Re: Dirty spam
David E. Fox wrote: On Sun, 19 Nov 2006 03:40:00 +0100 Michelle Konzack [EMAIL PROTECTED] wrote: How many peoples have there OWN mailservers? /me does. Actually I cheat a bit. Actually Michelle cheats a bit. How many people have their OWN mailserver? Uhhh, I was talking MTAs. One doesn't need a mail server (however Michelle defines it) to have an MTA. I mean MTAs are only installed by default. So the answer is, really, everyone does. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Dirty spam
Tim Post wrote: Did it even make a dent? I've been thinking about trying it. Even catching 5% is still 50k less spam e-mails delivered on a larger network .. so I may get a little more use out of it even if its only got a 2/10 catch record. I have had a chance to try this out and it does work. It's not perfect (maybe because I am using an older version due to the fact I'm running Sarge on those servers) and does miss some of the image spam. It has got a very nice feature that it will only scan messages with a SA score below a certain number. This way, if SA has already given a message enough points then FuzzyORC will not scan the message and save you the resources. Hope this helps, -- George Borisov DXSolutions Ltd -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Dirty spam
On Thu, 23 Nov 2006 15:09:02 +0800 Tim Post [EMAIL PROTECTED] wrote: Did it even make a dent? I've been thinking about trying it. Even catching 5% is still 50k less spam e-mails delivered on a larger network .. so I may get a little more use out of it even if its only got a 2/10 catch record. SA with little or no extra configuration (with libdns added in) seems to make a pretty good dent, actually. BUt the spam these days is so voluminous. As an example, there's one place that's sending stock spam emails with every first name one can think of as separate messages, and SA isn't catching those. But my caughtspam file is at present over 9 megabytes, and I usually zero it every couple of days. I don't always get around to downloading the mail from tsoft.com (since it is mostly spam anyway) so I might do a fetchmail maybe once or twice a day like when I get home from work. Last night - nearly six megabytes, probably because I didn't get home from work until late on Tuesday, so didn't manage to check it that day. -- David E. Fox Thanks for letting me [EMAIL PROTECTED]change magnetic patterns [EMAIL PROTECTED] on your hard disk. --- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Dirty spam
On Sun, 19 Nov 2006 03:40:00 +0100 Michelle Konzack [EMAIL PROTECTED] wrote: How many peoples have there OWN mailservers? /me does. Actually I cheat a bit. Most (99%) of mail I just have sent to my dsl address - and that gets processed by my mail server which is slightly to the left of me on the floor :). OTOH I have a tsoft.com backup email address but 99% of that is just spam right now. It used to be manageable but the amount of spam has simply gotten out of control in the last couple of weeks. Spamassassin manages to pick out a good portion of it, but not everything. It *used* to catch nearly everything out there. But I had to rebuild my system recently and reinstalled spamassassin along with everything else. One point - one seems to need some other libraries in order to get spamassassin to process most of he spam that it used to process before. In particular, I installed libnet-dns-perl and the result was that spamassassin performed more DNS related tests on the incoming messages that it wasn't doing before. I've also tried installing the fuzzy OCR plugin, to hopefully combat the tide of spammers sending phony pump dump stock spam as attached gifs/jpgs. But that doesn't seem to work. -- David E. Fox Thanks for letting me [EMAIL PROTECTED]change magnetic patterns [EMAIL PROTECTED] on your hard disk. --- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Dirty spam
I do something very similar. In fact, I just had to change out my mailserver, and wound up changing from Kolab/Kroupware to Zimbra (community edition). I highly recommend Zimbra if anyone is looking. --b - Original Message - From: David E. Fox [EMAIL PROTECTED] To: debian-user@lists.debian.org Sent: Thursday, November 23, 2006 0:17:59 AM GMT-0500 US/Eastern Subject: Re: Dirty spam On Sun, 19 Nov 2006 03:40:00 +0100 Michelle Konzack [EMAIL PROTECTED] wrote: How many peoples have there OWN mailservers? /me does. Actually I cheat a bit. Most (99%) of mail I just have sent to my dsl address - and that gets processed by my mail server which is slightly to the left of me on the floor :). OTOH I have a tsoft.com backup email address but 99% of that is just spam right now. It used to be manageable but the amount of spam has simply gotten out of control in the last couple of weeks. Spamassassin manages to pick out a good portion of it, but not everything. It *used* to catch nearly everything out there. But I had to rebuild my system recently and reinstalled spamassassin along with everything else. One point - one seems to need some other libraries in order to get spamassassin to process most of he spam that it used to process before. In particular, I installed libnet-dns-perl and the result was that spamassassin performed more DNS related tests on the incoming messages that it wasn't doing before. I've also tried installing the fuzzy OCR plugin, to hopefully combat the tide of spammers sending phony pump dump stock spam as attached gifs/jpgs. But that doesn't seem to work. -- David E. Fox Thanks for letting me [EMAIL PROTECTED]change magnetic patterns [EMAIL PROTECTED] on your hard disk. --- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Dirty spam
On Wed, 2006-11-22 at 21:17 -0800, David E. Fox wrote: I've also tried installing the fuzzy OCR plugin, to hopefully combat the tide of spammers sending phony pump dump stock spam as attached gifs/jpgs. But that doesn't seem to work. Did it even make a dent? I've been thinking about trying it. Even catching 5% is still 50k less spam e-mails delivered on a larger network .. so I may get a little more use out of it even if its only got a 2/10 catch record. Thanks, Tim -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Dirty spam
Am 2006-11-09 10:22:38, schrieb Steve Lamb: Michelle Konzack wrote: Only if you receive your mail OVER a MTA. Er, right, which is how most people do it. How many peoples have there OWN mailservers? With fetchmail you must download and filter Uh, no. The most common fetchmail method is to drop into the local MTA. No, fetchmail use normaly a MDA like procmail/maildrop which filter localy! Thanks, Greetings and nice Day Michelle Konzack Systemadministrator Tamay Dogan Network Debian GNU/Linux Consultant -- Linux-User #280138 with the Linux Counter, http://counter.li.org/ # Debian GNU/Linux Consultant # Michelle Konzack Apt. 917 ICQ #328449886 50, rue de Soultz MSM LinuxMichi 0033/6/6192519367100 Strasbourg/France IRC #Debian (irc.icq.com) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Dirty spam
Am 2006-11-10 09:45:31, schrieb Matthew Krauss: I prefer dovecot-imapd, from (limited) personal experience, but don't know much about the differences in theory. Any reason to prefer courier-imap? It works from scratch if you have your mail in a ~/Maildir You need only an 'apt-get install courier-imap' and it works without any configuration. If you want more, then this is another thing, but for local mail or in a small network @home it is enough. Thanks, Greetings and nice Day Michelle Konzack Systemadministrator Tamay Dogan Network Debian GNU/Linux Consultant -- Linux-User #280138 with the Linux Counter, http://counter.li.org/ # Debian GNU/Linux Consultant # Michelle Konzack Apt. 917 ICQ #328449886 50, rue de Soultz MSM LinuxMichi 0033/6/6192519367100 Strasbourg/France IRC #Debian (irc.icq.com) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Dirty spam
Michelle Konzack wrote: Hello *, Am 2006-10-20 08:28:01, schrieb Andrew Sackville-West: If you are using t-bird to get mail directly from a pop server, then I think you're stuck. But you COULD, setup fetchmail to get your mail, reconfig exim to use spamassassin and whatever else you want) and then deliver that mail to your mail locally for t-bird to pick up. but that may be using a 2x4 to swat a fly, I don't know. Can t-bird pipe messages through external programs? If so, you might look at bogofilter as its stupid easy to setup and train. Since you need only basic functions use mailfilter to drop the messages on the Server, then download it with fetchmail and filter it with procmail to a maildir ~/Maildir/ And last not least, install courier-imap which will work Out-of-The-Box for Mozilla, Thunderbird or any other IMAP capable MUA. I prefer dovecot-imapd, from (limited) personal experience, but don't know much about the differences in theory. Any reason to prefer courier-imap? Regards, Matthew -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Dirty spam
Hello Cord, Am 2006-10-23 15:52:07, schrieb Cord Beermann: I added a rule that drops mails that have a To/Cc [EMAIL PROTECTED] Thanks for doing this. Thanks, Greetings and nice Day Michelle Konzack Systemadministrator Tamay Dogan Network Debian GNU/Linux Consultant -- Linux-User #280138 with the Linux Counter, http://counter.li.org/ # Debian GNU/Linux Consultant # Michelle Konzack Apt. 917 ICQ #328449886 50, rue de Soultz MSM LinuxMichi 0033/6/6192519367100 Strasbourg/France IRC #Debian (irc.icq.com) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Dirty spam
Hi Johannes, Am 2006-10-20 20:34:46, schrieb Johannes Wiedersich: Yes, but for those on slow networks: They always have to first download the message, before the filter will tell them it's spam. It would be really appreciated, if the listmasters could filter messages with to's and cc's like To: [EMAIL PROTECTED] Cc: debian-x@lists.debian.org, [EMAIL PROTECTED], debian-x86-64@lists.debian.org, deity@lists.debian.org, [EMAIL PROTECTED] Subject: re: Please do not come to the office today if you receive messages which have a -request in there E-mail then it is always spam (at least for Debian lists) ant it can be filtered out easily with procmail or mailrop. No need to bother the huge spamassassin. Thanks, Greetings and nice Day Michelle Konzack Systemadministrator Tamay Dogan Network Debian GNU/Linux Consultant -- Linux-User #280138 with the Linux Counter, http://counter.li.org/ # Debian GNU/Linux Consultant # Michelle Konzack Apt. 917 ICQ #328449886 50, rue de Soultz MSM LinuxMichi 0033/6/6192519367100 Strasbourg/France IRC #Debian (irc.icq.com) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Dirty spam
Hello *, Am 2006-10-20 08:28:01, schrieb Andrew Sackville-West: If you are using t-bird to get mail directly from a pop server, then I think you're stuck. But you COULD, setup fetchmail to get your mail, reconfig exim to use spamassassin and whatever else you want) and then deliver that mail to your mail locally for t-bird to pick up. but that may be using a 2x4 to swat a fly, I don't know. Can t-bird pipe messages through external programs? If so, you might look at bogofilter as its stupid easy to setup and train. Since you need only basic functions use mailfilter to drop the messages on the Server, then download it with fetchmail and filter it with procmail to a maildir ~/Maildir/ And last not least, install courier-imap which will work Out-of-The-Box for Mozilla, Thunderbird or any other IMAP capable MUA. Thanks, Greetings and nice Day Michelle Konzack Systemadministrator Tamay Dogan Network Debian GNU/Linux Consultant -- Linux-User #280138 with the Linux Counter, http://counter.li.org/ # Debian GNU/Linux Consultant # Michelle Konzack Apt. 917 ICQ #328449886 50, rue de Soultz MSM LinuxMichi 0033/6/6192519367100 Strasbourg/France IRC #Debian (irc.icq.com) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Dirty spam
Michelle Konzack wrote: if you receive messages which have a -request in there E-mail then it is always spam (at least for Debian lists) ant it can be filtered out easily with procmail or mailrop. Er, uh, aren't those after SA in the server-side chain? Sure would be here if I used either. -- Steve C. Lamb | But who decides what they dream? PGP Key: 8B6E99C5 | And dream I do... ---+- signature.asc Description: OpenPGP digital signature
Re: Dirty spam
Am 2006-11-09 08:45:37, schrieb Steve Lamb: Michelle Konzack wrote: if you receive messages which have a -request in there E-mail then it is always spam (at least for Debian lists) ant it can be filtered out easily with procmail or mailrop. Er, uh, aren't those after SA in the server-side chain? Sure would be here if I used either. Only if you receive your mail OVER a MTA. With fetchmail you must download and filter it for example trough procmail or maildrop. e.g.: :0 * ^(Cc|To):[EMAIL PROTECTED] .ATTENTION.debian_spam/ :0fw * 5 |spamc Thanks, Greetings and nice Day Michelle Konzack Systemadministrator Tamay Dogan Network Debian GNU/Linux Consultant -- Linux-User #280138 with the Linux Counter, http://counter.li.org/ # Debian GNU/Linux Consultant # Michelle Konzack Apt. 917 ICQ #328449886 50, rue de Soultz MSM LinuxMichi 0033/6/6192519367100 Strasbourg/France IRC #Debian (irc.icq.com) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Dirty spam
Michelle Konzack wrote: Only if you receive your mail OVER a MTA. Er, right, which is how most people do it. With fetchmail you must download and filter Uh, no. The most common fetchmail method is to drop into the local MTA. -- Steve C. Lamb | But who decides what they dream? PGP Key: 8B6E99C5 | And dream I do... ---+- signature.asc Description: OpenPGP digital signature
Re: Dirty spam
José Alburquerque [EMAIL PROTECTED] wrote: Pollywog wrote: On Sunday 22 October 2006 15:06, Steve Lamb wrote: Not directed solely at you, Mumia, just something that I've been meaning to say for weeks now. Know what would really help? If people would stop replying to spam, quoting spam or otherwise legitimizing spam to my bayesian filters. That has to be part of the reason the spam getting through both of my filters (SA and TB). I mean do I consider the replies to spam as ham or spam? If it's ham then it increases the chances of false-negatives in the future. If it's spam then it increases the chances of false-positives in the future. Either way I'm screwed and it seems that every spam to make it through the list is quoted a few times now. :/ Sorry, I did not mean to respam the spam. Now I feel as though I need to find a special chewing gum. I'm sorry to ask. Can you explain what special chewing gum means? If I'm not mistaken, Pollywog was making an analogy to the special chewing gums if you want to give up smoking ;) Regards, Andrei -- If you can't explain it simply, you don't understand it well enough. (Albert Einstein)
Re: Dirty spam
Andrei Popescu wrote: José Alburquerque [EMAIL PROTECTED] wrote: Pollywog wrote: Sorry, I did not mean to respam the spam. Now I feel as though I need to find a special chewing gum. I'm sorry to ask. Can you explain what special chewing gum means? If I'm not mistaken, Pollywog was making an analogy to the special chewing gums if you want to give up smoking ;) Regards, Andrei Thanks for explaining. Pollywog also explained that it had to do with a tv commercial. The reason I really didn't understand is that I don't watch that much tv, but I think I get it. ;-) -- Sincerely Jose Alburquerque -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Dirty spam
Hallo! Du (Johannes Wiedersich) hast geschrieben: It would be really appreciated, if the listmasters could filter messages with to's and cc's like To: [EMAIL PROTECTED] Cc: debian-x@lists.debian.org, [EMAIL PROTECTED], debian-x86-64@lists.debian.org, deity@lists.debian.org, [EMAIL PROTECTED] I added a rule that drops mails that have a To/Cc [EMAIL PROTECTED] Yours, Cord, Debian Listmaster of the day -- http://lists.debian.org -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Dirty spam
Pollywog wrote: On Sunday 22 October 2006 15:06, Steve Lamb wrote: Not directed solely at you, Mumia, just something that I've been meaning to say for weeks now. Know what would really help? If people would stop replying to spam, quoting spam or otherwise legitimizing spam to my bayesian filters. That has to be part of the reason the spam getting through both of my filters (SA and TB). I mean do I consider the replies to spam as ham or spam? If it's ham then it increases the chances of false-negatives in the future. If it's spam then it increases the chances of false-positives in the future. Either way I'm screwed and it seems that every spam to make it through the list is quoted a few times now. :/ Sorry, I did not mean to respam the spam. Now I feel as though I need to find a special chewing gum. I'm sorry to ask. Can you explain what special chewing gum means? -- Sincerely Jose Alburquerque -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Dirty spam
Mumia W.. wrote: Taking down the botnet is another way to fight the spam. It doesn't always work as planned: Not directed solely at you, Mumia, just something that I've been meaning to say for weeks now. Know what would really help? If people would stop replying to spam, quoting spam or otherwise legitimizing spam to my bayesian filters. That has to be part of the reason the spam getting through both of my filters (SA and TB). I mean do I consider the replies to spam as ham or spam? If it's ham then it increases the chances of false-negatives in the future. If it's spam then it increases the chances of false-positives in the future. Either way I'm screwed and it seems that every spam to make it through the list is quoted a few times now. :/ -- Steve C. Lamb | But who decides what they dream? PGP Key: 8B6E99C5 | And dream I do... ---+- signature.asc Description: OpenPGP digital signature
Re: Dirty spam
Steve Lamb wrote: Mumia W.. wrote: Taking down the botnet is another way to fight the spam. It doesn't always work as planned: Not directed solely at you, Mumia, just something that I've been meaning to say for weeks now. Know what would really help? If people would stop replying to spam, quoting spam or otherwise legitimizing spam to my bayesian filters. That has to be part of the reason the spam getting through both of my filters (SA and TB). I mean do I consider the replies to spam as ham or spam? If it's ham then it increases the chances of false-negatives in the future. If it's spam then it increases the chances of false-positives in the future. Either way I'm screwed and it seems that every spam to make it through the list is quoted a few times now. :/ One of the reasons that I started a new thread: I felt like quoting would sort of legitimize the spam. -- Sincerely Jose Alburquerque -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Dirty spam
On Sunday 22 October 2006 15:06, Steve Lamb wrote: Not directed solely at you, Mumia, just something that I've been meaning to say for weeks now. Know what would really help? If people would stop replying to spam, quoting spam or otherwise legitimizing spam to my bayesian filters. That has to be part of the reason the spam getting through both of my filters (SA and TB). I mean do I consider the replies to spam as ham or spam? If it's ham then it increases the chances of false-negatives in the future. If it's spam then it increases the chances of false-positives in the future. Either way I'm screwed and it seems that every spam to make it through the list is quoted a few times now. :/ Sorry, I did not mean to respam the spam. Now I feel as though I need to find a special chewing gum. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Dirty spam
On 10/20/2006 05:47 PM, Pollywog wrote: On Friday 20 October 2006 18:22, Johannes Wiedersich wrote: Mumia W.. wrote: Taking down the botnet is another way to fight the spam. It doesn't always work as planned: This message was created automatically by mail delivery software. A message that you sent could not be delivered to one or more of its recipients. This is a permanent error. The following address(es) failed: [EMAIL PROTECTED] SMTP error from remote mailer after RCPT TO:[EMAIL PROTECTED]: host mail.qixhosting.net [66.102.41.26]: 550 5.7.1 [EMAIL PROTECTED]... Relaying denied whois qixhosting.net |grep @ President President [EMAIL PROTECTED] President President [EMAIL PROTECTED] President President [EMAIL PROTECTED] According to whois this is the email you might have addressed your complaint to. Looks rather fishy. Maybe someone in the US should investigate this. They are apparently located in Canada. [EMAIL PROTECTED]:~$ whois 66.102.41.26 Dynamic Pipe Inc. DYNAMIC-PIPE-BLK-2 (NET-66-102-32-0-1) 66.102.32.0 - 66.102.47.255 Qix Hosting QIX-BLK-1 (NET-66-102-32-0-2) 66.102.32.0 - 66.102.47.255 It is a known spam operation according to http://www.webservertalk.com/archive154-2005-7-1139994.html I wonder if the list admins could ban the entire IP block from posting to the Debian lists. The spam was sent from elsewhere. Qix Hosting provides hosting for the spamvertized web site. Orangized crime is taking over the Internet :-( -- [EMAIL PROTECTED] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Dirty spam
On Thu, Oct 19, 2006 at 08:36:07PM -0400, José Alburquerque wrote: Roberto C. Sanchez wrote: Install spamassasin and train it. Go to the web archives, find the offending message(s) and click the corresponding Report this as Spam button on the page for the message. The list admins periodically train spamassasin on lists.d.o with those messages which are reported as spam. Regards, -Roberto Quick question on spamassasin: Will this work for those that do not use fetchmail to download mail to server? I simply get my mail by using mozilla-thunderbird. In my case, I guess I'd just click on the Junk Mail button, although I'm afraid that it will begin to throw out good messages on this list. However, I don't mind simply deleting. I just thought that I'd make the observation in case there might be other options. Thanks again. If you are using t-bird to get mail directly from a pop server, then I think you're stuck. But you COULD, setup fetchmail to get your mail, reconfig exim to use spamassassin and whatever else you want) and then deliver that mail to your mail locally for t-bird to pick up. but that may be using a 2x4 to swat a fly, I don't know. Can t-bird pipe messages through external programs? If so, you might look at bogofilter as its stupid easy to setup and train. A signature.asc Description: Digital signature
Re: Dirty spam
Andrew Sackville-West wrote: If you are using t-bird to get mail directly from a pop server, then I think you're stuck. But you COULD, setup fetchmail to get your mail, reconfig exim to use spamassassin and whatever else you want) and then deliver that mail to your mail locally for t-bird to pick up. but that may be using a 2x4 to swat a fly, I don't know. Can t-bird pipe messages through external programs? If so, you might look at bogofilter as its stupid easy to setup and train. A Ultimately, I think that is what I'll end up doing (bring my mail down locally). A few years back, when I first began exploring the free unix world, my system was exactly set up to download mail (using fetchmail, I think) and then I'd have access to it through any interface I wanted (I think I used pine, but I was also able to to use Netscape -- at the time -- to read mail, much like you describe above). After a while, I focused more on my education (which still involved Unix) so I sort of put free unix exploration on the back burner. When I came back (when RedHat was about in version 4), I did not set up local mail because I was not able to get a static IP as I (luckily) had when I first began exploring free unix. Now, even though I still don't have a static IP address, I see that with exim it is possible to set up local mail so this would probably be best for me. I'll have to get into the intricacies of exim and then understand a little how to interface both exim and spamassasin for such things as spam. Thanks for suggestion. -- Sincerely Jose Alburquerque -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Dirty spam
Mumia W.. wrote: Taking down the botnet is another way to fight the spam. It doesn't always work as planned: This message was created automatically by mail delivery software. A message that you sent could not be delivered to one or more of its recipients. This is a permanent error. The following address(es) failed: [EMAIL PROTECTED] SMTP error from remote mailer after RCPT TO:[EMAIL PROTECTED]: host mail.qixhosting.net [66.102.41.26]: 550 5.7.1 [EMAIL PROTECTED]... Relaying denied whois qixhosting.net |grep @ President President [EMAIL PROTECTED] President President [EMAIL PROTECTED] President President [EMAIL PROTECTED] According to whois this is the email you might have addressed your complaint to. Looks rather fishy. Maybe someone in the US should investigate this. Here's some more info from whois: Registrant [423178]: President President 2170 Bromsgrove Road Suite 46 Mississauga ON L5J 4J2 CA Administrative Contact [423178]: President President [EMAIL PROTECTED] 2170 Bromsgrove Road Suite 46 Mississauga ON L5J 4J2 CA Phone: +1.9058239144 Johannes -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Dirty spam
P. Johnson wrote: That works the same way: Thunderbird has it's own Bayesian filter. You should also train messages that aren't spam to avoid false-positives and false-negatives. Yes, but for those on slow networks: They always have to first download the message, before the filter will tell them it's spam. It would be really appreciated, if the listmasters could filter messages with to's and cc's like To: [EMAIL PROTECTED] Cc: debian-x@lists.debian.org, [EMAIL PROTECTED], debian-x86-64@lists.debian.org, deity@lists.debian.org, [EMAIL PROTECTED] Subject: re: Please do not come to the office today (several debian-xxx that don't exist) and not forward it to debian-amd64 Resent-From: debian-amd64@lists.debian.org But let's thank the list-masters, I am sure we are seeing only the very tiny tip of the iceberg Johannes /full message- Return-path: [EMAIL PROTECTED] Envelope-to: [EMAIL PROTECTED] Delivery-date: Sun, 15 Oct 2006 22:14:56 +0200 Received: from mailrelay1.lrz-muenchen.de ([129.187.254.106]) by llserv.physik.blm.tu-muenchen.de with esmtp (Exim 4.50) id 1GZCNs-Je-Ah for [EMAIL PROTECTED]; Sun, 15 Oct 2006 22:14:56 +0200 Received: from lxmhs06.lrz-muenchen.de (lxmhs06.lrz-muenchen.de [10.156.6.203]) by mailrelay1.lrz-muenchen.de with ESMTP for [EMAIL PROTECTED]; Sun, 15 Oct 2006 22:14:55 +0200 Received: from mailrelay1.lrz-muenchen.de ([10.156.6.201]) by lxmhs06.lrz-muenchen.de (lxmhs06.lrz-muenchen.de [10.156.6.203]) (amavisd-new, port 10024) with ESMTP id 28474-01-16 for [EMAIL PROTECTED]; Sun, 15 Oct 2006 22:14:55 +0200 (CEST) Received: from murphy.debian.org (murphy.debian.org [70.103.162.31]) by mailrelay1.lrz-muenchen.de with ESMTP for [EMAIL PROTECTED]; Sun, 15 Oct 2006 22:14:54 +0200 Received: from localhost (localhost [127.0.0.1]) by murphy.debian.org (Postfix) with QMQP id 85BEE2F1CF; Sun, 15 Oct 2006 15:14:16 -0500 (CDT) Old-Return-Path: [EMAIL PROTECTED] X-Original-To: debian-x86-64@lists.debian.org Received: from tonymiddphoto.co.uk (unknown [222.109.104.217]) by murphy.debian.org (Postfix) with SMTP id 049B93151A; Sun, 15 Oct 2006 13:49:33 -0500 (CDT) Message-Id: [EMAIL PROTECTED] Date: Sun, 15 Oct 2006 21:48:43 +0200 Reply-To: Adan Brown [EMAIL PROTECTED] From: Adan Brown [EMAIL PROTECTED] User-Agent: Mozilla/5.0 (Macintosh; U; PPC Mac OS X; en-US) AppleWebKit/85 (KHTML, like Gecko) Safari/85 X-Accept-Language: en-us MIME-Version: 1.0 To: [EMAIL PROTECTED] Cc: debian-x@lists.debian.org, [EMAIL PROTECTED], debian-x86-64@lists.debian.org, deity@lists.debian.org, [EMAIL PROTECTED] Subject: re: Please do not come to the office today Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 8bit X-Rc-Spam: 2006-04-09_01 X-Rc-Virus: 2005-11-10_01 X-Rc-Spam: 2006-04-09_01 Resent-Message-ID: [EMAIL PROTECTED] Resent-From: debian-amd64@lists.debian.org X-Mailing-List: debian-amd64@lists.debian.org archive/latest/21088 X-Loop: debian-amd64@lists.debian.org List-Id: debian-amd64.lists.debian.org List-Post: mailto:debian-amd64@lists.debian.org List-Help: mailto:[EMAIL PROTECTED] List-Subscribe: mailto:[EMAIL PROTECTED] List-Unsubscribe: mailto:[EMAIL PROTECTED] Precedence: list Resent-Sender: [EMAIL PROTECTED] Resent-Date: Sun, 15 Oct 2006 15:14:16 -0500 (CDT) X-Virus-Scanned: by amavisd-new at lrz-muenchen.de in 06 X-Spam-Status: No, score=2.757 tagged_above=-999 required=5 tests=[BAYES_60=1, SUSPICIOUS_RECIPS=1.757] X-Spam-Score: 2.757 X-Spam-Level: ** Hello , Find out how to generate 1.5 - 3.5k per day from your home. 800.513.3876 Contact me at my number if you can return phone calls. Thank you, Adan Brown -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Dirty spam
On Thursday 19 October 2006 20:21, Roberto C. Sanchez wrote: The list admins periodically train spamassasin on lists.d.o with those messages which are reported as spam. Last time I heard/read, I dont think the reported spams are being used currently. They are just being collected hoping that in future the list masters could use them. Please correct me if I am wrong... raju -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Dirty spam
On Fri, Oct 20, 2006 at 08:22:55PM +0200, Johannes Wiedersich wrote: Administrative Contact [423178]: President President [EMAIL PROTECTED] 2170 Bromsgrove Road Suite 46 Mississauga ON L5J 4J2 CA Phone: +1.9058239144 Johannes FYI, I used to live in south Mississagua. Bromsbrove Road is a low-income housing/townhouse/apartment area. Doug. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Dirty spam
Johannes Wiedersich([EMAIL PROTECTED]) is reported to have said: P. Johnson wrote: That works the same way: Thunderbird has it's own Bayesian filter. You should also train messages that aren't spam to avoid false-positives and false-negatives. Yes, but for those on slow networks: They always have to first download the message, before the filter will tell them it's spam. with to's and cc's like So install either mailfilter or murx murx.sourceforge.net and remove them from the pop server _before_ you download. I am currently using murx and only got one (1) of those spam msgs. One rule and they don't show up here anymore. WT -- My software never has bugs. It just develops random features. ___ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Dirty spam
On Friday 20 October 2006 18:22, Johannes Wiedersich wrote: Mumia W.. wrote: Taking down the botnet is another way to fight the spam. It doesn't always work as planned: This message was created automatically by mail delivery software. A message that you sent could not be delivered to one or more of its recipients. This is a permanent error. The following address(es) failed: [EMAIL PROTECTED] SMTP error from remote mailer after RCPT TO:[EMAIL PROTECTED]: host mail.qixhosting.net [66.102.41.26]: 550 5.7.1 [EMAIL PROTECTED]... Relaying denied whois qixhosting.net |grep @ President President [EMAIL PROTECTED] President President [EMAIL PROTECTED] President President [EMAIL PROTECTED] According to whois this is the email you might have addressed your complaint to. Looks rather fishy. Maybe someone in the US should investigate this. They are apparently located in Canada. [EMAIL PROTECTED]:~$ whois 66.102.41.26 Dynamic Pipe Inc. DYNAMIC-PIPE-BLK-2 (NET-66-102-32-0-1) 66.102.32.0 - 66.102.47.255 Qix Hosting QIX-BLK-1 (NET-66-102-32-0-2) 66.102.32.0 - 66.102.47.255 It is a known spam operation according to http://www.webservertalk.com/archive154-2005-7-1139994.html I wonder if the list admins could ban the entire IP block from posting to the Debian lists. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Dirty spam
On Thu, Oct 19, 2006 at 08:18:28PM -0400, José Alburquerque wrote: I'm sorry to say, but the spam on the list is getting dirty. Is there anything we can do about this? Thanks. Install spamassasin and train it. Go to the web archives, find the offending message(s) and click the corresponding Report this as Spam button on the page for the message. The list admins periodically train spamassasin on lists.d.o with those messages which are reported as spam. Regards, -Roberto -- Roberto C. Sanchez http://people.connexer.com/~roberto http://www.connexer.com signature.asc Description: Digital signature
Re: Dirty spam
Roberto C. Sanchez wrote: On Thu, Oct 19, 2006 at 08:18:28PM -0400, José Alburquerque wrote: I'm sorry to say, but the spam on the list is getting dirty. Is there anything we can do about this? Thanks. Install spamassasin and train it. Go to the web archives, find the offending message(s) and click the corresponding Report this as Spam button on the page for the message. The list admins periodically train spamassasin on lists.d.o with those messages which are reported as spam. Regards, -Roberto Thanks Roberto. Will do. -- Sincerely Jose Alburquerque -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Dirty spam
Roberto C. Sanchez wrote: Install spamassasin and train it. Go to the web archives, find the offending message(s) and click the corresponding Report this as Spam button on the page for the message. The list admins periodically train spamassasin on lists.d.o with those messages which are reported as spam. Regards, -Roberto Quick question on spamassasin: Will this work for those that do not use fetchmail to download mail to server? I simply get my mail by using mozilla-thunderbird. In my case, I guess I'd just click on the Junk Mail button, although I'm afraid that it will begin to throw out good messages on this list. However, I don't mind simply deleting. I just thought that I'd make the observation in case there might be other options. Thanks again. -- Sincerely Jose Alburquerque -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Dirty spam
José Alburquerque wrote: Roberto C. Sanchez wrote: Install spamassasin and train it. Go to the web archives, find the offending message(s) and click the corresponding Report this as Spam button on the page for the message. The list admins periodically train spamassasin on lists.d.o with those messages which are reported as spam. Regards, -Roberto Quick question on spamassasin: Will this work for those that do not use fetchmail to download mail to server? I simply get my mail by using mozilla-thunderbird. In my case, I guess I'd just click on the Junk Mail button, although I'm afraid that it will begin to throw out good messages on this list. However, I don't mind simply deleting. I just thought that I'd make the observation in case there might be other options. Thanks again. As Roberto suggested, I went to the archives and reported the two offending e-mails as spam. Thanks once more. :-) -- Sincerely Jose Alburquerque -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Dirty spam
Jose Alburquerque writes: I'm sorry to say, but the spam on the list is getting dirty. Is there anything we can do about this? Filter. What you are seeing is a small fraction of what hits the servers. -- John Hasler -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Dirty spam
On Thu, Oct 19, 2006 at 08:21:31PM -0400, Roberto C. Sanchez wrote: On Thu, Oct 19, 2006 at 08:18:28PM -0400, Jos? Alburquerque wrote: I'm sorry to say, but the spam on the list is getting dirty. Is there anything we can do about this? Thanks. Install spamassasin and train it. Go to the web archives, find the offending message(s) and click the corresponding Report this as Spam button on the page for the message. The list admins periodically train spamassasin on lists.d.o with those messages which are reported as spam. Is there now way to have a separate list setup that we could just bounce span to? Any spam that went directly to that list would just be more spam. It would save having to go find the message on the archives (it takes a while on dialup). Doug. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Dirty spam
On Thursday 19 October 2006 20:20, [EMAIL PROTECTED] wrote: [ =?ISO-8859-1?Q?Jos=E9_Alburquerque? ] Re: Dirty spam That all depends on if your getting the digest or not, I use the digest form and the spam gets on the digest, not much you can do about it, except subscribe to the regular mailing list. If I had children or teenagers reading this list then I might be a little more concerned. But chances are they have seen it anyway. It's amazing what depths young people will go to if you forbid something. Gnu_Raiz -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Dirty spam
José Alburquerque wrote: Quick question on spamassasin: Will this work for those that do not use fetchmail to download mail to server? I simply get my mail by using mozilla-thunderbird. In my case, I guess I'd just click on the Junk Mail button, although I'm afraid that it will begin to throw out good messages on this list. That works the same way: Thunderbird has it's own Bayesian filter. You should also train messages that aren't spam to avoid false-positives and false-negatives. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Dirty spam
On 10/19/2006 08:04 PM, José Alburquerque wrote: José Alburquerque wrote: Roberto C. Sanchez wrote: Install spamassasin and train it. Go to the web archives, find the offending message(s) and click the corresponding Report this as Spam button on the page for the message. The list admins periodically train spamassasin on lists.d.o with those messages which are reported as spam. Regards, -Roberto Quick question on spamassasin: Will this work for those that do not use fetchmail to download mail to server? I simply get my mail by using mozilla-thunderbird. In my case, I guess I'd just click on the Junk Mail button, although I'm afraid that it will begin to throw out good messages on this list. However, I don't mind simply deleting. I just thought that I'd make the observation in case there might be other options. Thanks again. As Roberto suggested, I went to the archives and reported the two offending e-mails as spam. Thanks once more. :-) Taking down the botnet is another way to fight the spam. It doesn't always work as planned: This message was created automatically by mail delivery software. A message that you sent could not be delivered to one or more of its recipients. This is a permanent error. The following address(es) failed: [EMAIL PROTECTED] SMTP error from remote mailer after RCPT TO:[EMAIL PROTECTED]: host mail.qixhosting.net [66.102.41.26]: 550 5.7.1 [EMAIL PROTECTED]... Relaying denied -- This is a copy of the message, including all the headers. -- Return-path: [EMAIL PROTECTED] Received: from [4.158.105.169] (helo=[4.158.105.169]) by elasmtp-kukur.atl.sa.earthlink.net with asmtp (Exim 4.34) id 1GajdB-0001rN-AE; Thu, 19 Oct 2006 21:57:06 -0400 Message-ID: [EMAIL PROTECTED] Date: Thu, 19 Oct 2006 20:45:24 -0500 From: Mumia W.. [EMAIL PROTECTED] User-Agent: Thunderbird 1.5.0.7 (X11/20060909) MIME-Version: 1.0 To: [EMAIL PROTECTED] CC: [EMAIL PROTECTED], [EMAIL PROTECTED], [EMAIL PROTECTED], [EMAIL PROTECTED], [EMAIL PROTECTED], [EMAIL PROTECTED], [EMAIL PROTECTED], [EMAIL PROTECTED], [EMAIL PROTECTED], [EMAIL PROTECTED], [EMAIL PROTECTED], [EMAIL PROTECTED] Subject: Spam message reveals botnet on your networks Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit I received a spam message that involves all of your networks. The spam seems to advertise a website that is managed by a botnet. A botnet is a group of machines controlled by Internet organized crime gangs (without the knowledge of the true owners). A botnet consists of machines that mutually support one another by sending spam, hosting websites and providing DNS services for those websites. The spam message came from this machine: 71.111.0.143 (verizon) The spam-advertized websites are hosted on these machines: www.lemuwin.com.180 IN A 64.110.215.97 (sasktel) www.lemuwin.com.180 IN A 172.161.194.59 (AOL) www.lemuwin.com.180 IN A 172.195.44.236 (AOL) www.lemuwin.com.180 IN A 194.145.134.112 (Esat) www.lemuwin.com.180 IN A 211.223.172.213 (kornet) And this site is linked to by the spam-advertised site: www.14inch.com. 0 IN A 66.102.43.10 (qixhosting) The domain-naming services are hosted on these machines: ns1.marivanna.com. 41678 IN A 212.235.54.208 (netvision) ns1.marivanna.com. 41678 IN A 221.162.35.178 (kornet) ns1.marivanna.com. 41678 IN A 24.91.25.155 (comcast) ns1.marivanna.com. 41678 IN A 24.155.135.157 (grandecom) ns1.marivanna.com. 41678 IN A 66.159.174.240 (sbcglobal) ns1.marivanna.com. 41678 IN A 70.136.103.192 (sbcglobal) ns1.marivanna.com. 41678 IN A 83.10.199.248 (telekomunikacja) ns1.marivanna.com. 41678 IN A 86.73.81.56 (gaoland) ns1.marivanna.com. 41678 IN A 124.186.234.43 (telstra) ns2.marivanna.com. 168631 IN A 86.73.81.56 (gaoland) ns4.marivanna.com. 84554 IN A 212.235.54.208 (netvision) Taking down a botnet is a lot of work, but I'm sure you guys and gals will do a fantastic job of it. Botnets typically change the locations of the various servers on a continuing basis. After several hours, some of this information may have changed. Don't worry; taking down the old botnet machines makes then unavailable to the crime gangs. Qixhosting, it is critical that you take down the spammer's website at www.14inch.com (66.102.43.10). That is the primary money-making website for the crime gang; if you fail to take that site down, everything would have been for nothing. Time is important when evaluating botnets. This information was collected around Fri Oct 20 01:25:02 UTC 2006 . The spam message was sent to the debian-user mailing list of
