIL PROTECTED]> wrote:
> On Thu, 10 Jun 2004 18:21, Jaroslaw Tabor <[EMAIL PROTECTED]> wrote:
> > We are allowing all emails from whitelits.
>
> Who is "we" in this context?  Individual users or mailing list
> administrators?
>
> > For unknown sender, automated confirmation request is send. If
>
> For mailing lists this can be achieved by making the list subscriber-only.
> For individual accounts such behaviour is very anti-social as it results in
> confirmation messages being sent in response to virus messages.  This means
> that even though my anti-virus software is updated regularly I still get
> hit by viruses through those stupid confirmation messages!
>
> My response to these scumbags who send me the confirmation messages is that
> if they are on a mailing list I'm on then I black-list their email address
> if it's known (or their mail server if their email address is not clear). 
> If a confirmation message appears to be in response to a virus then I
> respond to it.  Let the scumbag get another copy of the virus...
>
> > I'm planning to develop this feauture, but It will be nice to hear from
> > what you thing about this idea.
>
> Don't do it.  Confirmation systems are just as bad as the problems that
> they try to solve.
>
> --
> http://www.coker.com.au/selinux/   My NSA Security Enhanced Linux packages
> http://www.coker.com.au/bonnie++/  Bonnie++ hard drive benchmark
> http://www.coker.com.au/postal/Postal SMTP/POP benchmark
> http://www.coker.com.au/~russell/  My home page


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: Spam fights

[Russell Coker]

On Thu, 10 Jun 2004 18:21, Jaroslaw Tabor <[EMAIL PROTECTED]> wrote:
> We are allowing all emails from whitelits.

Who is "we" in this context?  Individual users or mailing list administrators?

> For unknown sender, automated confirmation request is send. If

For mailing lists this can be achieved by making the list subscriber-only.  
For individual accounts such behaviour is very anti-social as it results in 
confirmation messages being sent in response to virus messages.  This means 
that even though my anti-virus software is updated regularly I still get hit 
by viruses through those stupid confirmation messages!

My response to these scumbags who send me the confirmation messages is that if 
they are on a mailing list I'm on then I black-list their email address if 
it's known (or their mail server if their email address is not clear).  If a 
confirmation message appears to be in response to a virus then I respond to 
it.  Let the scumbag get another copy of the virus...

> I'm planning to develop this feauture, but It will be nice to hear from
> what you thing about this idea.

Don't do it.  Confirmation systems are just as bad as the problems that they 
try to solve.

-- 
http://www.coker.com.au/selinux/   My NSA Security Enhanced Linux packages
http://www.coker.com.au/bonnie++/  Bonnie++ hard drive benchmark
http://www.coker.com.au/postal/Postal SMTP/POP benchmark
http://www.coker.com.au/~russell/  My home page


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: Spam

[Adrian 'Dagurashibanipal' von Bidder]

On Sunday 18 May 2003 19:41, Janus N. wrote:
> On Sun, 2003-05-18 at 03:43, Phillip Hofmeister wrote:
> > With that point aside, you can try out bogofilters and razor.  Between
> > the two of those I have few false positive and few false negatives.
>
> Spamassassin already utilizes razor -- so razor failed that mail as
> well.

Or razor was temporarily not reachable? Or razor was disabled on this 
particular installation?

cheers
-- vbi

-- 
"That's right; the upper-case shift works fine on the screen, but
they're not coming out on the damn printer...  Hold?  Sure, I'll hold."
-- e.e. cummings last service call


pgpa52aR7u6ZK.pgp
Description: signature

Re: Spam

[Janus N.]

On Sun, 2003-05-18 at 03:43, Phillip Hofmeister wrote:
> With that point aside, you can try out bogofilters and razor.  Between
> the two of those I have few false positive and few false negatives.
Spamassassin already utilizes razor -- so razor failed that mail as
well. 

Janus

-- 
Janus N. Tøndering <[EMAIL PROTECTED]>

Re: Spam

[Phillip Hofmeister]

On Fri, 16 May 2003 at 04:58:04PM +0200, Christian Storch wrote:
> Interesting. That mail has overcome spamassassin without any hits:
> 
> X-Spam-Status: No, hits=0.0 required=4.0
>   tests=none
>   version=2.53-lists.debian.org_2003_04_28
> X-Spam-Checker-Version: SpamAssassin 2.53-lists.debian.org_2003_04_28
> (1.174.2.15-2003-03-30-exp)
> 
> Any options to get it?


First, posting Spam back to the list by including it in a reply is not
generally something you want to do...

With that point aside, you can try out bogofilters and razor.  Between
the two of those I have few false positive and few false negatives.
Here is the relevant procmail sections:

:0 Wf
| /home/plhofmei/.bin/removefoot

:0 Wf
| formail -I X-Spam-Status:
:0 Wf
| formail -I X-Spam-Level:

:0 Wc
| razor-check
:0 Waf
| formail -I "X-Razor-Warning: SPAM."
:0 Wa
Mail/Junk
:0 WEf
| formail -I "X-Razor-Warning: NONE."

:0 Wc
| bogofilter -u -3 -l
:0 Waf
| formail -I "X-Spam-Status: Yes, bogofilter"
:0 Wa
Mail/Junk
:0 Ef
| formail -I "X-Spam-Status: No, bogofilter"

:0:
* ^X-Spam-Status: Yes
Mail/Junk


Here is removefoot:

#!/bin/sed -f
: mas
$!N
s/\n/&/2;
t vale
$!b mas
: vale
/^-- \nTo UNSUBSCRIBE, email to .*\nwith a subject of .*/d
P;D


I can't take credit for the above sed tidbit, I believe someone else on
the list wrote that

It is important to remove the footer b/c otherwise razor will not work
properly.

On a note about bogofilters, it is *VERY* unreliable until you train it.
Don't give up on it, it is well worth it...

Good luck,

-- 
Phillip Hofmeister
Network Administrator/Systems Engineer
IP3 Inc.
http://www.ip3security.com

PGP/GPG Key:
http://www.zionlth.org/~plhofmei/
wget -O - http://www.zionlth.org/~plhofmei/key.txt | gpg --import
--
Excuse #240: CPU-angle has to be adjusted because of vibrations coming from the 
nearby road 



pgp0avvRrlbpr.pgp
Description: PGP signature

Re: spam block

[Jay Kline]

If you have a spare box, you can run spamassissin's spamd and connect 
remotely.

Jay

On Tuesday 15 April 2003 7:47 am, Konstantin wrote:
> hi,
>
> I need a spam filter, but I need one which works with sendmail and is not
> spamassasin(the system needs an old perl 5.0.X), but spamassasin needs perl
>
> >5.6
>
> any ideas, which spam filter I can use on such a system.
>
> thx for help
>
> Konstantin

-- 
Jay Kline
http://www.slushpupie.com

Re: spam block

[Ted Cabeen]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Content-Type: text/plain; charset=us-ascii

In message <[EMAIL PROTECTED]>, "Konstantin" writes:
>hi,
>
>I need a spam filter, but I need one which works with sendmail and is not
>spamassasin(the system needs an old perl 5.0.X), but spamassasin needs perl
>>5.6

Spamassassin doesn't require 5.6.  I'm running it with 5.005 right now.

- -- 
Ted Cabeen   http://www.pobox.com/~secabeen[EMAIL 
PROTECTED] 
Check Website or Keyserver for PGP/GPG Key BA0349D2 [EMAIL PROTECTED]
"I have taken all knowledge to be my province." -F. Bacon  [EMAIL PROTECTED]
"Human kind cannot bear very much reality."-T.S.Eliot[EMAIL PROTECTED]


-BEGIN PGP SIGNATURE-
Version: GnuPG v1.2.1 (FreeBSD)
Comment: Exmh version 2.5 07/13/2001

iD8DBQE+nD5BoayJfLoDSdIRAjG9AKCLR8hn9sVvJ3MugnQkVldS7mkJZQCgt2Cy
lp2i5eUsFuR1bQ7wPdP9b9U=
=rxQz
-END PGP SIGNATURE-

Re: spam block

[Noah Meyerhans]

On Tue, Apr 15, 2003 at 02:47:52PM +0200, Konstantin wrote:
> I need a spam filter, but I need one which works with sendmail and is
> not spamassasin(the system needs an old perl 5.0.X), but spamassasin
> needs perl 5.6

When I set up spamassassin on a potato system, I installed perl from
source with --prefix=/usr/local/perl5.6.  Then, to install spamassassin,
I was able to simply run
/usr/local/perl5.6/bin/perl -MCPAN -e "install Mail::SpamAssassin"

The spamassassin executables were left in /usr/local/perl5.6/bin/ but I
symlinked them to /usr/local/bin.

I had no problems with that setup and it worked for several months.
Once woody came out and included perl5.6 I no longer required that
setup.

noah

-- 
 ___
| Web: http://web.morgul.net/~frodo/
| PGP Public Key: http://web.morgul.net/~frodo/mail.html 


pgpBr679ozNED.pgp
Description: PGP signature

Re: spam block

[Cesar Rincon]

On Tue, 2003-04-15 at 08:58, Celso González wrote:
> On Tue, Apr 15, 2003 at 02:47:52PM +0200, Konstantin wrote:
> > hi,
> > 
> > I need a spam filter, but I need one which works with sendmail and is not
> > spamassasin(the system needs an old perl 5.0.X), but spamassasin needs perl
> > >5.6
> > 
> > any ideas, which spam filter I can use on such a system.
> 
> Try with bogofilter

I'll second Celso.  Bogofilter's only prerrequisite is, IIRC, a DBM
library.  It is very lightweight and fast (much faster than
SpamAssassin, which I can't use because of the volume of mail that I
have to process), and is eerily accurate when trained properly.

That's the catch, of course: it has to be trained.  I'd suggest you to
download a couple thousand fresh spams from spamarchive.org to prime
your spam list.  Use your archived mail for the ham list.  From them on
just give it feedback when it makes a mistake, and everything should be
ok.

 -CR

Re: spam block

[Celso González]

On Tue, Apr 15, 2003 at 02:47:52PM +0200, Konstantin wrote:
> hi,
> 
> I need a spam filter, but I need one which works with sendmail and is not
> spamassasin(the system needs an old perl 5.0.X), but spamassasin needs perl
> >5.6
> 
> any ideas, which spam filter I can use on such a system.

Try with bogofilter

Best regards

-- 
Celso González
[EMAIL PROTECTED]
http://bulmalug.net 

Re: (SPAM?) Marginheight

[jamoss]

From: [EMAIL PROTECTED]
Subject: Not at this address

Your message to [EMAIL PROTECTED] could not be delivered.  
Due to the large amounts of email with the SIRCAM virus to this address, we 
have terminated this account.

Make sure you have the latest virus software and scan your PC for this virus.

Sincerely,
The Babynames.com Staff
 Original Message 

Re: (SPAM?) Marginheight

[jamoss]

From: [EMAIL PROTECTED]
Subject: Not at this address

Your message to [EMAIL PROTECTED] could not be delivered.  
Due to the large amounts of email with the SIRCAM virus to this address, we have 
terminated this account.

Make sure you have the latest virus software and scan your PC for this virus.

Sincerely,
The Babynames.com Staff
 Original Message 




-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: spam

[Junichi Uekawa]

> > Some mail I try to reply have latin-1 
> > chars.
> > 
> > They will be translated to Japanese charset when I 
> > reply to them, so people are conveniently 
> > blocking some of my mail,
> > which is immensely annoying.
> 
>  Does that happen when you are replying in English, or only for Japanese?


Japanese mails are not written in latin-1 chars,
only in English/French/whatever mail.


> i.e. is it a problem if people block charsets that that are only used by
> languages they don't understand?  Your message is US/ASCII...

So, if I replied mail to someone with a name with an accented char
on it, it is likely that my mail will be encoded in ISO-2022-JP
or something like it. (or rather, sylpheed used to play me that trick
all the time)


regards,
junichi

Re: spam

[Junichi Uekawa]

> > Some mail I try to reply have latin-1 
> > chars.
> > 
> > They will be translated to Japanese charset when I 
> > reply to them, so people are conveniently 
> > blocking some of my mail,
> > which is immensely annoying.
> 
>  Does that happen when you are replying in English, or only for Japanese?


Japanese mails are not written in latin-1 chars,
only in English/French/whatever mail.


> i.e. is it a problem if people block charsets that that are only used by
> languages they don't understand?  Your message is US/ASCII...

So, if I replied mail to someone with a name with an accented char
on it, it is likely that my mail will be encoded in ISO-2022-JP
or something like it. (or rather, sylpheed used to play me that trick
all the time)


regards,
junichi


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: spam

[Michelle Konzack]

Hello, 

Am 11:26 11/11/02 -0800 hat Rich Rudnick geschrieben:

>I try to block on character sets: ie., 
>
>^Content-Type.*charset.*[gG][bB]2312
>
>This catches quite a few spams I can't read.

I do it too and it filters around 70% of all spam mail

MIchelle

Re: spam

[Michelle Konzack]

Hello, 

Am 11:26 11/11/02 -0800 hat Rich Rudnick geschrieben:

>I try to block on character sets: ie., 
>
>^Content-Type.*charset.*[gG][bB]2312
>
>This catches quite a few spams I can't read.

I do it too and it filters around 70% of all spam mail

MIchelle


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: spam

[Peter Cordes]

On Thu, Nov 14, 2002 at 09:43:24AM +0900, Junichi Uekawa wrote:
> > I try to block on character sets: ie., 
> > 
> > ^Content-Type.*charset.*[gG][bB]2312
> > 
> > This catches quite a few spams I can't read.
> > 
> 
> Some mail I try to reply have latin-1 
> chars.
> 
> They will be translated to Japanese charset when I 
> reply to them, so people are conveniently 
> blocking some of my mail,
> which is immensely annoying.

 Does that happen when you are replying in English, or only for Japanese?
i.e. is it a problem if people block charsets that that are only used by
languages they don't understand?  Your message is US/ASCII...

-- 
#define X(x,y) x##y
Peter Cordes ;  e-mail: X([EMAIL PROTECTED] , ns.ca)

"The gods confound the man who first found out how to distinguish the hours!
 Confound him, too, who in this place set up a sundial, to cut and hack
 my day so wretchedly into small pieces!" -- Plautus, 200 BC

Re: spam

[Peter Cordes]

On Thu, Nov 14, 2002 at 09:43:24AM +0900, Junichi Uekawa wrote:
> > I try to block on character sets: ie., 
> > 
> > ^Content-Type.*charset.*[gG][bB]2312
> > 
> > This catches quite a few spams I can't read.
> > 
> 
> Some mail I try to reply have latin-1 
> chars.
> 
> They will be translated to Japanese charset when I 
> reply to them, so people are conveniently 
> blocking some of my mail,
> which is immensely annoying.

 Does that happen when you are replying in English, or only for Japanese?
i.e. is it a problem if people block charsets that that are only used by
languages they don't understand?  Your message is US/ASCII...

-- 
#define X(x,y) x##y
Peter Cordes ;  e-mail: X([EMAIL PROTECTED] , ns.ca)

"The gods confound the man who first found out how to distinguish the hours!
 Confound him, too, who in this place set up a sundial, to cut and hack
 my day so wretchedly into small pieces!" -- Plautus, 200 BC


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: spam

[Junichi Uekawa]

> I try to block on character sets: ie., 
> 
> ^Content-Type.*charset.*[gG][bB]2312
> 
> This catches quite a few spams I can't read.
> 

Some mail I try to reply have latin-1 
chars.

They will be translated to Japanese charset when I 
reply to them, so people are conveniently 
blocking some of my mail,
which is immensely annoying.


regards,
junichi