Re: [gentoo-user] Spam from gentoo-lists

2004-01-05 Thread Lincoln A. Baxter 
On Mon, 2004-01-05 at 12:42, Andrej Kacian wrote:
> (Mon, 05 Jan 2004 18:25:39 +0100)
> And Norbert Kamenicky <[EMAIL PROTECTED]> said:
> 
> > PS:
> > Mostly I receive spam with these headers:
> > 
> > Undelivered Mail Returned To Mailer  (from "Admin" 
> > <[EMAIL PROTECTED]>) always contains EXE files
> > 
> > Last Internet Upgrade (from "Microsoft Corporation Security Support" 
> > <[EMAIL PROTECTED]>)
> > 
> > Current Internet Security Patch (from "Commercial Partner" 
> > <[EMAIL PROTECTED]>)
> > 
> > Microsoft Critical Upgrade (from "Program Security Center" 
> > <[EMAIL PROTECTED]> )

I have received all of these...  I just recently modified spamassassin
config files to score MICROSOFT executables in mail messages as SPAM. 
No one should mail around M$ exe's these days.

Lincoln



--
[EMAIL PROTECTED] mailing list

Re: [gentoo-user] Spam from gentoo-lists

2004-01-05 Thread Collins 
On Mon, 05 Jan 2004 18:25:39 +0100
Norbert Kamenicky <[EMAIL PROTECTED]> wrote:

> Collins wrote:
> > 
> > As I said earlier, no spam comes to me that I can identify as coming
> > from my association with gentoo.
> 
> 
> This is simple unbelievable for me, since I also
> recorded massive spam to my e-mail account few days
> after subscribing and sending my first reply.
> 

[ micror$hit snipped ] [ Don't I wish  ]

Boo hoo, microslut doen't love me enough to send me spam .  Actually
I did get a few of these a few months ago, but none since.

-- 
Collins

--
[EMAIL PROTECTED] mailing list

Re: [gentoo-user] Spam from gentoo-lists

2004-01-05 Thread Andrej Kacian 
(Mon, 05 Jan 2004 18:25:39 +0100)
And Norbert Kamenicky <[EMAIL PROTECTED]> said:

> PS:
> Mostly I receive spam with these headers:
> 
> Undelivered Mail Returned To Mailer  (from "Admin" 
> <[EMAIL PROTECTED]>) always contains EXE files
> 
> Last Internet Upgrade (from "Microsoft Corporation Security Support" 
> <[EMAIL PROTECTED]>)
> 
> Current Internet Security Patch (from "Commercial Partner" 
> <[EMAIL PROTECTED]>)
> 
> Microsoft Critical Upgrade (from "Program Security Center" 
> <[EMAIL PROTECTED]> )

Sounds like Sven resurrected to me.

-- 
/~\ The ASCIIAndrej "Ticho" Kacian 
\ / Ribbon Campaign  GnuPG public key ID: 7CD93FE2 (pgp.mit.edu)
 X  Against HTML Key fingerprint:
/ \ Email!   E87D 9DEF 2A23 6FFB 7AD9 542F 4253 3A46 7CD9 3FE2


pgp0.pgp
Description: PGP signature

Re: [gentoo-user] Spam from gentoo-lists

2004-01-05 Thread Norbert Kamenicky 
Collins wrote:
As I said earlier, no spam comes to me that I can identify as coming
from my association with gentoo.


This is simple unbelievable for me, since I also
recorded massive spam to my e-mail account few days
after subscribing and sending my first reply.
After collecting these facts:

1. I like micro$hit very much ;-) and declare
   my love very often
2. All of my spam is micro$hit related

3. some people receive it, some not

I made a conclusion:

This spam is sent to micro$shit "lovers" only.

noro

PS:
Mostly I receive spam with these headers:
Undelivered Mail Returned To Mailer  (from "Admin" 
<[EMAIL PROTECTED]>) always contains EXE files

Last Internet Upgrade (from "Microsoft Corporation Security Support" 
<[EMAIL PROTECTED]>)

Current Internet Security Patch (from "Commercial Partner" 
<[EMAIL PROTECTED]>)

Microsoft Critical Upgrade (from "Program Security Center" 
<[EMAIL PROTECTED]> )



--
[EMAIL PROTECTED] mailing list

Re: [gentoo-user] Spam from gentoo-lists

2004-01-04 Thread Kevin Reichhart 
I say we blame it on MS anyhoo.  They've gotten away with alot we 
haven't called them on.  ;-)

Does anyone know if any other lists have been targetted like this one?  
I've only seen mail come in on this address.

On Sun, 4 Jan 2004, Jeremy 
Maitin-Shepard wrote:

> Jason Cooper <[EMAIL PROTECTED]> writes:
> 
> > [snip]
> 
> > I also noticed some email coming to my gentoo ml alias since X-mas. :(
> > If you can, set up an alias for each list you are on and use procmail to
> > sort on 'List-ID'. Anything that ends up in the catch-all dir I don't 
> > really pay too much attention to.  Makes life much simpler.  I suppose
> > one day I'll have to get official and use some sort of spam filter, but
> > I only get a couple per week, so it's not a necessity yet.  Why does MS
> > want to put Security Updates on my Gentoo Box? :(
> 
> That isn't Microsoft.  Those are just worms.
> 
> 

-- 
Kevin Reichhart
CCNA, CCSA NG
Reichhart Consulting


--
[EMAIL PROTECTED] mailing list

Re: [gentoo-user] Spam from gentoo-lists

2004-01-04 Thread Collins 
On Mon, 5 Jan 2004 02:13:06 +
Peter Ruskin <[EMAIL PROTECTED]> wrote:

> On Monday 05 Jan 2004 02:03, Collins wrote:
> > I've been subscribed for years, and other than the once or twice a
> > year thing, I've seen no spam.
> 
> Hey Collins, you must be either very lucky or clever.  What are you 
> using to avoid gentoo-spam?
> 

Must be good clean living .  The only spam I get is from a couple of
lists (not gentoo) I subscribed to back in the dawn of history, and
these used a different domain name from my current email address (my isp
autoforwards these).  Since no mail I value comes from this old address,
I send it directly to trash.  That represents 99% of my spam.

I'm still surprised that no web-spider has scarfed up my new address 
from the current list archives!

As I said earlier, no spam comes to me that I can identify as coming
from my association with gentoo.

-- 
Collins

--
[EMAIL PROTECTED] mailing list

Re: [gentoo-user] Spam from gentoo-lists

2004-01-04 Thread »Q« 
Sunday, January 4, 2004, Jeremy Maitin-Shepard wrote:

> Tom Fredrik Blenning Klaussen writes:

> I would still guess that it is a web spider that got your address.
> Many of the archives are immediate, and so it is possible a web
> spider just happened to check the list archive web page several hours
> after you posted.  Spammers probably have their web spiders running at
> all times.

Or Usenet harvesting bots.  This list is gated to the Usenet group
linux.gentoo.user, carried now by most servers I suppose. It is pretty
easy for a bot to XOVER the headers to get the From headers.

A harvester could do the same with the Gmane server on which this list
also appears as a newsgroup (gmane.linux.gentoo.user).  Gmane does
offer the option to obfuscate e-mail addresses, either on a per-post
basis or for the whole list.  See  for
details.

-- 
»Q«


--
[EMAIL PROTECTED] mailing list

Re: [gentoo-user] Spam from gentoo-lists

2004-01-04 Thread Peter Ruskin 
On Monday 05 Jan 2004 02:03, Collins wrote:
> I've been subscribed for years, and other than the once or twice a
> year thing, I've seen no spam.

Hey Collins, you must be either very lucky or clever.  What are you 
using to avoid gentoo-spam?

Peter
-- 
==
Gentoo Linux:   Portage 2.0.49-r20 (default-x86-1.4, gcc-3.2.3, 
glibc-2.3.2-r3, 2.6.0-gentoo-w4l)   i686 AMD Athlon(tm) XP 3200+
==


--
[EMAIL PROTECTED] mailing list

Re: [gentoo-user] Spam from gentoo-lists

2004-01-04 Thread Collins 
On Sun, 04 Jan 2004 21:29:01 +0100
Tom Fredrik Blenning Klaussen <[EMAIL PROTECTED]> wrote:

> I made my first post ever with this mail address to this list
> yesterday, and already today I receive spam on it. Not such a big
> deal, since this address is only used for receiving list mail, so
> anything that isn't to any of the lists is crap per se. But it's still
> no fun.
> 

I've been subscribed for years, and other than the once or twice a year
thing, I've seen no spam.

YMMV,

-- 
Collins

--
[EMAIL PROTECTED] mailing list

Re: [gentoo-user] Spam from gentoo-lists

2004-01-04 Thread Jeremy Maitin-Shepard 
Sascha Cunz <[EMAIL PROTECTED]> writes:

> [snip]

> Maybe, it's this way. However - best practice is still to use a single mail 
> account only for subscribing and posting to mailinglists. Then ingnore 
> anything that struggles into this mail account, if it wasn't sent by a 
> specific mail host / has not the correct list-id; list-post; whatever-header 
> in it.

The problem with that strategy is that people will often reply
personally to a list post, and with that strategy you would ignore such
messages.

-- 
Jeremy Maitin-Shepard

--
[EMAIL PROTECTED] mailing list

Re: [gentoo-user] Spam from gentoo-lists

2004-01-04 Thread Jeremy Maitin-Shepard 
Jason Cooper <[EMAIL PROTECTED]> writes:

> [snip]

> I also noticed some email coming to my gentoo ml alias since X-mas. :(
> If you can, set up an alias for each list you are on and use procmail to
> sort on 'List-ID'. Anything that ends up in the catch-all dir I don't 
> really pay too much attention to.  Makes life much simpler.  I suppose
> one day I'll have to get official and use some sort of spam filter, but
> I only get a couple per week, so it's not a necessity yet.  Why does MS
> want to put Security Updates on my Gentoo Box? :(

That isn't Microsoft.  Those are just worms.

-- 
Jeremy Maitin-Shepard

--
[EMAIL PROTECTED] mailing list

Re: [gentoo-user] Spam from gentoo-lists

2004-01-04 Thread Jason Cooper 
Sascha Cunz ([EMAIL PROTECTED]) scribbled:
> > > [snip]
> > >
> > > I can't really tell, I was only stunned by the swift response from the
> > > spammer community. I received a spam mail only a few hours after posting
> > > for the first time with this address, which has been made only for
> > > receiving gentoo-list mail.
> >
> > I would still guess that it is a web spider that got your address.
> > Many of the archives are immediate, and so it is possible a web
> > spider just happened to check the list archive web page several hours
> > after you posted.  Spammers probably have their web spiders running at
> > all times.
> Maybe, it's this way. However - best practice is still to use a single mail 
> account only for subscribing and posting to mailinglists. Then ingnore 
> anything that struggles into this mail account, if it wasn't sent by a 
> specific mail host / has not the correct list-id; list-post; whatever-header 
> in it.
> Sascha

I also noticed some email coming to my gentoo ml alias since X-mas. :(
If you can, set up an alias for each list you are on and use procmail to
sort on 'List-ID'. Anything that ends up in the catch-all dir I don't 
really pay too much attention to.  Makes life much simpler.  I suppose
one day I'll have to get official and use some sort of spam filter, but
I only get a couple per week, so it's not a necessity yet.  Why does MS
want to put Security Updates on my Gentoo Box? :(

Cooper.

--
[EMAIL PROTECTED] mailing list

Re: [gentoo-user] Spam from gentoo-lists

2004-01-04 Thread Sascha Cunz 
> > [snip]
> >
> > I can't really tell, I was only stunned by the swift response from the
> > spammer community. I received a spam mail only a few hours after posting
> > for the first time with this address, which has been made only for
> > receiving gentoo-list mail.
>
> I would still guess that it is a web spider that got your address.
> Many of the archives are immediate, and so it is possible a web
> spider just happened to check the list archive web page several hours
> after you posted.  Spammers probably have their web spiders running at
> all times.
Maybe, it's this way. However - best practice is still to use a single mail 
account only for subscribing and posting to mailinglists. Then ingnore 
anything that struggles into this mail account, if it wasn't sent by a 
specific mail host / has not the correct list-id; list-post; whatever-header 
in it.
Sascha

--
[EMAIL PROTECTED] mailing list

Re: [gentoo-user] Spam from gentoo-lists

2004-01-04 Thread Jeremy Maitin-Shepard 
Tom Fredrik Blenning Klaussen <[EMAIL PROTECTED]> writes:

> [snip]

> I can't really tell, I was only stunned by the swift response from the
> spammer community. I received a spam mail only a few hours after posting
> for the first time with this address, which has been made only for
> receiving gentoo-list mail. 

I would still guess that it is a web spider that got your address.
Many of the archives are immediate, and so it is possible a web
spider just happened to check the list archive web page several hours
after you posted.  Spammers probably have their web spiders running at
all times.

-- 
Jeremy Maitin-Shepard

--
[EMAIL PROTECTED] mailing list

Re: [gentoo-user] Spam from gentoo-lists

2004-01-04 Thread Tom Fredrik Blenning Klaussen 
On Sun, 2004-01-04 at 22:34, Daniel Drake wrote: 
> > What about setting up some honey pots?
> > The list admin could for instance send some kind of email with unique
> > from field, and see what addresses respond.
> 
> Interesting idea, but the spam mails you recieve probably come from a 
> completely different machine than the ones that pick up your email address 
> from this mailing list. And if the addresses are picked out from archives by 
> web-spiders, then they wouldnt even have to be subscribed to the list (so 
> theres no way that the list admin could stop them getting the mails..)

Well, what i meant was to make one fictive address for every user on the
mailinglist. Then make a one to one mapping, and send a mail that seems
to go to everyone on the list, but actually is targeted specifically at
a single address. This way one could flush out spammers from the list,
by reverse mapping which addresses receives spam mail.

Of course this mailaddress must never reach the mailingarchives. That
would undermine their very idea. And if they were, then one would have
to have a separate address for the archives.

> Is it a single server/address spamming you? The spam that I see typically 
> comes from appearingly randomly generated addresses, so that wouldnt make 
> tracking a spammer down any easier...

I can't really tell, I was only stunned by the swift response from the
spammer community. I received a spam mail only a few hours after posting
for the first time with this address, which has been made only for
receiving gentoo-list mail. 

They've sent only two mails until now, and they were from different
origins.
-- 
--
Sincerely   Vennlig Hilsen

Tom Fredrik Klaussen
Rosendalsvn. 16B
N-1166 Oslo
Norway


--
[EMAIL PROTECTED] mailing list

Re: [gentoo-user] Spam from gentoo-lists

2004-01-04 Thread Daniel Drake 
As I said earlier, this is not so much of a problem, as it is an
annoyance. The real problem is of course that this list is the source
for email adresses.
What about setting up some honey pots?
The list admin could for instance send some kind of email with unique
from field, and see what addresses respond.
Interesting idea, but the spam mails you recieve probably come from a 
completely different machine than the ones that pick up your email address 
from this mailing list. And if the addresses are picked out from archives by 
web-spiders, then they wouldnt even have to be subscribed to the list (so 
theres no way that the list admin could stop them getting the mails..)

Is it a single server/address spamming you? The spam that I see typically 
comes from appearingly randomly generated addresses, so that wouldnt make 
tracking a spammer down any easier...

Daniel.

--
[EMAIL PROTECTED] mailing list

Re: [gentoo-user] Spam from gentoo-lists

2004-01-04 Thread Tom Fredrik Blenning Klaussen 
On Sun, 2004-01-04 at 21:53, Daniel Drake wrote:
> Tom Fredrik Blenning Klaussen wrote:
> > I made my first post ever with this mail address to this list yesterday,
> > and already today I receive spam on it. Not such a big deal, since this
> > address is only used for receiving list mail, so anything that isn't to
> > any of the lists is crap per se. But it's still no fun.
> > 
> > I'm aware that a similar post was made very recently, but it seems like
> > someone is eavesdropping, continously scanning the mail archive or
> > something.
> 
> It is more likely to be a "bot" - a program looking for as many email 
> addresses as it can find. A program like this could be subscribed to the list 
> and indexing every address, or perhaps picking addresses up through archives 
> (a google-search for "gentoo-user archive" produces 3 big archives in the top 10).
> 
> > Could anyone think of a resolution to this problem?
> > 
> > Obfurscation of the mail archive?
> 
> Not likely. The only way to do that would be to completely remove the "From:" 
> header or something. I suppose thats an advantage of forum-like systems, email 
> addresses arent so easily available.
> 
> Still, you could a spam filter - if configured correctly, they help a lot. I 
> use one called DisSpam which is fairly simplistic. I've written about it here:
> http://www.reactivated.net/disspam.php

As I said earlier, this is not so much of a problem, as it is an
annoyance. The real problem is of course that this list is the source
for email adresses.

What about setting up some honey pots?
The list admin could for instance send some kind of email with unique
from field, and see what addresses respond.

Anyway, just my ravelling.
-- 
--
Sincerely   Vennlig Hilsen

Tom Fredrik Klaussen
Rosendalsvn. 16B
N-1166 Oslo
Norway


--
[EMAIL PROTECTED] mailing list

Re: [gentoo-user] Spam from gentoo-lists

2004-01-04 Thread Daniel Drake 
Tom Fredrik Blenning Klaussen wrote:
I made my first post ever with this mail address to this list yesterday,
and already today I receive spam on it. Not such a big deal, since this
address is only used for receiving list mail, so anything that isn't to
any of the lists is crap per se. But it's still no fun.
I'm aware that a similar post was made very recently, but it seems like
someone is eavesdropping, continously scanning the mail archive or
something.
It is more likely to be a "bot" - a program looking for as many email 
addresses as it can find. A program like this could be subscribed to the list 
and indexing every address, or perhaps picking addresses up through archives 
(a google-search for "gentoo-user archive" produces 3 big archives in the top 10).

Could anyone think of a resolution to this problem?

Obfurscation of the mail archive?
Not likely. The only way to do that would be to completely remove the "From:" 
header or something. I suppose thats an advantage of forum-like systems, email 
addresses arent so easily available.

Still, you could a spam filter - if configured correctly, they help a lot. I 
use one called DisSpam which is fairly simplistic. I've written about it here:
http://www.reactivated.net/disspam.php

Daniel.

--
[EMAIL PROTECTED] mailing list

Re: [gentoo-user] Spam from gentoo-lists

2004-01-04 Thread Sascha Cunz 
Hi,
> Could anyone think of a resolution to this problem?
>
> Obfurscation of the mail archive?

It's not that easy at all - because most of the spamable-mail-adress-scanners 
work differently.

Since everybody can subscribe to this mailinglist, one simply needs to write a 
small mailer daemon which accepts emails from the list and collects the 
adresses inside the headers.

I currently can't imagine of a way to stop that.

Regards Sascha

--
[EMAIL PROTECTED] mailing list

[gentoo-user] Spam from gentoo-lists

2004-01-04 Thread Tom Fredrik Blenning Klaussen 
I made my first post ever with this mail address to this list yesterday,
and already today I receive spam on it. Not such a big deal, since this
address is only used for receiving list mail, so anything that isn't to
any of the lists is crap per se. But it's still no fun.

I'm aware that a similar post was made very recently, but it seems like
someone is eavesdropping, continously scanning the mail archive or
something.

Could anyone think of a resolution to this problem?

Obfurscation of the mail archive?
-- 
--
Sincerely   Vennlig Hilsen

Tom Fredrik Klaussen
Rosendalsvn. 16B
N-1166 Oslo
Norway


--
[EMAIL PROTECTED] mailing list