Spam
How do I setup my mail server to help reduce the amount of spam it receives.Or better what are the steps taken to do this.Also How do I properly block out certain Ip's from sending mail to my server. Thanks Mike
SPAM!!!!!
Hello everyone, could you give one good solution for spam in qmail ? regards -- - Luís Bezerra de A. Junior [EMAIL PROTECTED] SecrelNet Informática LTDA Fortaleza - Ceará - Brasil Fone: 021852882090 -
Spam
Hi, I had a spammer in my system which sent many mails to many domains, and as I have tcp.smtp rules it should did it from my own dialups, so I have the syslog with the following messages.. Is there any way to know the IP from this guy?. And How can I filter per Subject instead of From???. Here's the log:Nov 7 15:53:11 babel qmail: 942000791.265761 info msg 143554: bytes 18920 from <[EMAIL PROTECTED]> qp 1318 uid 101 Nov 7 15:53:11 babel qmail: 942000791.331364 starting delivery 6979: msg 143554 to local [EMAIL PROTECTED] Nov 7 15:53:11 babel qmail: 942000791.331556 status: local 1/10 remote 0/20 Nov 7 15:53:11 babel qmail: 942000791.527908 new msg 143555 Nov 7 15:53:11 babel qmail: 942000791.528148 info msg 143555: bytes 19408 from <> qp 1322 uid 108 Nov 7 15:53:11 babel qmail: 942000791.680963 starting delivery 6980: msg 143555 to local [EMAIL PROTECTED] Nov 7 15:53:11 babel qmail: 942000791.681167 status: local 2/10 remote 0/20 Nov 7 15:53:11 babel qmail: 942000791.715031 delivery 6980: failure: admin__:sintesoft.com:sintesoft.com/POP_user_does_not_exist,_but_will_deliver _to_/mail/vpopmail/domains/sintesoft.com/postmaster/Reason_for_failure:_/User_over_quota,_size_=_2299815/ Nov 7 15:53:11 babel qmail: 942000791.757477 status: local 1/10 remote 0/20 Nov 7 15:53:11 babel qmail: 942000791.860593 bounce msg 143555 qp 132ov 8 10:14:04 babel qmail: 942066844.193751 new msg 143539 Nov 8 10:14:04 babel qmail: 942066844.194014 info msg 143539: bytes 18547 from <[EMAIL PROTECTED]> qp 9352 uid 101 Nov 8 10:14:04 babel qmail: 942066844.266497 starting delivery 8091: msg 143539 to remote [EMAIL PROTECTED] Nov 8 10:14:04 babel qmail: 942066844.266685 status: local 0/10 remote 1/20 Nov 8 10:14:06 babel qmail: 942066846.278123 delivery 8091: success: 200.10.106.24_accepted_message./Remote_host_said:_250_Message_received:_19991 [EMAIL PROTECTED]/ Nov 8 10:14:06 babel qmail: 942066846.291431 status: local 0/10 remote 0/20 Nov 8 10:14:06 babel qmail: 942066846.291616 end msg 143539 Nov 8 10:14:18 babel vpopmail[9359]: virtual POP for matias@ from 200.43.4.2 Nov 8 10:14:21 babel qmail: 942066861.339228 new msg 143539
spam
Hey! I discovered this free service called eLOL, electronic Laugh Out Loud that sends jokes to you every day. It uses some sort of "smart technology" that learns your sense of humor. This "spam" joke is so funny I had to send it to you. Check this link to view the joke: http://www.elol.com/site/ViewJoke?title=spam&url=05/600028.gif&name=CTarricone By registering for eLOL today you're automatically entered to WIN A BRAND NEW PALM V. eLOL not only delivers the best jokes on the net, it actually learns your sense of humor and sends the jokes you'll like most. Download is availabe from http://www.elol.com/download/
SPAM Security
Hi, How i can do this task and how configure the software ? I have a system pop before smtp. When user [EMAIL PROTECTED] use with pop before smtp my smtp server he can send only e-mail to his domain (in this exemple domain.com) or to domain2.com. When user specify for smtp server a password (the server check in the list /etc/smtppassword, no use vpopmail), he can send mail to all domain. Thanks
Spam Removal
I keep getting sent SPAM from this company based in CA trying to sell me a MasterDisc 2000 which i know is a scam i have followed all there procedures to remove my domains from there lists and they went and actaully added them and more to there lists so i ave been getting flooded with there crap mails. I have faxed in removal requests, emailed them, phoned them and they still will not remove my domains. Any suggestions on what i can do ? I would like to setup some sort of spam removal but i would also if possible like to take some sort of legal action. Any suggestions would be greatly appreciated. And i have pasted a header from one of there mails below. > Return-Path: <[EMAIL PROTECTED]> Delivered-To: [EMAIL PROTECTED] Received: (qmail 10844 invoked by uid 98); 17 Jun 2001 16:02:45 - Delivered-To: [EMAIL PROTECTED] Received: (qmail 10842 invoked from network); 17 Jun 2001 16:02:44 - Received: from tth.taiyo-toy.co.jp (HELO www.taiyo-toy.co.jp) (210.225.132.20) by ns1.ideathcare.com with SMTP; 17 Jun 2001 16:02:44 - Received: from ..! .. From: [EMAIL PROTECTED] Message-Id: <[EMAIL PROTECTED]> Date: Sun, 17 Jun 2001 12:09:02 -0400 To: [EMAIL PROTECTED] Subject: MasterCD 2001 - Customer Sources > I know that replying to them will not work since the obvious are not a legitimate company. Why else would they use yahoo.com and excite.com email addresses for there return. I just do not see where i can block out there IP with my TCP Server. every letter i get from them is a different source account. Thanks Jeremy Suo-Anttila [EMAIL PROTECTED]
SPAM BLOCKING
Hi, Please can someone drop me a hint as to the method of protecting myself from spam using the rblsmtpd? Thanks Slider
SPAM Relay
HI, My SMTP Server is open for relay where X-Envelope-Recipient: . Plz, How to remove this bug ? Thanks... Marcilio AlterNex Brasil
Blackmail / spam
Hi all, Anyone using blackmail with qmail? I am having problems getting this to work. When ever I turn it on, it stops incomming email. vav
Re: Spam
On Fri, Sep 08, 2000 at 08:37:55AM -0700, Mike Jimenez wrote: > How do I setup my mail server to help reduce the amount of spam it > receives.Or better what are the steps taken to do this.Also How do I > properly block out certain Ip's from sending mail to my server. http://www.summersault.com/chris/techno/qmail/qmail-antispam.html -- Ben Beuchler [EMAIL PROTECTED] MAILER-DAEMON (612) 321-9290 x101 Bitstream Underground www.bitstream.net
spam processing
sadly, one of our domains seems to have gotten onto one or more of those "Buy * Million first class spam recipients' email addresses NOW" lists/CDs. so we keep receiving mails from all over this lovely planet for the non existent users michellep tonyak jenniferd barbik melindaa gabriellej barbis doloresz melindab junem (exciting isn't it) i would like to process them automatically via a .qmail* file, and one thing i would like to extract automatically is the IP of the SMTP relay that sent the mail to our server. example: Return-Path: <[EMAIL PROTECTED]> Received: (qmail 28677 invoked by alias); 21 Sep 2000 01:26:51 - Delivered-To: [EMAIL PROTECTED] Received: (qmail 28673 invoked from network); 21 Sep 2000 01:26:51 - Received: from unknown (HELO srvweb.IMPI-GIPSI.FR) (194.206.111.65) by 192.168.27.19 with SMTP; 21 Sep 2000 01:26:51 - Received: from cs28100-41.houston.RR.COM by srvweb.IMPI-GIPSI.FR with SMTP (Microsoft Exchange Internet Mail Service Version 5.0.1457.7) id S52XFY3D; Thu, 21 Sep 2000 00:07:33 +0200 DATE: 20 Sep 00 5:08:51 PM FROM: [EMAIL PROTECTED] Message-ID: SUBJECT: get shopping discounts, improve your quality of life so i would like to extract 194.206.111.65 from the line Received: from unknown (HELO srvweb.IMPI-GIPSI.FR) (194.206.111.65) i am rather new at parsing ... and PERL? is that something you wear around your neck? sorry if you consider this off topic, it certainly is part of my life with qmail *g* cheers wolfgang
spam filter
I have an IMAP mailbox and I have read in the fetchmail-doc that I could keep out the spam mails; fetchmail dowloads the mail header and body separate. If fetchmail download the header and get an error code [550, 570] it doesnt't download the body of the mail. How could I do that with qmail? Thanks Attila -- - Debian 2.1 / 2.0.36 / qmail - - Mail: [EMAIL PROTECTED] -
Anti-Spam
Hi everybody, I've installed qmail in a Red Hat 5.1 and I've been noticed that my server is used for spamming purposes. I've tried something in hosts.allow, putting parameters like tcp-env: xxx.xxx.xxx.xxx : setenv = RELAYCLIENT where xxx.xxx.xxx.xxx is the IP or IP range granted to send messages through my SMTP server, but it seems not to work properly. Can anybody help me? Thanks in advance, Carles Latorre i MusollTècnic de SistemesSTRATEGY Consultors C/ Casp, 106 1er 1ª Pº de la Castellana, 14108010 Barcelona Edificio Cuzco IVTel: 93 232 73 73 28046 MadridFax: 93 231 56 56 Tel: 91 749 80 32 Fax: 91 570 71 99 [EMAIL PROTECTED]http://www.strategyconsultors.com
Stopping spam
Hello. If I want to stop some kinds of spam, do I have to install procmail or qmail can defeat spam? Are more programs, like procmail, to defeat spam?
Re: Spam
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 10 Nov 99, at 16:48, Martin Paulucci wrote: > I had a spammer in my system which sent many mails to many domains, and as > I have tcp.smtp rules it should did it from my own dialups, so I have the > syslog with the following messages.. Is there any way to know the IP from > this guy?. You're showing us logs from qmail. There's nothing about the originator in there. Do you have logs from tcpserver? You should find it in there (by time, and by qp - qp shall be close to qp in the qmail logs). Alternatively, if you have a spam message in your hands (a copy from the queue, or a bounce with full headers), have a look at "Received" lines. > And How can I filter per Subject instead of From???. Beg your pardon? -BEGIN PGP SIGNATURE- Version: PGP 6.0.2 -- QDPGP 2.60 Comment: http://community.wow.net/grt/qdpgp.html iQA/AwUBOCmxuVMwP8g7qbw/EQK4YgCffuduWM5p1mLsHghfzm1SgJnlK2UAniI6 LVcG9sQcWzrHAB9O5QUAsDnZ =Sm9o -END PGP SIGNATURE- -- Petr Novotny, ANTEK CS [EMAIL PROTECTED] http://www.antek.cz PGP key ID: 0x3BA9BC3F -- Don't you know there ain't no devil there's just God when he's drunk. [Tom Waits]
Internal SPAM
One way to control SPAM is checking the header size, some of my users are sending mail to all my users (2000) and this would be a way to exclude that kind of mail, so: - How can I check mail header size, or - what other ways are there to prevent SPAM, even internal SPAM
spam filters
Hi, I would like to know how to get spam filters set up? I have installed rblsmtp and it is running - but it does not seem to be blocking?? Is there some documentation I am missing?? Thanks in advance --Tonino
Spam deflection
Hi, I'm receiving spam through various open SMTP relays but originating from a specific network IP and I'd like to block messages originating from that network IP while allowing e-mail from the various open SMTP relays. What's the best way to do that? I've tried communicating with the open relays, but there are so many of them, and many are outside the US. Additionally, I'd like to receive e-mail from some of the open relay servers. I've tried to find out who administers the spamming network IP, but reverse lookups reveal nothing and they don't appear to allow incoming e-mail, so it looks like the only actions I can take are to ignore the problem or block the originator.
SPAM-filtering!
Does anyone care to share ideas on how to implement the folowing: We are using RBLSMTPD to block mail from RBL/DUL/RSS/ORBS, but are on the brink of TAGing some of these mails. Our first plan is to remove ORBS from RBLSMTPD and add "unknown" methods to send a REALYCLIENT="@orbs.spam" causing all mail from ORBS-listings to be handled by a .qmail-orbs:spam-default. If we can do this then our .qmail-orbs:spam-default wil do the folling things: ./ORBS.SPAM/ |/spam/bin/warnENVELOPFROMof24hourdelay |/spam/bin/warnENVELOPRCPTof24hourdelay |/spam/bin/warnPOSTMASTERofOpenRealy Then maildirserial will run every hour sending all mail older than 24 hours. If you know any "unknown" methods than will help us accomplish this, we would be very grateful for you insight and tips you can give us/me. BTW: the .qmail-orbs:spam-default is symbolic, it will look different when it is finished! Regards André Paulsberg
Spam control
Being a newbie to Qmail I am interested in how other people are controlling their spam rules. I run quite a few virtual domains that require me to allow people from other networks than my own to send and receive mail through my server. What is the best way to setup your server so you can't be used to spam people to death, but still let your users get in and out? KRis
Rejecting spam
Hello! I haven't find it in FAQ's... how do I set up tcpserver to reject SMTP connections from non-resolving hosts? Alex.
SPAM - Help!
Hello, Someone is using another smtp server to send a very big spam, but they write the header with FROM = an unknown user of one of my virtual domains, so postmasters keep sending bounce messages or autoresponders to this unknown user and my postmaster is receving more than 1 emails. I've temporary created this unknows user, but how can I stop this? I can't remove the domain of my list of virtual domains because there are more then 100 valid users to this domain... The spammer is from USA and I'm from Brazil, I don't known this f... I really need help!!! Thanks, Ari
Anti-Spam
I'm wondering for anti spam to install on my qmail mail server. Whant you can suggested me. Thanks
Internal Spam
Hi,
We are in serious trouble with a virus email named "branca de neve", I
guess when our user press "send/receive", about 10 emails are send to
world wide.
After two days minning, I find Andrew Pam (www.sericyb.com.au) script
that check if sender ("From: ") is in rccpthosts, but I don't know how to
use the script.
I try to:
1. rename "qmail-remote" to "qmail-remote.real"
2. create a file named "qmail-remote" with:
/var/bin/qmail/adbait.pl | /var/qmail/bin/qmail-remote.real "$*"
3. When I try send an email to the world, I receive "Unable_to_run_qmail-
remote"
4. I did chmod 775 on qmail-remote and adbait.pl
any idea??
TIA
att,
ronaldo miranda
www.divinet.com.br
www.isp.com.br
(37) 3222-8870 (37) 9963-8241
spam filter
Hi, I want to filter out messages with the following header from being sent out by a user on my system: - Hi. This is the qmail-send program at relay.ispkenya.com. I tried to deliver a bounce message to this address, but the bounce bounced! <[EMAIL PROTECTED]: Sorry, I couldn't find any host named compuserve.com Received: (qmail 28950 invoked from network); 6 Jan 2001 05:27:45 - Received: from unknown (HELO aiesec?kenya) (216.252.186.94) by relay.ispkenya.com with SMTP; 6 Jan 2001 05:27:45 - From: Hahaha <[EMAIL PROTECTED]> Subject: Snowhite and the Seven Dwarfs - The REAL story! MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="--VE5UFCHQFKPQVSHUN89Q741" - I have tried putting some portions of the above in the badmailfrom control file to no avail. Any tips? Thanks, Brian
Re: Spam Removal
Jeremy Suo-Anttila wrote: > > I keep getting sent SPAM from this company based in CA trying to sell me a > MasterDisc 2000 which i know is a scam i have followed all there procedures > to remove my domains from there lists and they went and actaully added them > and more to there lists so i ave been getting flooded with there crap mails. > I have faxed in removal requests, emailed them, phoned them and they still > will not remove my domains. I realize this is like closing the barn door after the horse has escaped, but --- as a general rule, you *never* reply to "To Remove, Send Us An E-mail" lines in a piece of spam. As you have now painfully discovered, 90% of the time that information is used to send you yet more spam. For the spammer, it's a confirmation that the address they have is valid. -Stephen-
Re: Spam Removal
Jeremy Suo-Anttila wrote: > > I keep getting sent SPAM from this company based in CA trying to sell me a > MasterDisc 2000 which i know is a scam i have followed all there procedures > to remove my domains from there lists and they went and actaully added them > and more to there lists so i ave been getting flooded with there crap mails. > I have faxed in removal requests, emailed them, phoned them and they still > will not remove my domains. Any suggestions on what i can do ? I would like > to setup some sort of spam removal but i would also if possible like to take > some sort of legal action. Ahh . . . if only we could sue them, think of the money to be had there. In all seriousness, just throw their mail server's IP address/block into your tcpservers' rules with a deny parameter. -- Nick (Keith) Fish Network Engineer Triton Technologies, Inc.
Re: Spam Removal
I have already done this and yes i do have pop b4 smtp setup and running so i am not asking about me being a relay as some people on the list think. Does anyone know a good how to or site where i can get info on rejecting all mail that is not addressed directly to me or my users ? ie so if it get mail like i did earlier that was sent to : [EMAIL PROTECTED] <[EMAIL PROTECTED]> It will just delete it or send it to a bulk mail folder ? I know that hotmail and excite have features like this so it should be possible i belive . Thanks Again Jps > Jeremy Suo-Anttila wrote: > > > > I keep getting sent SPAM from this company based in CA trying to sell me a > > MasterDisc 2000 which i know is a scam i have followed all there procedures > > to remove my domains from there lists and they went and actaully added them > > and more to there lists so i ave been getting flooded with there crap mails. > > I have faxed in removal requests, emailed them, phoned them and they still > > will not remove my domains. Any suggestions on what i can do ? I would like > > to setup some sort of spam removal but i would also if possible like to take > > some sort of legal action. > > Ahh . . . if only we could sue them, think of the money to be had there. > In all seriousness, just throw their mail server's IP address/block into > your tcpservers' rules with a deny parameter. > > -- > Nick (Keith) Fish > Network Engineer > Triton Technologies, Inc. >
Re: Spam Removal
On Sun, 17 Jun 2001 17:13:51 -0500, "Jeremy Suo-Anttila" <[EMAIL PROTECTED]> wrote: >I have already done this and yes i do have pop b4 smtp setup and running so >i am not asking about me being a relay as some people on the list think. >Does anyone know a good how to or site where i can get info on rejecting all >mail that is not addressed directly to me or my users ? Sounds like you have a "default" mailbox set up. Just remove that mailbox and make sure each user has a .qmail file and those messages will be bounce. As to denying the servers they are using, I have been watching them. They originate from a different address that traced to .kr or .cn or some other unfriendly country, so you can't email their provider to turn them off. They also relay from a different relay each time. Every time they start these campaigns I get their spam for a few days, then every email address on their list gets 10 times the spam for a while. I am considering screening out ALL .cn and .kr mailservers. Is there an easy way to do that? Ed Weinberg, Q5 Comm, LLC. [EMAIL PROTECTED] tel 914-713-7222 fax 914-713-7227 Connecting you to the internet...
RE: Spam Removal
Please let know if you find a way to block all of the domains you mentioned. Also do you think someone like arin.net would have there blocks of ips on file and then we can just block them ? Thanks Jps From: Ed Weinberg [mailto:[EMAIL PROTECTED]] Sent: Monday, June 18, 2001 10:13 AM Subject: Re: Spam Removal On Sun, 17 Jun 2001 17:13:51 -0500, "Jeremy Suo-Anttila" <[EMAIL PROTECTED]> wrote: >I have already done this and yes i do have pop b4 smtp setup and running so >i am not asking about me being a relay as some people on the list think. >Does anyone know a good how to or site where i can get info on rejecting all >mail that is not addressed directly to me or my users ? Sounds like you have a "default" mailbox set up. Just remove that mailbox and make sure each user has a .qmail file and those messages will be bounce. As to denying the servers they are using, I have been watching them. They originate from a different address that traced to .kr or .cn or some other unfriendly country, so you can't email their provider to turn them off. They also relay from a different relay each time. Every time they start these campaigns I get their spam for a few days, then every email address on their list gets 10 times the spam for a while. I am considering screening out ALL .cn and .kr mailservers. Is there an easy way to do that? Ed Weinberg, Q5 Comm, LLC. [EMAIL PROTECTED] tel 914-713-7222 fax 914-713-7227 Connecting you to the internet...
RE: Spam Removal
You Wrote: >Please let know if you find a way to block all of the domains you mentioned. >Also do you think someone like arin.net would have there blocks of ips on >file and then we can just block them ? I believe IANA has the master list of IP blocks that lists where they are assigned to (high level): http://www.isi.edu/in-notes/iana/assignments/ipv4-address-space -- Roger Walker Tier III Messaging/News Team Internet Applications, National Consumer IP TELUS Corporation 780-493-2471
Re: Spam Removal
Hi, >... >I am considering screening out ALL .cn and .kr mailservers. Is there >an easy way to do that? how about the badmailfrom-file. I think append/inserting .cn and .kr to/in that file and all mails from that top-level domains will be rejected. Regards, Ruprecht
Re: Spam Removal
Ruprecht Helms wrote: > > Hi, > >... > >I am considering screening out ALL .cn and .kr mailservers. Is there > >an easy way to do that? > > how about the badmailfrom-file. I think append/inserting .cn and .kr to/in > that file and all mails from that top-level domains will be rejected. > > Regards, > Ruprecht That will only help if .cn/.kr appears as the envelope sender. You're better of using tcpserver's rules file to block by domain address, assuming they don't have false DNS entries to hide their origin, in which case you would need to block by IP address. -- Nick (Keith) Fish Network Engineer Triton Technologies, Inc.
more spam bouncing
After some thought, perhaps I shoud clarify what I am trying to do. I have looked and looked, and seems most every feature for filtering relies on .qmail files, or something like procmail. I would like to determine if there is a way to avoid both of these. Since the machines in question with this problem are relays (private relays in case you are wondering), there are no home directories for me to add .qmail files to. Also, since they don't hold mail locally, with procmail, the path would be: sender > qmail > procmail > qmail > relay target host which would signifigantly increase the load required to send each piece of mail on to it's destination. I don't want to send every piece of mail through procmail (or similar) if I don't have to. What would be great would be to have qmail-smtpd catch the HELO or MAIL FROM address the sender gives (a la badmailfrom) and do something, like perhaps dump the mail to a local account for further processing, or initiate a bounce, anything other than just an smtp reject. This way, good mail would travel clean on through the relay without being subject to any additional filtering, and only mail matching a bad domain would get handled further. This may be entirely out of the realm of capability within the parameters I have described, I'm not sure. It just seems there must be some way to fanagle qmail itself into reacting to the sender domain. If this answer is painfully obvious, feel free to slap me, but I'd rather know regardless :) Mike Culbertson
Re: Spam Removal
Roger Walker wrote: > > You Wrote: > > >Please let know if you find a way to block all of the domains you mentioned. > >Also do you think someone like arin.net would have there blocks of ips on > >file and then we can just block them ? > > I believe IANA has the master list of IP blocks that lists where > they are assigned to (high level): > > http://www.isi.edu/in-notes/iana/assignments/ipv4-address-space Unfortunately this list doesn't offer the necessary granularity to allow someone to block addresses in Korea and China. The closest you can come here, it would seem, would be to block the entire Pacific Rim. What about APNIC? -Stephen-
Qmailt and spam
Yesterday I got about 100 failure notices bounced to me as postmaster. Today I got an abuse notice from my server provider. So this spammer must be able to relay through me somehow. Qmail has been working for me for over a year. Is anybody else having this problem? Where should I look for answers? The spammer seems to somehow be using the user qmailt as the originator. A copy follows. uid 12355 is the user qmailt. Mike Grier - Delivered-To: x Return-Path: <[EMAIL PROTECTED]> X-Envelope-To: xX-Envelope-From: [EMAIL PROTECTED] X-Delivery-Time: 993094914 Received: (qmail 13252 invoked from network); 21 Jun 2001 03:41:54 - Received: from lightning.mail.pipex.net (158.43.128.144) by firestorm.mail.pipex.net with SMTP; 21 Jun 2001 03:41:54 - Received: (qmail 6926 invoked from network); 21 Jun 2001 03:43:07 - Received: from e1city.com (216.110.45.57) by depot.dial.pipex.com with SMTP; 21 Jun 2001 03:43:07 - Received: (qmail 23293 invoked by uid 12355); 20 Jun 2001 22:30:44 - Date: 20 Jun 2001 22:30:44 - Message-ID: <[EMAIL PROTECTED]> From: [EMAIL PROTECTED] To: x Content-Type: text/plain;charset=iso-8859-1 Subject: Attention!... -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: 20 June 2001 23:31 To: x Subject: Attention!... disgusting spam snipped
Re: SPAM BLOCKING
* Slider <[EMAIL PROTECTED]> writes: > Please can someone drop me a hint as to the method of protecting > myself from spam using the rblsmtpd? Chris Hardie has written an extremely useful document called "qmail Anti-Spam HOWTO" in which he explains various methods of thwarting Spam. http://www.summersault.com/chris/techno/qmail/qmail-antispam.html -- Robin S. Socha <http://socha.net/>
network solutions spam
Anyone noticed a spike in the last month in spam from Network Solutions? I'm thinking about adding some of their domains to my badmailfrom as neither orbs nor maps seems to be blocking this spam. Anyone paying better attention than I to the source of this spam? John
Outbouns SPAM Control
Any know how can I limit the number of emails that a user can send with the same subject in a determined period of time ? RDA.-
Re: SPAM Relay
Marcilio Jorgensen Cassella <[EMAIL PROTECTED]> writes on 22 August 2000 at 17:28:10 -0300 > My SMTP Server is open for relay where X-Envelope-Recipient: > . Plz, How to remove this bug ? Thanks... No it isn't; it accepts the message (because qmail-smtpd doesn't know enough about the various virtual domains you serve to know which addresses are valid and which are not), but it does not relay it; it bounces it when it discovers the address is not local. -- Photos: http://dd-b.lighthunters.net/ Minicon: http://www.mnstf.org/minicon Bookworms: http://ouroboros.demesne.com/ SF: http://www.dd-b.net/dd-b David Dyer-Bennet / Welcome to the future! / [EMAIL PROTECTED]
Re: SPAM Relay
On Tue, Aug 22, 2000 at 05:28:10PM -0300, Marcilio Jorgensen Cassella wrote: > HI, > > My SMTP Server is open for relay where X-Envelope-Recipient: > . Plz, How to remove this bug ? Thanks... Are you sure you are relaying these or do they get delivered to a catch all account on your host? Otherwise, remove your IP address from the file /var/qmail/control/percenthack (man qmail-control and man qmail-send). -Johan -- Johan Almqvist
Re: SPAM Relay
On 22-Aug-2000, Marcilio Jorgensen Cassella wrote: > My SMTP Server is open for relay where X-Envelope-Recipient: > . Plz, How to remove this bug ? Thanks... What bug? If /var/qmail/control/percenthack doesn't exist or empty, it's probably a false positive given by one of the open-relay testers. Ronny
Re: spam processing
wolfgang zeikat <[EMAIL PROTECTED]> wrote: >so we keep receiving mails from all over this lovely planet for the non >existent users >michellep tonyak jenniferd barbik melindaa gabriellej barbis doloresz >melindab junem >(exciting isn't it) > >i would like to process them automatically via a .qmail* file, and one >thing i would like to extract automatically is the IP of the SMTP relay >that sent the mail to our server. For each user, create a ~alias/.qmail-username file containing: |extract_relay where "extract_relay" is a shell/awk/perl/whatever script that finds the relay IP address and logs it. Writing this script is beyond the scope of this list. >i am rather new at parsing ... and PERL? is that something you wear around >your neck? > >sorry if you consider this off topic, it certainly is part of my life with >qmail *g* It's not that I "consider" it off topic, it's that it *is* off topic. If it was a one-liner or something I could spout off the top of my head, I'd be happy to answer you, but it's not. You really should pick a scripting language, learn about it, and if you still need more help, contact a support forum for that language. -Dave
Re: spam processing
This program will only grab the most recent (last) Received: line's IP
address.
It can be modified to do more if you like, or you could just have it dump
its output to a file listing IPs and every night run it through sort & uniq.
-x-CUT-x
#!/usr/bin/perl
$names="name1|name2|name3";
while (<>)
{
if (/Received: from/) { $received = $_; }
if (/To:.*$names/i)
{
$received =~ s/(([0-9]{1,3}\.){3}[0-9]{1,3})/$1/;
$SpamIP = $1;
# If you want to print them out ...
print "$SpamIP\n";
}
}
-x-CUT-x
> i would like to process them automatically via a .qmail* file, and one
> thing i would like to extract automatically is the IP of the SMTP relay
> that sent the mail to our server. example:
> [...]
> so i would like to extract 194.206.111.65 from the line
> Received: from unknown (HELO srvweb.IMPI-GIPSI.FR) (194.206.111.65)
Re: spam processing
This program will only grab the most recent (last) Received: line's IP
address.
It can be modified to do more if you like, or you could just have it dump
its output to a file listing IPs and every night run it through sort & uniq.
-x-CUT-x
#!/usr/bin/perl
$names="name1|name2|name3";
while (<>)
{
if (/Received: from/) { $received = $_; }
if (/To:.*$names/i)
{
$received =~ s/(([0-9]{1,3}\.){3}[0-9]{1,3})/$1/;
$SpamIP = $1;
# If you want to print them out ...
print "$SpamIP\n";
}
}
-x-CUT-x
> i would like to process them automatically via a .qmail* file, and one
> thing i would like to extract automatically is the IP of the SMTP relay
> that sent the mail to our server. example:
> [...]
> so i would like to extract 194.206.111.65 from the line
> Received: from unknown (HELO srvweb.IMPI-GIPSI.FR) (194.206.111.65)
Patch for spam
Hi,
I want to write the following patch for qmail. At some small site,you can only
filtrate the spam by the filter invoke from dotqmail, but our server will receive over
10 junk mails per day,qmail-send & qmail-local take so much time to delivert
these letters. Kill the spam in qmail-smtpd should be the best way.
But the problem is how to write the function 'spamcheck(int spamflag)' ?
In qmail-smtpd.c:
+ spam=0;
received(&qqt,"SMTP",local,remoteip,remotehost,remoteinfo,fakehelo);
blast(&hops);
+ spamcheck(&spam); //The functin will read some control file,such as
+control/badkeyword, if matched,then ...
hops = (hops >= MAXHOPS);
if (hops) qmail_fail(&qqt);
qmail_from(&qqt,mailfrom.s);
qmail_put(&qqt,rcptto.s,rcptto.len);
qqx = qmail_close(&qqt);
if (!*qqx) { acceptmessage(qp); return; }
if (hops) { out("554 too many hops, this message is looping (#5.4.6)\r\n"); return; }
+ if (spam) { out("551 Spam shit! You are not welcome!\r\n"; return; );
if (databytes) if (!bytestooverflow) { out("552 sorry, that message size excee...
if (*qqx == 'D') out("554 "); else out("451 ");
out(qqx + 1);
out("\r\n");
then,it will do something like this:
220 mydomain.com ESMTP
helo iamspam
250 mydomain.com
mail from:<>
250 ok
rcpt to:
250 ok
data
354 go ahead
From: [EMAIL PROTECTED]
win money from <---'win money' is in control/badkeyword,so this letter
should be refused.
.
551 Spam shit! You are not welcome!
Thanks very much!
Hotdog
[EMAIL PROTECTED]
Spam mail problem
I'm looking for suggestions on this one. It has come to my attention that some of the spammers are forging their mail as being from [EMAIL PROTECTED] and relaying wherever they want. What is the best way to stop this action from happening? I'm already using rbl and orbs to block unwanted sites now. TIA, Todd Reese [EMAIL PROTECTED]
Deny Spam Mail
Is there a way to set qmail to refuse mail without proper reverse DNS Lookup? TIA, Todd Reese [EMAIL PROTECTED]
"solutions for spam"
There is no such thing as the "right" of a user to all the services an ISP provides. The user is entitled to what he's paid for. That's it. If the ISP wishes to charge extra for certain services, or to refuse to offer certain services, that's that. The customer is free to go elsewhere. This is not "prejudice", "racism", or any other silly term like that. It's "business." Whether or not you think certain policies will hurt my business is your opinion, and although you're certainly entitled to it, you're foolish to say that it IS hurting my business. I've got the marketing information and the analysis of our user base to prove the facts. If you still think you're right and I'm wrong, you're free to set up your own ISP and offer any kind of relaying services you want. A number of people have suggested that blocking direct outbound mail delivery somehow violates RFCs by deleting mail, or causes mail to be lost, or... Refusing connections is well within the rules of every RFC I've ever read. Very few here have even suggested that mail be accepted and then deleted by the server, instead of just bounced or refused. For those of you who have an "unreliable" ISP who tends to lose your mail and still refuses to allow you outbound access - I have no sympathy for you. Go find another ISP. It's your own money you're wasting staying at the ISP who won't offer the services you want. I refuse to care about your own foolishness in where you spend your money. If you want a particular service, ask for it and offer to sign a contract with the ISP. If they won't do it, go elsewhere. No one here has claimed that any spam policy is a panacea. Most of us who actually run these large systems for a living will readily admit that fighting spam is a big pain in the ass and we'd rather not have to do it. But what we want to do really doesn't matter, because we have to fight it to at least some extent. We're not trying to hide our countermeasures. Admittedly, we don't advertise in big letters "we block spam" but if a customer calls and asks about our policies we'll gladly explain them. We don't mind that the spammers know our countermeasures; they'd figure them out anyway and it makes them keep trying different things we may not know about. In the absence of any real legal protections (and I mean practical ones that actually discourage this kind of behavior) there will ALWAYS be spammers. I'm not ready to admit that the problem is so bad that we need vague laws criminalizing "commercial email," but I'm not going to wait around while people take down my mail servers either. shag = Judd Bourgeois| CNM Network +1 (805) 520-7170 Software Architect| 1900 Los Angeles Avenue, 2nd Floor [EMAIL PROTECTED] | Simi Valley, CA 93065 To ignore evil is to become an accomplice to it. -- Martin Luther King, Jr.
Legit or spam?
Hello all... I' getting quite a few of these from lusers who subscribe than quit/change e-mail addresses. Once the msg shows up in the postmaster mailbox I know its a bounce but the msg hides who it is to so I can't unsubscribe the luser who signed up for it. How can I tell who it was sent to? Is use Pine as my MUA, and even saving the message dosen't display the msg headers. Date: Tue, 22 Dec 1998 05:01:10 PST From: TipWorld <[EMAIL PROTECTED]> To: [EMAIL PROTECTED] Subject: E-Mail Mailing List of the Day [DON'T BLINK - 12/22/98] Thanks Paul D. Farber II Farber Technology 717-628-5303 [EMAIL PROTECTED]
Re: Stopping spam
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 5 Nov 99, at 17:03, Andrés Méndez wrote: > If I want to stop some kinds of spam, do I have to install procmail or > qmail can defeat spam? How exactly does procmail beat spam? > Are more programs, like procmail, to defeat spam? Yes. Have you been to www.qmail.org? There are links for a lot of them. -BEGIN PGP SIGNATURE- Version: PGP 6.0.2 -- QDPGP 2.60 Comment: http://community.wow.net/grt/qdpgp.html iQA/AwUBOCMQdVMwP8g7qbw/EQJNRgCg4viyK3d0k6Mfnh9wII8ReIC2hXAAoKin oL6e0f1s0RhyM5LZ6kCy1jR2 =AJYC -END PGP SIGNATURE-
global spam filter
I've been playing with the qmail-uce package. It seems pretty good, but the customer wants the body to be parsed by a global file, not on a per user basis. I've got a recipe that matches when calling maildrop in manual mode, but not through qmail-filter.maildrop. I've hacked the code a smidge to use a global file, and I think it should be fine, but it is not. It's like it isn't reading the message at all. an exit in the open works fine, but behind a pattern match, no go. Monte
Re: Internal SPAM
Diego A. Puertas F. <[EMAIL PROTECTED]> wrote: > One way to control SPAM is checking the header size, some of my users are > sending mail to all my users (2000) and this would be a way to exclude > that kind of mail, so: > > - How can I check mail header size, or djb's 822header can be used to do the trick. If you pipe the message to 822header, it spits out the headeri alone -- just count the bytes it outputs and set a threshold value of some sort. Charles -- Charles Cazabon <[EMAIL PROTECTED]> Any opinions expressed are just that -- my opinions.
RE: Internal SPAM
See http://www.palomine.net/qmail/tarpit.html >-Original Message- >From: Diego A. Puertas F. [mailto:[EMAIL PROTECTED]] >Sent: Friday, December 03, 1999 5:40 PM >To: [EMAIL PROTECTED] >Subject: Internal SPAM > > >One way to control SPAM is checking the header size, some of >my users are >sending mail to all my users (2000) and this would be a way to exclude >that kind of mail, so: > >- How can I check mail header size, or > >- what other ways are there to prevent SPAM, even internal SPAM > >
More spam prevention
I have a situation where there are several ISPs running open relays, which are being used by spammers to hit users at this site. I'd like to find a way to reject mail that's passed through these ISPs' mailers, regardless of what the envelope sender is. IOW, something sort of like badmailfrom, but which looks at the names/addresses of the mailers which have handled the mail along the way. Some digging in the qmail docs and sources didn't turn up anything quite right. A bit of web surfing suggests that maildrop might do what I want, but it looks like I'd have to spend some non-trivial amount of effort. Anybody have solutions or suggestions? Thanks in advance...
Re: spam filters
Tonino Greco <[EMAIL PROTECTED]> wrote:
>
> I would like to know how to get spam filters set up?
RBL blocks mail from domains which either 1) have been reported for
relaying spam, or 2) are willing to relay _any_ mail, which of course
includes spam. Using RBL blocks some spam, and some legitimate mail. The
point is to put social pressure on bad Internet citizens.
> I have installed rblsmtp and it is running - but it does not seem to
> be blocking??
How do you know? Do you mean that mail from a blacklisted domain is
getting through? Or do you mean that you are still receiving spam?
Understand: you will not prevent all spam from reaching you. Spammers
try to make their mail look exactly like "good" email: _you_ can tell
the difference, but often your _computer_ can't.
Ad hoc filters, can trap some spam. Stricter filters, more spam. BUT
strict filters will throw away legitimate email. Some examples:
1. Messages whose headers violate RFC 822 (can discard good mail)
2. Blind carbon copies (_will_ discard mailing list postings)
3. Messages with all-caps subjects (might discard good mail)
4. Messages with exclamation marks in subjects ("You're an uncle!")
5. Messages with "unsubscription information" inside (probably OK)
6. Mail with "money" or "$" in the subject ("We got the deal! Big money!")
7. Mail from anyone not on your "approved" list
8. Mail which doesn't contain the day's password in the subject
9. Mail containing any word in a dictionary of bad words
...
Only you can decide whether to shoot in self-defense; it's only your
problem if in so doing you shoot your daughter.
Len.
--
You seem to think that spam is a pattern-recognition problem. It isn't.
You're ignoring the anti-fax effect: anti-spam rules become useless when
enough people start using them. Spammers adapt.
-- Dan Bernstein
Re: spam filters
At 13:59 12/01/2000 +0200, Tonino Greco wrote: >Hi, > >I would like to know how to get spam filters set up? I have installed >rblsmtp and it is running - but it does not seem to be blocking?? I think you should subscribe another service from mail-abuse.org beside RBL, like RSS (Relay Spam Stopper), and DUL (Dial Up User List). AFAIK the more service you subscribe the lesser spam you got, because usually spammer use open relay mail server, and the place to submit open relay mail server to be banned is RSS and ORBS PS: how to do that using rblsmtpd ? --- AFLHI 058009990407128029/089802---(102598//991024)
Re: spam filters
On Sun, 09 Jan 2000 19:13:49 -0700 , Irwan Hadi writes: > At 13:59 12/01/2000 +0200, Tonino Greco wrote: > >Hi, > > > >I would like to know how to get spam filters set up? I have installed > >rblsmtp and it is running - but it does not seem to be blocking?? > > I think you should subscribe another service from mail-abuse.org beside > RBL, like RSS (Relay Spam Stopper), and DUL (Dial Up User List). > AFAIK the more service you subscribe the lesser spam you got, because > usually spammer use open relay mail server, and the place to submit open > relay mail server to be banned is RSS and ORBS The more services you subscribe to, also, the more legitimate mail you reject. You will reject tons of legitimate mail with ORBS, since ORBS lists multi-level relays. Thus, every ISP which does not implement the ORBS-approved anti-spam policy (i.e. either subscribe to ORBS, or block all port 25 traffic to customers) can have their customer relays listed in ORBS. Using ORBS as a blacklist is fine for your personal mail, or for an "internal mail only" server (e.g. in a fascist workplace), but is pretty irresponsible otherwise, IMNSHO. To be fair, ORBS is a great tool for nominating spam relays to the RSS ;-) > PS: how to do that using rblsmtpd ? With stock rblsmtpd, you chain the rblsmtpds: rblsmtpd -rrbl.maps.vix.com rblsmtpd -rrelays.mail-abuse.org \ rblsmtpd -rdul.maps.vix.com rblsmtpd -rrelays.orbs.org \ rblsmtpd -rin-addr.arpa qmail-smtpd However, with the multi-rbl patch (mentioned a few days ago on this list), you can specify multiple blacklists as multiple -r arguments, as in: rblsmtpd -rrbl.maps.vix.com -rrelays.mail-abuse.org \ -rdul.maps.vix.com qmail-smtpd -- Chris Mikkelson | Quidquid latine dictum sit, altum viditur [EMAIL PROTECTED] |
Spam, orbs, maps
Is there a patch or a script that can be used to filter by per user ?
Anti-Spam Filter
Is there anyway that Qmail can filter incoming message for certain words. Basically what I need is some kind of Rejected Words List. A message comes in and is scanned and checked against a file containing a list of words that the postmaster would like to reject. If the email message contains one of these words it is marked rejected and turned back to the sender. Does anyone know of an Add-On or anything like this I can use with Qmail? == Travis Rail, Web Master |Terra World, Inc - Connecting The Planet Terra World, Inc. |Southeast Kansas' Leading Provider 200 Arco Place, Suite 252 |Flat Fee - Never an hourly Charge Independence, Kansas 67301 |Where Service is Top Priority! Voice (316) 332-1616|http://www.terraworld.net FAX: (316) 332-1451 |[EMAIL PROTECTED] ==
qmail anti spam
everyone on this list would be interested in reading an anti spam article my sys admin wrote recently: http://www.summersault.com/chris/techno/qmail/qmail-antispam.html have fun, -justin simoni !skazat! => http://skazat.com I'll try being nicer if you'll try being smarter. -Bank of America Tech support http://skazat.com/quotes
anti spam prevention
I was thinking: pidentd encrypts the normal tap information before sending it to the requesting device. this is largely to prevent forgeries (your machine hacked my box, etc, etc, etc) and if you haven't gotten some little boy to cry wolf to you; chances are you're just lucky. but unfortunatly, when I tell other admins (even the ones who have had legitimate problems) to to a ident/tap scan, i get way too mixed of results. so i got to thinking: when the message is accepted for delivery, supply a header in the form of: X-HostID-Inet-: [key] where is the hex form of the local machines' ip address. for IPV6 and other transports, something similar can probably be used. This cooky looking header would be necessary to avoid confusing other MTA/MUA's... the key would be some encrypted goodies (such as) local user (if it came from qmail-inject or qmail-queue) remote ip address (if it was relayed -- appropriately or not) supplied username (from pre-pop'd authentication, or my smtp auth patches: www.nimh.org/code.shtml) date and time now, only the machine who IS host ID would be able to decipher the key, and thus know whether or not the angry admin has had a legitimate spam concern (and we should disable the account), or whether they're full of shit. Of course, these extremes haven't been quite necessary for me yet (otherwise I would have implimented it a while ago), as the absolute worst complaint I got was from someone who sent me a message with Sendmail 8.6's Received: headers. Is this important to anyone? Anyone have suggestions? Thoughts? Or have I had too much to drink?
RE: Spam control
hi, there are quite a lot of mailthreads concerning this in the list-archive. but to put the in a nutshell: set up rcpthosts carefully put ip's allowed to relay in tcp.smtp tell tcpserver to use tcp.smtp.cdb (-x /etc/tcp.smtp.cdb) that should do the basic setup for not to be an open relay. for further setups (authentication etc) go through the archive and have a look at the qmail homepage http://www.qmail.org/ and - of course - read Dave Sill's Life With Qmail http://web.infoave.net/~dsill/lwq.html ;) a == Alexander Jernejcic email:[EMAIL PROTECTED] begin LOVE-LETTER-UND-NIX-DAZUGELERNT.txt.vbs I am a Signature, not a Virus! end == > -Original Message- > From: Kris Keele [mailto:[EMAIL PROTECTED]] > Sent: Monday, October 16, 2000 2:46 PM > To: [EMAIL PROTECTED] > Subject: Spam control > > > Being a newbie to Qmail I am interested in how other people are controlling > their spam rules. I run quite a few virtual domains that require me to allow > people from other networks than my own to send and receive mail through my > server. What is the best way to setup your server so you can't be used to > spam people to death, but still let your users get in and out? > > KRis > > >
Logging Spam attempts
Can you log spam attempts with qmail? When I attempt to send mail to a host not in rcpthosts nothing is logged about the attempt.
RE: SPAM - Help!
If your using tcpserver, you should be denying his connection. If not you should be, you need to check LWQ for a good reference. -Original Message- From: Ari Arantes Filho [mailto:[EMAIL PROTECTED]] Sent: Friday, October 27, 2000 11:38 AM To: [EMAIL PROTECTED] Subject: SPAM - Help! Hello, Someone is using another smtp server to send a very big spam, but they write the header with FROM = an unknown user of one of my virtual domains, so postmasters keep sending bounce messages or autoresponders to this unknown user and my postmaster is receving more than 1 emails. I've temporary created this unknows user, but how can I stop this? I can't remove the domain of my list of virtual domains because there are more then 100 valid users to this domain... The spammer is from USA and I'm from Brazil, I don't known this f... I really need help!!! Thanks, Ari
Re: SPAM - Help!
On Fri, Oct 27, 2000 at 12:37:42PM -0300, Ari Arantes Filho wrote: > Hello, > > Someone is using another smtp server to send a very big spam, but they > write the header with FROM = an unknown user of one of my virtual domains, > so postmasters keep sending bounce messages or autoresponders to this > unknown user and my postmaster is receving more than 1 emails. > > I've temporary created this unknows user, but how can I stop this? I Welcome to the world of unstoppable spam. Sorry to say Ari, you cannot stop it consuming some of your resources. I've had that happen on a site where the spammer sent something like 100K messages to AOL and about half of them were bogus addresses. Having AOL consume all your smtp concurrency for a day is not fun. You'll also probably get some hate mail from people who don't read headers closely enough and think the spam originated from your site. I'd be inclined to make the user valid and have their .qmail just be a comment so that the bounces gets delivered to nowhere. Other than that you have to sit it out. Regards.
Re: SPAM - Help!
Tim Hunter wrote: > > If your using tcpserver, you should be denying his connection. > > If not you should be, you need to check LWQ for a good reference. > I think his problem is bigger than that! What I understood was that he's receiving bounce from lots of the spam destination servers. Daniel Augusto Fernandes (DAF tm) [EMAIL PROTECTED] GCSNethttp://www.gcsnet.com.br/ Se você não encontra o sentido das coisas é porque este não se encontra, se cria. Antoine Saint-Exupéry > -Original Message- > From: Ari Arantes Filho [mailto:[EMAIL PROTECTED]] > Sent: Friday, October 27, 2000 11:38 AM > To: [EMAIL PROTECTED] > Subject: SPAM - Help! > > Hello, > > Someone is using another smtp server to send a very big spam, but they > write the header with FROM = an unknown user of one of my virtual domains, > so postmasters keep sending bounce messages or autoresponders to this > unknown user and my postmaster is receving more than 1 emails. > > I've temporary created this unknows user, but how can I stop this? I > can't remove the domain of my list of virtual domains because there are more > then 100 valid users to this domain... > > The spammer is from USA and I'm from Brazil, I don't known this f... > > I really need help!!! > > Thanks, > > Ari
RE: SPAM - Help!
Well if he was denying the spammers ip it would stop any incoming mail, for the mail still in the queue I would setup a .qmail for the "fake" user and redirect it to /dev/null Problem solved, well except for contacting the spammers isp. -Original Message- From: Daniel Augusto Fernandes [mailto:[EMAIL PROTECTED]] Sent: Friday, October 27, 2000 12:28 PM To: Tim Hunter Cc: Ari Arantes Filho; [EMAIL PROTECTED] Subject: Re: SPAM - Help! Tim Hunter wrote: > > If your using tcpserver, you should be denying his connection. > > If not you should be, you need to check LWQ for a good reference. > I think his problem is bigger than that! What I understood was that he's receiving bounce from lots of the spam destination servers. Daniel Augusto Fernandes (DAF tm) [EMAIL PROTECTED] GCSNethttp://www.gcsnet.com.br/ Se você não encontra o sentido das coisas é porque este não se encontra, se cria. Antoine Saint-Exupéry > -Original Message- > From: Ari Arantes Filho [mailto:[EMAIL PROTECTED]] > Sent: Friday, October 27, 2000 11:38 AM > To: [EMAIL PROTECTED] > Subject: SPAM - Help! > > Hello, > > Someone is using another smtp server to send a very big spam, but they > write the header with FROM = an unknown user of one of my virtual domains, > so postmasters keep sending bounce messages or autoresponders to this > unknown user and my postmaster is receving more than 1 emails. > > I've temporary created this unknows user, but how can I stop this? I > can't remove the domain of my list of virtual domains because there are more > then 100 valid users to this domain... > > The spammer is from USA and I'm from Brazil, I don't known this f... > > I really need help!!! > > Thanks, > > Ari
Re: SPAM - Help!
[EMAIL PROTECTED] wrote: > > On Fri, Oct 27, 2000 at 12:37:42PM -0300, Ari Arantes Filho wrote: > > Hello, > > > > Someone is using another smtp server to send a very big spam, but they > > write the header with FROM = an unknown user of one of my virtual domains, > > so postmasters keep sending bounce messages or autoresponders to this > > unknown user and my postmaster is receving more than 1 emails. > > > > I've temporary created this unknows user, but how can I stop this? I > > Welcome to the world of unstoppable spam. > > Sorry to say Ari, you cannot stop it consuming some of your resources. I've > had that happen on a site where the spammer sent something like 100K > messages to AOL and about half of them were bogus addresses. Having AOL > consume all your smtp concurrency for a day is not fun. > > You'll also probably get some hate mail from people who don't read headers > closely enough and think the spam originated from your site. > > I'd be inclined to make the user valid and have their .qmail just be > a comment so that the bounces gets delivered to nowhere. Other than that you > have to sit it out. > > Regards. Yeah... Sad! But true! Daniel Augusto Fernandes (DAF tm) [EMAIL PROTECTED] GCSNethttp://www.gcsnet.com.br/ Se você não encontra o sentido das coisas é porque este não se encontra, se cria. Antoine Saint-Exupéry
Re: SPAM - Help!
Please, explain us how can tcpserver help in this case. It is NOT his server which is used for spamming. Thanks = 27/10/00 11:22 by Tim Hunter = | If your using tcpserver, you should be denying his connection. | | If not you should be, you need to check LWQ for a good reference. | -- Mira Tempír <[EMAIL PROTECTED]> ---[..čekit...]--- http://www.cekit.cz/ it's all about Internet
Re: SPAM - Help!
On Fri, Oct 27, 2000 at 12:24:39PM -0400, Tim Hunter wrote: > Well if he was denying the spammers ip it would stop any incoming mail, for > the mail still in the queue I would setup a .qmail for the "fake" user and > redirect it to /dev/null > > Problem solved, well except for contacting the spammers isp. As Daniel said, the problem is that he's getting the bounces because the spammer forged one of his addresses! So he's trying to stop bounces that are originating from servers all over the planet (assuming the spammer hit lots of different domains). You can't stop that with tcpserver as they are legitimate servers that he normally wants to get email from. In other words, problem not solved. Regards. > -Original Message- > From: Daniel Augusto Fernandes [mailto:[EMAIL PROTECTED]] > Sent: Friday, October 27, 2000 12:28 PM > To: Tim Hunter > Cc: Ari Arantes Filho; [EMAIL PROTECTED] > Subject: Re: SPAM - Help! > > > Tim Hunter wrote: > > > > If your using tcpserver, you should be denying his connection. > > > > If not you should be, you need to check LWQ for a good reference. > > > > I think his problem is bigger than that! What I understood was that he's > receiving bounce from lots of the spam destination servers. > > > Daniel Augusto Fernandes (DAF tm) [EMAIL PROTECTED] > GCSNethttp://www.gcsnet.com.br/ > > Se você não encontra > o sentido das coisas > é porque este não > se encontra, se cria. >Antoine Saint-Exupéry > > > -Original Message- > > From: Ari Arantes Filho [mailto:[EMAIL PROTECTED]] > > Sent: Friday, October 27, 2000 11:38 AM > > To: [EMAIL PROTECTED] > > Subject: SPAM - Help! > > > > Hello, > > > > Someone is using another smtp server to send a very big spam, but they > > write the header with FROM = an unknown user of one of my virtual domains, > > so postmasters keep sending bounce messages or autoresponders to this > > unknown user and my postmaster is receving more than 1 emails. > > > > I've temporary created this unknows user, but how can I stop this? I > > can't remove the domain of my list of virtual domains because there are > more > > then 100 valid users to this domain... > > > > The spammer is from USA and I'm from Brazil, I don't known this f... > > > > I really need help!!! > > > > Thanks, > > > > Ari >
Re: SPAM - Help!
On Fri, Oct 27, 2000 at 07:15:28PM +0200, Mira Tempir wrote: > Please, explain us how can tcpserver help in this case. > It is NOT his server which is used for spamming. Someone is mistaken, tcpserver cannot help. Like many things, only time can fix it. Regards.
Re: SPAM - Help!
Hi Tim, > Well if he was denying the spammers ip it would stop any incoming mail, as I understood this is not a problem at all. The spamer uses a different smtp server (perhaps his own serer ;-) but fakes the FROM: tag so that bounces are directed to Ari's mailserver. For short there is no way to stop the outgoing mail because you do not have access to the server. > for > the mail still in the queue I would setup a .qmail for the "fake" user and > redirect it to /dev/null But if there is enough mail to this user this can be a continuing problem for quite a while. One way could be to block messages adressed to the user which appers in the spammers FROM tag. This is theory I do not know how to do this but perhaps some tcpserver experts know a way to avoid mails for a certain adress to rech qmail. /ch > Problem solved, well except for contacting the spammers isp. > > -Original Message- > From: Daniel Augusto Fernandes [mailto:[EMAIL PROTECTED]] > Sent: Friday, October 27, 2000 12:28 PM > To: Tim Hunter > Cc: Ari Arantes Filho; [EMAIL PROTECTED] > Subject: Re: SPAM - Help! > > Tim Hunter wrote: > > > > If your using tcpserver, you should be denying his connection. > > > > If not you should be, you need to check LWQ for a good reference. > > > > I think his problem is bigger than that! What I understood was that he's > receiving bounce from lots of the spam destination servers. > > > Daniel Augusto Fernandes (DAF tm) [EMAIL PROTECTED] > GCSNethttp://www.gcsnet.com.br/ > > Se você não encontra > o sentido das coisas > é porque este não > se encontra, se cria. >Antoine Saint-Exupéry > > > -Original Message- > > From: Ari Arantes Filho [mailto:[EMAIL PROTECTED]] > > Sent: Friday, October 27, 2000 11:38 AM > > To: [EMAIL PROTECTED] > > Subject: SPAM - Help! > > > > Hello, > > > > Someone is using another smtp server to send a very big spam, but they > > write the header with FROM = an unknown user of one of my virtual domains, > > so postmasters keep sending bounce messages or autoresponders to this > > unknown user and my postmaster is receving more than 1 emails. > > > > I've temporary created this unknows user, but how can I stop this? I > > can't remove the domain of my list of virtual domains because there are > more > > then 100 valid users to this domain... > > > > The spammer is from USA and I'm from Brazil, I don't known this f... > > > > I really need help!!! > > > > Thanks, > > > > Ari
Re: SPAM - Help!
On Fri, Oct 27, 2000 at 08:28:36AM -0700, [EMAIL PROTECTED] wrote: > I'd be inclined to make the user valid and have their .qmail just be > a comment so that the bounces gets delivered to nowhere. Other than that you > have to sit it out. What I found has helped a lot in this situation are the "badrcptpatterns" and "badrcptto" patch that are part of the spamcontrol patch available at http://www.fehcom.de/qmail/qmail_en.html That already blocks the address at SMTP level and the messages don't have to go through the queue and the local delivery to get thrown away. Also saves connection time with your SMTP servers so your tcpserver slots don't get blocked long and have a higher turnaround time and it saves a lot of bandwidth. The bad thing about it is that it generates double bounces at the senders site. \Maex -- SpaceNet GmbH | http://www.Space.Net/ | Stress is when you wake Research & Development| mailto:[EMAIL PROTECTED] | up screaming and you Joseph-Dollinger-Bogen 14 | Tel: +49 (89) 32356-0| realize you haven't D-80807 Muenchen | Fax: +49 (89) 32356-299 | fallen asleep yet.
Re: SPAM - Help!
On Fri, Oct 27, 2000 at 09:37:37PM +0200, Markus Stumpf wrote: > On Fri, Oct 27, 2000 at 08:28:36AM -0700, [EMAIL PROTECTED] wrote: > > I'd be inclined to make the user valid and have their .qmail just be > > a comment so that the bounces gets delivered to nowhere. Other than that you > > have to sit it out. > > What I found has helped a lot in this situation are the "badrcptpatterns" > and "badrcptto" patch that are part of the spamcontrol patch available at > http://www.fehcom.de/qmail/qmail_en.html I believe the original poster said that the From: address was randomized in the user part of the address. If it's truly random he's stuck, if it's only partially random and amenable to pattern matching then he has a chance with those patches. > The bad thing about it is that it generates double bounces at the senders site. That's true. Everyone loses with spam. Regards.
Re: SPAM - Help!
Markus Stumpf wrote: > > On Fri, Oct 27, 2000 at 08:28:36AM -0700, [EMAIL PROTECTED] wrote: > > I'd be inclined to make the user valid and have their .qmail just be > > a comment so that the bounces gets delivered to nowhere. Other than that you > > have to sit it out. > > What I found has helped a lot in this situation are the "badrcptpatterns" > and "badrcptto" patch that are part of the spamcontrol patch available at > http://www.fehcom.de/qmail/qmail_en.html > That already blocks the address at SMTP level and the messages don't > have to go through the queue and the local delivery to get thrown away. > Also saves connection time with your SMTP servers so your tcpserver > slots don't get blocked long and have a higher turnaround time and it > saves a lot of bandwidth. > The bad thing about it is that it generates double bounces at the senders site. > Hey man! It seems to be a great thing! Daniel Augusto Fernandes (DAF tm) [EMAIL PROTECTED] GCSNethttp://www.gcsnet.com.br/ Se você não encontra o sentido das coisas é porque este não se encontra, se cria. Antoine Saint-Exupéry
Re: SPAM - Help!
hi, [EMAIL PROTECTED] writes: > On Fri, Oct 27, 2000 at 12:24:39PM -0400, Tim Hunter wrote: > > Well if he was denying the spammers ip it would stop any incoming mail, for > > the mail still in the queue I would setup a .qmail for the "fake" user and > > redirect it to /dev/null > > > > Problem solved, well except for contacting the spammers isp. > > As Daniel said, the problem is that he's getting the bounces because the spammer > forged one of his addresses! So he's trying to stop bounces that are originating > from servers all over the planet (assuming the spammer hit lots of different > domains). You can't stop that with tcpserver as they are legitimate servers that > he normally wants to get email from. > > In other words, problem not solved. > there is a 'badrcptto'-patch on www.qmail.org this will solve the problem on aris server. but... then he will bomb postmasteraccounts on other servers. not the best solution for the net. only cuting of the open relay and hang the admin of this server will solve this situation. cu micha > > -Original Message- > > From: Daniel Augusto Fernandes [mailto:[EMAIL PROTECTED]] > > Sent: Friday, October 27, 2000 12:28 PM > > To: Tim Hunter > > Cc: Ari Arantes Filho; [EMAIL PROTECTED] > > Subject: Re: SPAM - Help! > > > > > > Tim Hunter wrote: > > > > > > If your using tcpserver, you should be denying his connection. > > > > > > If not you should be, you need to check LWQ for a good reference. > > > > > > > I think his problem is bigger than that! What I understood was that he's > > receiving bounce from lots of the spam destination servers. > > > > > > Daniel Augusto Fernandes (DAF tm) [EMAIL PROTECTED] > > GCSNethttp://www.gcsnet.com.br/ > > > > Se você não encontra > > o sentido das coisas > > é porque este não > > se encontra, se cria. > >Antoine Saint-Exupéry > > > > > -Original Message- > > > From: Ari Arantes Filho [mailto:[EMAIL PROTECTED]] > > > Sent: Friday, October 27, 2000 11:38 AM > > > To: [EMAIL PROTECTED] > > > Subject: SPAM - Help! > > > > > > Hello, > > > > > > Someone is using another smtp server to send a very big spam, but they > > > write the header with FROM = an unknown user of one of my virtual domains, > > > so postmasters keep sending bounce messages or autoresponders to this > > > unknown user and my postmaster is receving more than 1 emails. > > > > > > I've temporary created this unknows user, but how can I stop this? I > > > can't remove the domain of my list of virtual domains because there are > > more > > > then 100 valid users to this domain... > > > > > > The spammer is from USA and I'm from Brazil, I don't known this f... > > > > > > I really need help!!! > > > > > > Thanks, > > > > > > Ari > >
OT: SPAM touble.
Hi All! This is a little off-topic, but I need to get the point-of-view from postmasters for a problem that I am having. I have a customer who has around 20 different email addresses in my server that I forward to an account at his ISP. The problem is that the postmaster at his ISP decided that my customer was spamming because he was using many different address in his outgoing messages (that use his SMTP server), so he shutdown my customers account there and black listed my server. I know for a fact that my customer was not sending spam, so, I tried contacting the postmaster at his ISP, but got the cold shoulder. My customer tried with similar success. Will I start to see other postmasters doing the same thing for my other customers? or this just an isolated case? Comments would be greately appreciated. Thanks, JES
Re: SPAM - Help!
Big Brother tells me that [EMAIL PROTECTED] wrote: > > there is a 'badrcptto'-patch on www.qmail.org > this will solve the problem on aris server. but... then he will bomb > postmasteraccounts on other servers. not the best solution for the net. > only cuting of the open relay and hang the admin of this server will solve > this situation. Yes, but the only mail servers that will get postmaster bombed are ones that either condone spam by allowing users to send it out, or are open relays. If RBL and ORBS isn't enough to get these people to stop allowing relaying, perhaps postmaster mail filling up would... -- "Restore your inalienable human rights. Jack McKinney Vote Libertarian. http://www.lp.org http://www.lorentz.com http://www.harrybrowne2000.org [EMAIL PROTECTED] 1024D/D68F2C07 4096g/38AEF076 PGP signature
Re: SPAM - Help!
Jack McKinney wrote: > SNIP > > Yes, but the only mail servers that will get postmaster bombed are > ones that either condone spam by allowing users to send it out, or are > open relays. If RBL and ORBS isn't enough to get these people to stop > allowing relaying, perhaps postmaster mail filling up would... > SNIP Ummm, perhaps I misunderstand something completely here. Please correct me if I'm wrong here. Here's how I see it working: I am a spammer. I own spamming.pissant.luser.domain. I send mail from spamming.pissant.luser.domain, but I forge envelopes and From: to say that I'm (for example) ibm.com, to beat pattern-matching spam checks, and maybe fool some users that that's really where I'm from. Don't bounces go to ibm.com? How are we, (in the example), as ibm.com, to prevent these bounces from coming to us? Not to mention all the email to [EMAIL PROTECTED], complaining about the spam... Am I missing something? GW
Re: SPAM - Help!
Big Brother tells me that Greg White wrote: > Jack McKinney wrote: > > > SNIP > > > > Yes, but the only mail servers that will get postmaster bombed are > > ones that either condone spam by allowing users to send it out, or are > > open relays. If RBL and ORBS isn't enough to get these people to stop > > allowing relaying, perhaps postmaster mail filling up would... > > > SNIP > > Ummm, perhaps I misunderstand something completely here. Please correct > me if I'm wrong here. Here's how I see it working: > > I am a spammer. I own spamming.pissant.luser.domain. I send mail from > spamming.pissant.luser.domain, but I forge envelopes and From: to say > that I'm (for example) ibm.com, to beat pattern-matching spam checks, > and maybe fool some users that that's really where I'm from. Don't > bounces go to ibm.com? How are we, (in the example), as ibm.com, to > prevent these bounces from coming to us? Not to mention all the email > to [EMAIL PROTECTED], complaining about the spam... Am I missing something? Maybe. If the email is rejected AFTER being accepted by your mail server, then your mail server will bounce it based on the headers. If it is rejected at the SMTP port of your server (as is typical of the relay checking methods such as RBL and ORBS), then the sending mail server will generate the bounce. This won't triple bounce at IBM, it will triple bounce to _itself_. For example, I want to spam using [EMAIL PROTECTED] as the return address. I find an open relay at mail.irelay.com, so I connect to it and drop off a few hundred thousand copies of my message with my fake from address. You are on my spam list, and your server is rejecting mail via ORBS, which has contacted irelay.com to complain already, and irelay.com is unwilling or ignorant. My message does this: 1. My machine to mail.irelay.com over smtp. accepted. 2. mail.irelay.com contacts your mail server and tries to deliver the message. Your SMTP port rejects it because it comes from an open relay. 3. mail.irelay.com bounces the message to [EMAIL PROTECTED] If this address does not exist, then microsoft.com bounces the message back to mail.irelay.com. 4. This message is a triple bounce when it arrives at mail.irelay.com, though technically it is a bounce of a valid mailer-daemon mesasge. In any event, it ends up at [EMAIL PROTECTED] -- "Restore your inalienable human rights. Jack McKinney Vote Libertarian. http://www.lp.org http://www.lorentz.com http://www.harrybrowne2000.org [EMAIL PROTECTED] 1024D/D68F2C07 4096g/38AEF076 PGP signature
Re: SPAM - Help!
Jack McKinney wrote: > > Big Brother tells me that Greg White wrote: > > Jack McKinney wrote: > > > > > SNIP > > > > > > Yes, but the only mail servers that will get postmaster bombed are > > > ones that either condone spam by allowing users to send it out, or are > > > open relays. If RBL and ORBS isn't enough to get these people to stop > > > allowing relaying, perhaps postmaster mail filling up would... > > > > > SNIP > > > > Ummm, perhaps I misunderstand something completely here. Please correct > > me if I'm wrong here. Here's how I see it working: > > > > I am a spammer. I own spamming.pissant.luser.domain. I send mail from > > spamming.pissant.luser.domain, but I forge envelopes and From: to say > > that I'm (for example) ibm.com, to beat pattern-matching spam checks, > > and maybe fool some users that that's really where I'm from. Don't > > bounces go to ibm.com? How are we, (in the example), as ibm.com, to > > prevent these bounces from coming to us? Not to mention all the email > > to [EMAIL PROTECTED], complaining about the spam... Am I missing something? > > Maybe. If the email is rejected AFTER being accepted by your mail > server, then your mail server will bounce it based on the headers. > If it is rejected at the SMTP port of your server (as is typical of > the relay checking methods such as RBL and ORBS), then the sending mail > server will generate the bounce. This won't triple bounce at IBM, it > will triple bounce to _itself_. > > For example, I want to spam using [EMAIL PROTECTED] as the > return address. I find an open relay at mail.irelay.com, so I connect > to it and drop off a few hundred thousand copies of my message with > my fake from address. You are on my spam list, and your server is > rejecting mail via ORBS, which has contacted irelay.com to complain > already, and irelay.com is unwilling or ignorant. > My message does this: > > 1. My machine to mail.irelay.com over smtp. accepted. > 2. mail.irelay.com contacts your mail server and tries to deliver the > message. Your SMTP port rejects it because it comes from an open relay. > 3. mail.irelay.com bounces the message to [EMAIL PROTECTED] If this > address does not exist, then microsoft.com bounces the message back to > mail.irelay.com. > 4. This message is a triple bounce when it arrives at mail.irelay.com, > though technically it is a bounce of a valid mailer-daemon mesasge. > In any event, it ends up at [EMAIL PROTECTED] SNIP That's what I thought. So, if either of the following two items is true, postmaster will still get the bounces: 1. The relay is not yet listed in an anti-relay domain. 2. The receiving SMTP host is not using strong anti-spam techniques at all, such as rss,rbl,dul,orbs, etc. Not helpful in all cases, given the ease of access to a new dialup account, and sending the forged header messages out through your ISPs smarthost... GW
Re: SPAM - Help!
Jack McKinney <[EMAIL PROTECTED]> writes: > Big Brother tells me that Greg White wrote: >> I am a spammer. I own spamming.pissant.luser.domain. I send mail from >> spamming.pissant.luser.domain, but I forge envelopes and From: to say >> that I'm (for example) ibm.com, to beat pattern-matching spam checks, >> and maybe fool some users that that's really where I'm from. Don't >> bounces go to ibm.com? How are we, (in the example), as ibm.com, to >> prevent these bounces from coming to us? Not to mention all the email >> to [EMAIL PROTECTED], complaining about the spam... Am I missing something? > Maybe. If the email is rejected AFTER being accepted by your mail > server, then your mail server will bounce it based on the headers. It has absolutely nothing to do with what the victim's mail server does (in this case, ibm.com). It has to do with what the mail servers of the people receiving the spam do. ibm.com has *absolutely no control* over whether or not they receive bounces; there's nothing they can change about their e-mail configuration to avoid them. They'll get bounces from all the sites that accept mail first and then generate bounces. Such as, say, qmail by default, or the entirety of AOL. > For example, I want to spam using [EMAIL PROTECTED] as the > return address. I find an open relay at mail.irelay.com, so I connect > to it and drop off a few hundred thousand copies of my message with > my fake from address. You are on my spam list, and your server is > rejecting mail via ORBS, which has contacted irelay.com to complain > already, and irelay.com is unwilling or ignorant. > My message does this: > 1. My machine to mail.irelay.com over smtp. accepted. > 2. mail.irelay.com contacts your mail server and tries to deliver the > message. Your SMTP port rejects it because it comes from an open relay. > 3. mail.irelay.com bounces the message to [EMAIL PROTECTED] If this > address does not exist, then microsoft.com bounces the message back to > mail.irelay.com. Yup. So if you're running microsoft.com's mail servers, you're screwed. You just have to swallow the bounces and hope that someone will close the damn relay and stop the spammer. -- Russ Allbery ([EMAIL PROTECTED]) <http://www.eyrie.org/~eagle/>
Re: SPAM - Help!
Big Brother tells me that Greg White wrote: > > That's what I thought. So, if either of the following two items is true, > postmaster will still get the bounces: > > 1. The relay is not yet listed in an anti-relay domain. > > 2. The receiving SMTP host is not using strong anti-spam techniques >at all, such as rss,rbl,dul,orbs, etc. In these cases, YOUR postmaster would get the bounce. > Not helpful in all cases, given the ease of access to a new dialup > account, > and sending the forged header messages out through your ISPs > smarthost... This is an example of condoning spam. That ISP should have an AUP against spamming, and the ability to enforce it. I'd like to see ISPs put a large fine clause in their AUP for spamming... I don't know how legal it'd be, though... -- "Restore your inalienable human rights. Jack McKinney Vote Libertarian. http://www.lp.org http://www.lorentz.com http://www.harrybrowne2000.org [EMAIL PROTECTED] 1024D/D68F2C07 4096g/38AEF076 PGP signature
Re: SPAM - Help!
On Sun, Oct 29, 2000 at 12:15:19AM -0500, Jack McKinney wrote: > Maybe. If the email is rejected AFTER being accepted by your mail > server, then your mail server will bounce it based on the headers. > If it is rejected at the SMTP port of your server (as is typical of > the relay checking methods such as RBL and ORBS), then the sending mail > server will generate the bounce. This won't triple bounce at IBM, it > will triple bounce to _itself_. You're assuming that mail is getting injected locally. In the vast majority of spam, it's not. It's getting injected from a throwaway dialup client to an open relay via SMTP. --Adam -- Adam McKenna <[EMAIL PROTECTED]> | "No matter how much it changes, http://flounder.net/publickey.html | technology's just a bunch of wires GPG: 17A4 11F7 5E7E C2E7 08AA| connected to a bunch of other wires." 38B0 05D0 8BF7 2C6D 110A| Joe Rogan, _NewsRadio_ 12:45pm up 141 days, 11:01, 10 users, load average: 0.00, 0.02, 0.00
Re: SPAM - Help!
On Fri, Oct 27, 2000 at 09:37:37PM +0200, Markus Stumpf wrote: >What I found has helped a lot in this situation are the "badrcptpatterns" >and "badrcptto" patch that are part of the spamcontrol patch available at >http://www.fehcom.de/qmail/qmail_en.html We get people using one of our domains that way sometimes. Quite annoying... badrcptto is a wonderful thing... I was using "bouncesaying" for a while, but most of the spam double-bounces back to me that way. Might as well let the open relay host handle it, hopefully it will help get somone's attention on that host. ;-) One thing we have found is that sometimes contacting the person listed in the advertisement will help. In one instance we had a spam sent out that included a phone number instead of any electronic means of contact. We called and spoke with the business owner and reamed him a new one. He had outsourced the sending, so we got to tell him just how clueless they were. :-) Sean -- Brooks's Law of Prototypes: Plan to throw one away, you will anyhow. Sean Reifschneider, Inimitably Superfluous <[EMAIL PROTECTED]> tummy.com - Linux Consulting since 1995. Qmail, KRUD, Firewalls, Python
Re: SPAM - Help!
On Fri, 27 Oct 2000, [EMAIL PROTECTED] wrote: > I've temporary created this unknows user, but how can I stop > this? I can't remove the domain of my list of virtual domains > because there are more then 100 valid users to this domain... I find a bit of detective work never goes astray. Look at the Received headers, see if you can tell the first SMTP server it comes from. Test it to see if it is an open relay. If it is, you're in trouble because it is hard to track them. If it isn't, the spam is being sent from a user authorised to use that server. Easy solution? Create a ~alias/.qmail-user that contains &[EMAIL PROTECTED] or &postmaster@[ip.addr.of.relay] and let their postmaster deal with it. Brett. -- "I don't have anything against geeks. I was one for 11 years! I used to think PC's were the greatest thing since sliced bread... Then someone showed me sliced bread."
Re: Anti-Spam
Never messed with it but you con try: http://www.qmail.org/rbl/ --- Ould wrote: > I'm wondering for anti spam to install on my qmail mail server. Whant > you can suggested me. > > Thanks -- Jose Celestino http://www.sapo.pt -- ||-sshd---tcsh-+-dpkg-buildpacka---rules---sh---make---make---sh---make---sh---make---sh---make-- -sh---make---sh---make -- While packaging XFree86 for Debian GNU/Linux --
Re: Anti-Spam
* <[EMAIL PROTECTED]>: > I'm wondering for anti spam to install on my qmail mail > server. http://summersault.com/chris/techno/qmail/qmail-antispam.html
Re: Internal Spam
On Fri, 1 Dec 2000 [EMAIL PROTECTED] wrote: > 2. create a file named "qmail-remote" with: > /var/bin/qmail/adbait.pl | /var/qmail/bin/qmail-remote.real "$*" shouldn't that file contain: #!/bin/sh /var/bin/qmail/adbait.pl | /var/qmail/bin/qmail-remote.real "$*" or at least (on one line): /usr/bin/perl /var/bin/qmail/adbait.pl | /var/qmail/bin/qmail-remote.real "$*" -- Butch Evans Shelton Internet Network Admin
Re: Internal Spam
When I do that, Qmail can't send and log:: Failure: I_(qmail-remote)_was_invoked_improperly._(#5.3.5)/ On 1 Dec 2000, at 0:15, Butch Evans wrote: > On Fri, 1 Dec 2000 [EMAIL PROTECTED] wrote: > > > 2. create a file named "qmail-remote" with: > > /var/bin/qmail/adbait.pl | /var/qmail/bin/qmail-remote.real "$*" > > shouldn't that file contain: > > #!/bin/sh > > /var/bin/qmail/adbait.pl | /var/qmail/bin/qmail-remote.real "$*" > > > or at least (on one line): > > /usr/bin/perl /var/bin/qmail/adbait.pl | > /var/qmail/bin/qmail-remote.real "$*" > > > -- > Butch Evans > Shelton Internet > Network Admin att, ronaldo miranda www.divinet.com.br www.isp.com.br (37) 3222-8870 (37) 9963-8241
Re: Internal Spam
> When I do that, Qmail can't send and log:: > Failure: I_(qmail-remote)_was_invoked_improperly._(#5.3.5)/ 1. learn how to quote 2. if you change stuff without understanding it, and that results in problems for you, tough luck. Read the fucking man page for qmail-remote. It clearly states everything you need to know. Felix
Re: spam filter
+ "Brian Longwe" <[EMAIL PROTECTED]>: | Hi, | | I want to filter out messages with the following header from being | sent out by a user on my system: | - | Hi. This is the qmail-send program at relay.ispkenya.com. | I tried to deliver a bounce message to this address, but the bounce bounced! | | <[EMAIL PROTECTED]: | Sorry, I couldn't find any host named compuserve.com (it will be in the Return-Path header field after the message is finally delivered). Here is what you can do: # cat > /var/qmail/alias/.qmail-doublebounce << 'EOT' |if grep '[EMAIL PROTECTED]'; then exit 99; else exit 0; fi &postmaster EOT # echo doublebounce > /var/qmail/control/doublebounceto Then restart qmail. To understand what this all means, read the dot-qmail, qmail-command and qmail-send manual pages. Read them before you do anything; the above advice is just off the top of my head and untested, and you should understand the solution and its consequences yourself before implementing it. - Harald
RE: spam filter
Your observation is correct, the text I pasted is an incoming message. The point is, the only reason it bounced and is being sent back to the user (and me, the postmaster) is because the address got messed up with control characters. There are probably many others with correct addresses going out through my system. I *do* want to receive these bounce messages. But I want to find a way to stop the culprit from sending all this junk through my system. To me it looks like the "from" address that shows in the outgoing messages is [EMAIL PROTECTED], how can I block messages with this originating address (or subject line) from going through the system? Thanks, Brian > -Original Message- > From: Harald Hanche-Olsen [mailto:[EMAIL PROTECTED]] > Sent: Saturday, January 06, 2001 5:42 PM > To: [EMAIL PROTECTED] > Subject: Re: spam filter > > > + "Brian Longwe" <[EMAIL PROTECTED]>: > > | Hi, > | > | I want to filter out messages with the following header from being > | sent out by a user on my system: > | - > | Hi. This is the qmail-send program at relay.ispkenya.com. > | I tried to deliver a bounce message to this address, but the > bounce bounced! > | > | <[EMAIL PROTECTED]: > | Sorry, I couldn't find any host named compuserve.com | > | --- Below this line is the original bounce. > [ ...] > | - > | > | I have tried putting some portions of the above in the > badmailfrom control > | file to no avail. Any tips? > > That doesn't work because not only is the above text not in the header > - it is in the body of the incoming message - but the badmailfrom file > only controls messages based on the envelope from, which is not even > in the header, it's outside the message itself. (Read the > envelopes(5) man page to see what I mean.) > > In this case, the message is a doublebounce, so the envelope sender > will be <#@[]> (it will be in the Return-Path header field after the > message is finally delivered). > > Here is what you can do: > > # cat > /var/qmail/alias/.qmail-doublebounce << 'EOT' > |if grep '[EMAIL PROTECTED]'; then exit 99; else exit 0; fi > &postmaster > EOT > # echo doublebounce > /var/qmail/control/doublebounceto > > Then restart qmail. > > To understand what this all means, read the dot-qmail, qmail-command > and qmail-send manual pages. Read them before you do anything; the > above advice is just off the top of my head and untested, and you > should understand the solution and its consequences yourself before > implementing it. > > - Harald >
RE: spam filter
+ "Brian Longwe" <[EMAIL PROTECTED]>: | But I want to find a way to stop the culprit from sending all this | junk through my system. To me it looks like the "from" address that | shows in the outgoing messages is [EMAIL PROTECTED], how can I | block messages with this originating address (or subject line) from | going through the system? Uh-oh. I guess I wasn't reading your original message well enough. Now it seems to me you're running an open relay, allowing email from anywhere to anywhere else through your system. Believe me, you don't want to do that. You will never be able to keep the spammers away by trying to filter out messages of certain characteristics. Read about relaying, what it is, and how to stop it here: http://Web.InfoAve.Net/~dsill/lwq.html#relaying - Harald
RE: spam filter
Harald I'm not running an open relay. I am using tcpserver and allowing relaying only for IP addresses that belong to my network (RELAYCLIENT). The problem here is that it's one of my customers who has an application that is sending out all this junk mail. How do I set up a filter to block until I can get them to disable the application? Brian > -Original Message- > From: Harald Hanche-Olsen [mailto:[EMAIL PROTECTED]] > Sent: Monday, January 08, 2001 1:54 AM > To: [EMAIL PROTECTED] > Subject: RE: spam filter > > > + "Brian Longwe" <[EMAIL PROTECTED]>: > > | But I want to find a way to stop the culprit from sending all this > | junk through my system. To me it looks like the "from" address that > | shows in the outgoing messages is [EMAIL PROTECTED], how can I > | block messages with this originating address (or subject line) from > | going through the system? > > Uh-oh. I guess I wasn't reading your original message well enough. > Now it seems to me you're running an open relay, allowing email from > anywhere to anywhere else through your system. Believe me, you don't > want to do that. You will never be able to keep the spammers away by > trying to filter out messages of certain characteristics. > > Read about relaying, what it is, and how to stop it here: > > http://Web.InfoAve.Net/~dsill/lwq.html#relaying > > - Harald >
Re: spam filter
"Brian Longwe" <[EMAIL PROTECTED]> writes: > Harald > > I'm not running an open relay. I am using tcpserver and allowing relaying > only for IP addresses that belong to my network (RELAYCLIENT). The problem > here is that it's one of my customers who has an application that is sending > out all this junk mail. How do I set up a filter to block until I can get > them to disable the application? echo "[EMAIL PROTECTED]" >> /var/qmail/control/badmailfrom -- "I live in the heart of the machine. We are one."
Re: spam filter
On 8 Jan 2001, Jenny Holmberg wrote: > "Brian Longwe" <[EMAIL PROTECTED]> writes: > > > Harald > > > > I'm not running an open relay. I am using tcpserver and allowing relaying > > only for IP addresses that belong to my network (RELAYCLIENT). The problem > > here is that it's one of my customers who has an application that is sending > > out all this junk mail. How do I set up a filter to block until I can get > > them to disable the application? > > > echo "[EMAIL PROTECTED]" >> /var/qmail/control/badmailfrom > > This won't work. The envelope sender for hahaha is empty. The address you see in the From line is part of the data. Vince. -- == Vince Vielhaber -- KA8CSHemail: [EMAIL PROTECTED]http://www.pop4.net 128K ISDN from $22.00/mo - 56K Dialup from $16.00/mo at Pop4 Networking Online Campground Directoryhttp://www.camping-usa.com Online Giftshop Superstorehttp://www.cloudninegifts.com ==
Re: spam filter
Vince Vielhaber <[EMAIL PROTECTED]> writes: > This won't work. The envelope sender for hahaha is empty. The address > you see in the From line is part of the data. You are correct - my apologies. I claim lack of caffeine. -- "I live in the heart of the machine. We are one."
RE: spam filter
OK Vince, what will work? Brian > -Original Message- > From: Vince Vielhaber [mailto:[EMAIL PROTECTED]] > Sent: Monday, January 08, 2001 2:10 PM > To: Jenny Holmberg > Cc: [EMAIL PROTECTED] > Subject: Re: spam filter > > > On 8 Jan 2001, Jenny Holmberg wrote: > > > "Brian Longwe" <[EMAIL PROTECTED]> writes: > > > > > Harald > > > > > > I'm not running an open relay. I am using tcpserver and > allowing relaying > > > only for IP addresses that belong to my network > (RELAYCLIENT). The problem > > > here is that it's one of my customers who has an application > that is sending > > > out all this junk mail. How do I set up a filter to block > until I can get > > > them to disable the application? > > > > > > echo "[EMAIL PROTECTED]" >> /var/qmail/control/badmailfrom > > > > > > This won't work. The envelope sender for hahaha is empty. The address > you see in the From line is part of the data. > > Vince. > -- > == > Vince Vielhaber -- KA8CSHemail: [EMAIL PROTECTED]http://www.pop4.net > 128K ISDN from $22.00/mo - 56K Dialup from $16.00/mo at Pop4 Networking > Online Campground Directoryhttp://www.camping-usa.com >Online Giftshop Superstorehttp://www.cloudninegifts.com > == > > > >
