Re: Account # 555711L Spam
On Sunday 24 July 2005 13:39, jdow wrote: >From: "Gene Heskett" <[EMAIL PROTECTED]> > >> I wonder if perhaps earthlink is not the only ISP with that >> problem. I have my vz prefs set to delete any detected spam as I >> have now switched to a fetchmail based mail suck. >> >> Haveing a kmail problem the other day, I logged in via the webmail >> at vz, and found 9 messages, all spam, sitting in the spam folder >> there. >> >> So I checkmarked them to be deleted, and as I had the tech support >> guy on my ear at the time, I noted that delete didn't, it just >> moved the stuff to the trash folder. That pulled my trigger and I >> made it clear to the support drone that when I clicked on delete, >> thats exactly what I intended to happen. As vz is currently >> setup, you then have to move to the trash folder, select them all >> again, and click delete to be able to be truely rid of the wasted >> space. > >That's web mail. I'm highly allergic to that "abortion". So I never >use it. At one point, though, I had something even web mail could >not repair. So the whole mail file at Earthlink had to be deleted. >{^_^} Chuckle, that makes 2 of us, Joanne. Webmail, IMNSHO, is an invention by the marketing drones so they can feed you a bunch of commercials that apparently come with your mail & which OE will no doubt try to decode, thereby loading up your machine with yet another winderz viri. I've opted out of that scene to the maximum available. -- Cheers, Gene "There are four boxes to be used in defense of liberty: soap, ballot, jury, and ammo. Please use in that order." -Ed Howdershelt (Author) 99.35% setiathome rank, not too shabby for a WV hillbilly Yahoo.com and AOL/TW attorneys please note, additions to the above message by Gene Heskett are: Copyright 2005 by Maurice Eugene Heskett, all rights reserved.
Re: Account # 555711L Spam
From: "Gene Heskett" <[EMAIL PROTECTED]> > I wonder if perhaps earthlink is not the only ISP with that problem. > I have my vz prefs set to delete any detected spam as I have now > switched to a fetchmail based mail suck. > > Haveing a kmail problem the other day, I logged in via the webmail at > vz, and found 9 messages, all spam, sitting in the spam folder there. > > So I checkmarked them to be deleted, and as I had the tech support guy > on my ear at the time, I noted that delete didn't, it just moved the > stuff to the trash folder. That pulled my trigger and I made it > clear to the support drone that when I clicked on delete, thats > exactly what I intended to happen. As vz is currently setup, you > then have to move to the trash folder, select them all again, and > click delete to be able to be truely rid of the wasted space. That's web mail. I'm highly allergic to that "abortion". So I never use it. At one point, though, I had something even web mail could not repair. So the whole mail file at Earthlink had to be deleted. {^_^}
Re: Account # 555711L Spam
On Sunday 24 July 2005 11:19, Loren Wilton wrote: >> Haveing a kmail problem the other day, I logged in via the webmail >> at vz, and found 9 messages, all spam, sitting in the spam folder >> there. > >On Dirtlink (which seems from your description to be using the same >near-useless webmail as vz) you have a few choices and a very few > things that happen automatically: > >1If you take the current default configuration, they will do a > decent but not wonderful virus scan first. They will automatically > dump all pure virus messages with no sign that they did so. If you > want to know about these, you can turn on an incredibly innane > option that will send you an email for each deleted virus email. I haven't see such an option on vz's webmail screens. >Any virus email that they can "partially clean" they dump into a > holding tank and then send you an email per virus that they have > "cleaned" this thing. You CAN NOT turn off these stupid annoyance > emails. Fortunately these prnding virus bits are small and will be > deleted in something like 7 days. I've never to my knowledge received one of those. >2By default then then scan for spam. I haven't had this turned > on in a few months, but the last time I did it was really quite > effective; and has been for about a year now. Before that it was > essentially useless, catching maybe 10% of the spam. > :) >These spam mails go into the 'caught spam' folder, and DO NOT count > against your mail quota. They will be deleted after some not large > number of days, 3-5 as I recall. At vz, they do count against your total drive space used. When I first signed up for DSL in april 2 years ago, I never looked at the webmail screens as I was fetching mail directly with kmail. A month later the mail slowed to a trickle and then stopped. This was back when you mailbox was a measly 10 megs, now its 30. On calling tech support to see what the deal was, he had me log into the webmail and I had 10 megs worth of stuff sitting in the spam folder. >3You can move the spam into your real mail folder. This > re-mails it to you, but bypasses scanning. The headers will be > rather strange as a result of this forwarding. Obviously this now > counts against mail quota. > >4You can delete the spam. This doesn't 'delete', it works like > a windows/mac machine and moves it to the 'deleted items' folder. > Now this deleted spam DOES count against your mail quota! > Fortunately the deleted items folder is really deleted after 7 > days, I think. However, it is smart to click the 'empty trash' > button that shows up here and there and jump through the assorted > hoops necessary to get this crud really deleted. It may be that they have a kill after "x" time setup, but its not mentioned. >BTW, if you move something from deleted items back to inbox, it > doesn't move it, it RE-SENDS it to you! It will show up with new > message numbers and get downloaded a second time by pop. > Oh cool, NOT! > >If you just accept the default configuration of virus and spam > scanning and don't muck with the stuff, it is all reasonably > transparent. If you do like I do and disable one or both of these > scans it is also reasonably transparent, but you get all the spams > or virui, depending on your settings. (I leave the virus scan on > and spam scan off.) I have then both turned on, and set to delete. But a lot of stuff gets thru anyway. I haven't looked in the JunqueMail folder since about 5:30 this morning, 42 new messages, with about 38 labeled as spam by spamassassins spamd. The other 4 fell thru my local sort filters and wind up being sorted to the JunqueMail folder too. Once or twice a day I delete the ones labeled as spam, and feed the rest to the learn-spam tool. >Normally your pop3 client will be set to delete the mail as soon as > it is downloaded. I tend to leave it there for about 5 days before > deleting it with a handy little program I cobbled to do that, so I > can get to webmail if I'm not at home, without having to turn off > the home feed. > >OE will delete the mail from the feed for you, either immediately or > after a period of time. However, I have a double-level pop3 feed > because SA sits in the middle on a linux box, so need to reach > around this to delete the stuff from the main folder. I have > fetchmail set to not delete. (I wish it had an option to delete > after N days/hours, but it doesn't seem to.) > >Loren SA's not exactly in the middle here, its a slave to kmail's fetching by pipeing everything thru SA for suitable labelling before it hits my sort rules. My firewall in only firewall, no mail proxies setup. -- Cheers, Gene "There are four boxes to be used in defense of liberty: soap, ballot, jury, and ammo. Please use in that order." -Ed Howdershelt (Author) 99.35% setiathome rank, not too shabby for a WV hillbilly Yahoo.com and AOL/TW attorneys please note, additions to the above message by Gene
Re: Account # 555711L Spam
> Haveing a kmail problem the other day, I logged in via the webmail at > vz, and found 9 messages, all spam, sitting in the spam folder there. On Dirtlink (which seems from your description to be using the same near-useless webmail as vz) you have a few choices and a very few things that happen automatically: 1If you take the current default configuration, they will do a decent but not wonderful virus scan first. They will automatically dump all pure virus messages with no sign that they did so. If you want to know about these, you can turn on an incredibly innane option that will send you an email for each deleted virus email. Any virus email that they can "partially clean" they dump into a holding tank and then send you an email per virus that they have "cleaned" this thing. You CAN NOT turn off these stupid annoyance emails. Fortunately these prnding virus bits are small and will be deleted in something like 7 days. 2By default then then scan for spam. I haven't had this turned on in a few months, but the last time I did it was really quite effective; and has been for about a year now. Before that it was essentially useless, catching maybe 10% of the spam. These spam mails go into the 'caught spam' folder, and DO NOT count against your mail quota. They will be deleted after some not large number of days, 3-5 as I recall. 3You can move the spam into your real mail folder. This re-mails it to you, but bypasses scanning. The headers will be rather strange as a result of this forwarding. Obviously this now counts against mail quota. 4You can delete the spam. This doesn't 'delete', it works like a windows/mac machine and moves it to the 'deleted items' folder. Now this deleted spam DOES count against your mail quota! Fortunately the deleted items folder is really deleted after 7 days, I think. However, it is smart to click the 'empty trash' button that shows up here and there and jump through the assorted hoops necessary to get this crud really deleted. BTW, if you move something from deleted items back to inbox, it doesn't move it, it RE-SENDS it to you! It will show up with new message numbers and get downloaded a second time by pop. If you just accept the default configuration of virus and spam scanning and don't muck with the stuff, it is all reasonably transparent. If you do like I do and disable one or both of these scans it is also reasonably transparent, but you get all the spams or virui, depending on your settings. (I leave the virus scan on and spam scan off.) Normally your pop3 client will be set to delete the mail as soon as it is downloaded. I tend to leave it there for about 5 days before deleting it with a handy little program I cobbled to do that, so I can get to webmail if I'm not at home, without having to turn off the home feed. OE will delete the mail from the feed for you, either immediately or after a period of time. However, I have a double-level pop3 feed because SA sits in the middle on a linux box, so need to reach around this to delete the stuff from the main folder. I have fetchmail set to not delete. (I wish it had an option to delete after N days/hours, but it doesn't seem to.) Loren
Re: Account # 555711L Spam
On Saturday 23 July 2005 13:13, jdow wrote: >From: "Jeffrey Lee" <[EMAIL PROTECTED]> > >> Are they any rules to stop this type of spam? It is continually >> growing and doesnt ever let up. > >One thing I discovered is that these spams CAN upset the combination >of fetchmail and the Earthlink pop3 server, NGPOPPER. (No Good > POPper?) > >Until you manually telnet to the Earthlink server and delete the > offending email you get mailboxes full of the message. Is this by > any chance what you are seeing? > >And yes, there are rules that catch it. Every one has been marked >spam here, quite handily. > >{^_^} I wonder if perhaps earthlink is not the only ISP with that problem. I have my vz prefs set to delete any detected spam as I have now switched to a fetchmail based mail suck. Haveing a kmail problem the other day, I logged in via the webmail at vz, and found 9 messages, all spam, sitting in the spam folder there. So I checkmarked them to be deleted, and as I had the tech support guy on my ear at the time, I noted that delete didn't, it just moved the stuff to the trash folder. That pulled my trigger and I made it clear to the support drone that when I clicked on delete, thats exactly what I intended to happen. As vz is currently setup, you then have to move to the trash folder, select them all again, and click delete to be able to be truely rid of the wasted space. -- Cheers, Gene "There are four boxes to be used in defense of liberty: soap, ballot, jury, and ammo. Please use in that order." -Ed Howdershelt (Author) 99.35% setiathome rank, not too shabby for a WV hillbilly Yahoo.com and AOL/TW attorneys please note, additions to the above message by Gene Heskett are: Copyright 2005 by Maurice Eugene Heskett, all rights reserved.
Re: Account # 555711L Spam
All recent mortgage spam/scams: Subject: Re: Account # 1954800A Subject: Re: Account # 8479229A Subject: Re: Account # 9940144E Subject: Re: Account # 3952049B Subject: Your account #686M7984 Subject: Re: Account # 0512980B Subject: Re: Account # 95313595A Subject: Re: Account # 0434326O Subject: Account # 84088Y Subject: Re: Account # 67817K Subject: Re: Account # 71072025X Subject: Re: Account # 76672902B Subject: Re: Account # 83442I Subject: Re: Account # 02934426Y A *much* better sign is the header: X-Mailer: KYX CP/M FNORD 5602 which is in all of them and many more mortgage spams from the same spammer without the "Re: Account #" labeling. There are several SBLs, but the only one I could quickly find without the domains already suspended was; http://www.spamhaus.org/sbl/sbl.lasso?query=SBL29093 Paul Shupak [EMAIL PROTECTED] P.S. I don't know what mailer generates the "KYX CP/M FNORD", but it seems to only appear in spam.
Re: Account # 555711L Spam
From: "Jeffrey Lee" <[EMAIL PROTECTED]> > Are they any rules to stop this type of spam? It is continually > growing and doesnt ever let up. One thing I discovered is that these spams CAN upset the combination of fetchmail and the Earthlink pop3 server, NGPOPPER. (No Good POPper?) Until you manually telnet to the Earthlink server and delete the offending email you get mailboxes full of the message. Is this by any chance what you are seeing? And yes, there are rules that catch it. Every one has been marked spam here, quite handily. {^_^}
Re: Account # 555711L Spam
Hum. I don't have any with that particular number, and the closest I found in format was a mortgage spam that got 42 points and change. Loren
RE: Account # 555711L Spam
Jeffrey Lee wrote: > Are they any rules to stop this type of spam? It is continually > growing and doesnt ever let up. > > Thanks, > Jeff The Account #'s constantly change in batches, we tried a few rulesets to nail them and they work for a small period of time. After that, more keep streaming in. Have found two things that seem to work effectively: #1 - Spamhaus. We tweaked the MailScanner side of our MS/SA package so that if a 'From' has 1 list hit it's Spam and WAS delivered to the receipient as a UCE attachment. We then had 2 or more lists going straight to bogus spam. After awhile the UCE's were growing and rather pointless as 99% were spam so we modified it a bit more like this: We use MailWatch, so now a 1-list hit is quarantined for review. A 2-list or more is also quarantined but flagged as Hi-Score spam. Why? So that we can review them if they look legit (we find 1-2 per 100 that are kosher) and also then SA-Learn them or review the content to write better SA rulesets to catch the crud. SA kicks in after MailScanner in our config, so the less we have to make SA work - the better the load average reduction. By adding Spamhaus's 'lite' list (forget which one, but will look that up) it seems to catch a ton of these types of mails that are getting reported by ISP/HSP's and therefore they're not being delivered. Usually it's the only one that appears in the Spam Test, otherwise if it's really bogus it shows up with 2+ hits on UCEL1, CBL, DSBL, BLITZED, etc. Spamhaus also seems to catch most of the mail forged with Cable & DSL providers so we can see if it's legit before releasing it to the customer. We simply created a release message that has the original as an attachment and tells the customer 'This is blocked. If it's kosher send us a reply stating so, if it's spam this is your only notice of the block and it stays in place'. That seems to work much more effectively than trying to train monkeys to feed Bayes or muck with their e-mails forwarding them somewhere as most just are lucky to know how to READ their e-mails. #2 - Firewall. We added an external PCI card based firewall to our setups that has it's own CPU and essentially gives us a GUI version of IPTables. Most of the crud you're asking about tends to come from certain regions or IP ranges and using MailWatch to trace those back we've been able to block just the SMTP traffic from those areas so we don't see most of these. I note that the 1.txt slew of spam crud has also not appeared on our systems at this point primarily as I think we're blocking the forged or legit sources with this firewall. The firewall helps as it reduced the load averages on the box by 50%+, the packets never make it to MS/SA so we don't waste timecycles processing sludge. HTH! David J. Duffner President PSCGi Paradise Shore Communications Group www.pscginternet.com I--I Message scanned by MailScanner, and is believed to be clean. CONFIDENTIALITY NOTICE: This transmission intended for the specified destination and person. If this is not you, this e-mail must be deleted immediately. www.pscginternet.com