Re: Does tuxorama.com sound familiar to anyone?
Matt Kettler wrote on Wed, 21 Dec 2005 16:04:36 -0500: It's almost certainly someone who uses milter-sender. milter-sender does this dummy check before accepting mail. It's taking the verify MX record of envelope sender one step further and verifying the whole address. But the envelope from of this list carries spamassassin.apache.org as a sender. Does milter-sender try to verify the mail header itself? Kai -- Kai Schätzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com
Re: Does tuxorama.com sound familiar to anyone?
tuxorama.com does a SMTP probe for every posting to this list and is one of the very few IPs I have firewalled off. The probes seem to always come from 81.169.185.26 (now they'll probably change IPs and I'll have to block some other IP or range), so they, while irritating are very easy to block. Asking them to stop seems to result in them stopping for a week or so, then beginning again. They likely have one or more users who subscribe to this list. Paul Shupak [EMAIL PROTECTED]
RE: Does tuxorama.com sound familiar to anyone?
Ahh, thanks for the info. I'll keep 'em on ignore then. ;) -Original Message- From: List Mail User [mailto:[EMAIL PROTECTED] Sent: Wednesday, December 21, 2005 3:45 PM To: [EMAIL PROTECTED]; users@spamassassin.apache.org Cc: [EMAIL PROTECTED] Subject: Re: Does tuxorama.com sound familiar to anyone? tuxorama.com does a SMTP probe for every posting to this list and is one of the very few IPs I have firewalled off. The probes seem to always come from 81.169.185.26 (now they'll probably change IPs and I'll have to block some other IP or range), so they, while irritating are very easy to block. Asking them to stop seems to result in them stopping for a week or so, then beginning again. They likely have one or more users who subscribe to this list. Paul Shupak [EMAIL PROTECTED]
Re: Does tuxorama.com sound familiar to anyone?
List Mail User wrote: tuxorama.com does a SMTP probe for every posting to this list and is one of the very few IPs I have firewalled off. The probes seem to always come from 81.169.185.26 (now they'll probably change IPs and I'll have to block some other IP or range), so they, while irritating are very easy to block. Asking them to stop seems to result in them stopping for a week or so, then beginning again. They likely have one or more users who subscribe to this list. It's almost certainly someone who uses milter-sender. milter-sender does this dummy check before accepting mail. It's taking the verify MX record of envelope sender one step further and verifying the whole address. I personally find them rather inoffensive, but then again, I don't find many things offensive that some of the right-wing admins go ballistic over.
Re: sender-valid SMTP callbacks (Re: Does tuxorama.com sound familiar to anyone?)
Matt Kettler wrote: Realistically, most spam I get seems to be using addresses that are already in the spammer's database of valid email addresses. While I see a lot of viruses using dictionary based MAIL FROM addresses, I see very little spam doing this. So I don't think this really changes much about spam, aside from perhaps encouraging spammers to clean their lists. My system would disagree with you for the last 3 days :) We've been under a constant bounce bombardment of bounced spams (from f*cking idiot admins who can't understand that you do not bounce after accepting, sorry for the language) where the majority of user names are [EMAIL PROTECTED] (where roger is any valid name). We had one advance MX server that usually ran 32 connections out of 120 and now we've had to bring on 3 additional servers all running 300 connections and we've had to turn off SA processing because the incoming load is just too high. I'd really like to take a bat to the knees of the spammer doing this AND the mail admins who bounce after accepting. Just my $0.02 Rick
RE: sender-valid SMTP callbacks (Re: Does tuxorama.com sound familiar to anyone?)
Rick Macdougall wrote: you do not bounce after accepting Hear, hear! I wish AOL and Yahoo would figure this out. -- Matthew.van.Eerde (at) hbinc.com 805.964.4554 x902 Hispanic Business Inc./HireDiversity.com Software Engineer
Re: Does tuxorama.com sound familiar to anyone?
... List Mail User wrote: tuxorama.com does a SMTP probe for every posting to this list and is one of the very few IPs I have firewalled off. The probes seem to always come from 81.169.185.26 (now they'll probably change IPs and I'll have to block some other IP or range), so they, while irritating are very easy to block. Asking them to stop seems to result in them stopping for a week or so, then beginning again. They likely have one or more users who subscribe to this list. It's almost certainly someone who uses milter-sender. milter-sender does this dummy check before accepting mail. It's taking the verify MX record of envelope sender one step further and verifying the whole address. I personally find them rather inoffensive, but then again, I don't find many things offensive that some of the right-wing admins go ballistic over. Actually if they verified the address by a transaction without a data phase, I'd find them less annoying. The real problem is they show up in my reports generated to find SMTP hunters. All they do is connect, then drop the connection (no quit, no clean close), so I doubt it is any relatively standard software - probably something homegrown. If it weren't for them matching the hunter behavior, I'd just ignore them; I let most address verifiers run without caring (and Postfix can/will cache verification). If someone hits me for *every* post to a list, I usually ask them to stop, but since most do, I've never had to take the step of firewalling anyone else. Simply, any site that shows up many times a week in my reports means one of us is doing something not quite right - and I can't distinguish them from all the probe traffic from Asia, so I just firewall the address they use for the probe connections (it is not one of their MXs). Otherwise, I have to rely on just knowing their IP and recognizing it (hence irritating). Paul Shupak [EMAIL PROTECTED]
