Domain: linxnet.com
Stories and comments across the archive that link to linxnet.com.
Comments · 20
-
Re:My mail serverI'm using the following in postfix (based on http://jimsun.linxnet.com/misc/postfix-anti-UCE.t
x t). Drops around 90% of the incoming spam outright. spamassassin is used to munge what does get through.smtpd_helo_required = yes
disable_vrfy_command = yes
strict_rfc821_envelopes = yes
show_user_unknown_table_name = no
smtpd_recipient_restrictions =
permit_mynetworks,
permit_sasl_authenticated,
reject_invalid_hostname,
reject_non_fqdn_hostname,
reject_non_fqdn_sender,
reject_non_fqdn_recipient,
reject_unknown_sender_domain,
reject_unknown_recipient_domain,
reject_unauth_destination,
permit
smtpd_data_restrictions =
reject_unauth_pipelining,
permit -
Re:SpamAssassin is too costly.
Pushing all messages through SpamAssassin would be simply silly. As always you should first use the cheap checks, and only use the very expensive ones like SA until the last moment. You should balance your anti-spam configuration with the risk of false-positives, because some checks may work well in theory but don't work at all in the reality of the internet. Many mailservers have bugs or configurations that would cause you to block legitimate mail, and if you block a false positive at the mailserver level, you can't drag it out of your spam mailbox later.
In other words, read before you do and run in 'warn-before-act' mode for a while. It's for example possible but not practical to check for existence of the sender's address, even though that would work wonders against spam.
If you're using Postfix, there are many check you can do before your heavy filter steps in.
Good resources are:
http://www.securitysage.com/antispam/intro.html
http://jimsun.linxnet.com/misc/postfix-anti-UCE.tx t
After doing a bunch of Postfix header checks (such as valid fqdn domains, existing recipients, some RFC-compliance, etc) I check several conservative blacklists, such sbl-xbl.spamhaus.org (with is great), check against my greylisting policy-server, and only then feed it through the bayesian spamfilter (dspam in my case). A last check is amavisd-new which checks for viruses and disallowed filetypes.
This stops (if I recall correctly) 90% of spam *before* it reaches the spamfilter. Only 2-3 messages a week reach my inbox undetected. -
There are better guides on the Postfix site.
The better place to looks is the Howtos and FAQs.
One of my favorites: http://jimsun.linxnet.com/misc/postfix-anti-UCE.tx t -
Signs or more to come....
..but again let me ask, why do Multi-Million dollar companies fail to have their SMTP servers setup correctly, but lame geeks such as myself and other
/. readers have their POSTFIX servers set to deny emails that don't have any TO: or FROM: headers? I mean come on, here's a HOWTO that I worked with that started out in 2001 for hell's sake: Postfix Anti-UCE
Still, there's going to be a ton of companies that don't know what they're doing, or who they're hiring; problems like these will only continue to surface. -
Re:Want to stop it?
Or for those who perfer postfix the Postfix Anti-UCE Cheat-Sheet works well for me. My mail server gets about 500 hams per day only 1-2 spams per week (usually those which have not been picked up by spamhaus.org lists) and have only had 1 false positive.
-
Re:How fast can you think and type!???!
Can you say Copy and Paste Troll?
-
Re:Spam Translation - Read the little font
if we're really going to stop junk email, these are the people we should be working on educating
No, if we really wanted to stop spam then we need to do two things:
1. Force specific performance on the part of the end beneficiary of the spam. When I get a spam offering a guaranteed mortg4ge of $350,000 at %3.5 and $600/month regardless of credit then any mortgage broker who responds to my click here action should be absolutely forced to give me a mortgage on those terms. Let him take it up with the spammer for making promises he couldn't keep.
2. Bar credit card companies from forcing payment for items advertised through spam.
The appropriate target is not the spammers - when a house is filled with roaches you blame the people who left the pizza rotting under the couch. Go after the people who are advertising and discourage them from paying people to spam from them. They often have lots of money and are easy to locate - Kraft (did you ever get an ad for Gevalia coffee?), Publishers Clearinghouse, General Motors... one guy sued Sears for spamming and won.
With the exception of the proof-of-concept and spam-to-spy mailings spam has a purpose defined by the people writing the checks. Make it more trouble and expense for those people and they will no longer write checks to the spammers.
By doing that and blocking all inbound email from RIPE, APNIC and Brazil and the spam issue is almost completely eliminated (to my satisfaction on my servers and my inbox at least - YMMV).
-
For Postfix with large mail volume use...
pflogsumm.
Set it up with cron, get a mail every day and keep them for a few days. Saves you a lot of headache.
For all other stuff use egrep (or grep), awk and sed. I did my own scripts to search for specific abuses. vim in command line mode may also come in handy. -
Re:Off by default
SPAM will only go away when the vast majority of send attempts fail with "User not known" messages from server to server.
Sadly, no it won't.Per-Day Traffic Summary
Reject reasons:
date received delivered deferred bounced rejected
2004-07-14 720 724 192 21 4081
2004-07-15 901 919 194 25 5879
2004-07-16 804 821 197 32 5919
2004-07-17 911 968 287 69 5463
2004-07-18 749 721 360 25 5412
2004-07-19 948 994 430 27 7563
2004-07-20 1012 1020 481 31 6258
2004-07-21 650 635 368 24 429410926 sbl.spamhaus.org
9171 Recipient address rejected: User unknown
8757 Helo command rejected: Syntax error in hostname.
8483 list.dsbl.org
4449 Helo command rejected: need fully-qualified hostname
1337 opm.blitzed.org
402 Relay access denied
364 Recipient address rejected: Improper use of SMTP command pipelining
220 relays.ordb.org
118 Helo command rejected: You aren't AOL!
91 Recipient address rejected: No UCE.
45 Helo command rejected: You aren't CompuServe!
28 Sender address rejected: need fully-qualified address
26 Sender address rejected: No UCE.
9 Recipient address rejected: While that may be true, we don't want your spam.
4 Recipient address rejected: BALEETED
2 rbl.bluecherry.netThe users mail is bouncing for haven't existed since 2002. Spammers haven't even cared about rejected messages for some time.
Slashdot rules. I had to remove some of the formatting in my message because of the so-called "lameness" filter (obviously named after itself, for all the good it's doing.) Some of the formatting has been lost as well, since <pre> is no longer allowed--I'm not going to even bother reformatting it after fighting with the lameness filter. With wonderful misfeatures like this, it's no wonder the quality of discussion here has gone down over the years.
Anyway, the first table is the output of pflogsumm, which provides much more information than just that table, and looks much better when its output isn't raped by Slashdot. You can grab pflogsumm from http://jimsun.linxnet.com/downloads/pflogsumm-1.1
. 0.tar.gz, but it only works with postfix's logs, as the name suggests. -
Puh-lease...
...disable your catchall-address on your 4 domains, and only set up the addresses you need. You will see that the rate of spam you get will drop.
Furthermore the overall traffic you cause on the net will drop also, because the spam will be blocked directly at the mailserver with a 550. The mail will not be transmitted at all.
There are at least a dozen of other methods to block mail from entering a mailserver (given you really have admin-rights on the MX of your domains). There is no need to forward 3000 mails a day to some unlucky bureaucrat.
Please see:
Greylisting - the next step in the spam-control war (generic)
Anti-UCE Cheat-Sheet (Postfix)
Security-Sage Anti-Spam Guide (Postfix) -
Re:flipside
Thank the spammers. Seriously, a very good read, if ever in doubt who deserves your anger.
-
Re:insight needed
I don't see any compelling reasons to migrate if everything is working fine in Qmail.
If you want a cookbook on how to set up Postfix and SpamAssassin and friends, there are several really good resources: Jeffrey Posluns, Jim Seymour, Meng Wong (old but still useful). Posluns' guide is probably where you should start first.
-
Re:Politicians for Ya
Oh realy, check out Spam suit to see how a Michigan man sued sears,
* Case Number: 03-73823sc
* Court: Small Claims Court, 44th Judicial District (Royal Oak, MI.)
o Phone: (248)246-3600
* Presiding: Magistrate Donald R. Chisholm
* Trial Date: 2-4-2003
* Award: $539.00 (including court costs)
If you read the law you'l see that the definition of a fax machine revolves arround the capability, not the actual use as a fax, and that it makes unsolicted messages to a telephone facsimile machine illegal. Make forged headers criminal, now we can easily track the suckers! -
Re:English translation?
Here's a copy of the original lawsuit which was filed by the world's most incompetant lawer, Mark Felstein who was hired by a bunch of Boca Raton chickenboner spammer scumbags, under the auspices of this "emarketersamerica" front. A summary of the charges is here. You can also read the defendant's item-by-item reply to the original complaint. It's quite funny, actually, and reminds me of IBM's response to SCO's bullshit where they basically state that every allegation is false to fact, other than the obvious, such as "IBM sells computers".
Except in this case, the spammer plaintifs were so incompetant that they couldn't even formulate a single complaint that had any basis in law. They also tried to file a temporary restraining order against spamhaus, which the Florida judge basically laughed at. The suit was really just a big case of harassment, and a ploy to somehow reveal the identity of the anonymous party[1] behind SPEWS -- which is not Steve Linford or Spamhaus, as a lot of these slashdot stories seem to imply. Spamhaus was just one of about 13 various mirrors that distributed the SPEWS DNS blocklist.
You can find more details here.
[1]<cough>Terry H. Gilsenan aka "Posopis Menaga" (pidgin for "postmaster") -
Same spammer forged other domains, also.The article doesn't mention it, but the spam advertised the website mypillsrx.com, where they claim to sell various prescription drugs. More likely, they just collect your money or credit card number.
The same spammer forged a number of other domains, including mine. I have a page about it at http://www.whitis.com/mypillsrx.htm. There is also another article available at AVN Online.
Eddy Marin, a well known spammer with a history that includes convinctions for cocain dealing, money laundering, and who was involved with pornography, seems to be behind the spam.
In the meantime, his pet lawyer, Mark Felstein, ( check out the cute picture) is suing several people who fight against spam for blacklisting "anonymous members" of his newly created EmarketersAmerica organization, and several anti-spam sites all over are being under DoS attacks.
The spammers are winning because the good guys are playing fair and honest while the spammers have no morals are are making up their own rules.
-
Re:The junk fax law
Case Number: 03-73823sc
Court: Small Claims Court, 44th Judicial District (Royal Oak, MI.) Phone: (248)246-3600
Presiding: Magistrate Donald R. Chisholm Trial Date: 2-4-2003
Update - Feb. 20, 2003 Good News! They didn't appeal, I got my check. for the full story links ect.click
here.
Note altho this is a federal law, it was specificaly written so that it is to be tried in the state courts, I.e. the small claims (fuck the lawyers) courts specificaly by private citizens, or in federal district courts when a states att. gen. brings compalaint on behalf of his state's citizens. The fine or standard damages is $500, or 3X $500.00 for willfull violations.
Now all we need to do is to convince the prossecuters that forged headers are a form of Identity Theft -
US Title code 47 section 227.as reported on Michigan Man Uses Junk FAX Law to Sue Sears Over Spam, US Title code 47 section 227, Restrictions on Use of Telephone Equipment defines
(2) The term ''telephone facsimile machine'' means equipment which has the capacity (emphisis is mine)
(A) to transcribe text or images, or both, from paper into an electronic signal and to transmit that signal over a regular telephone line, or
(B) to transcribe text or images (or both) from an electronic signal received over a regular telephone line onto paper.and further more,
(4) The term ''unsolicited advertisement'' means any material advertising the commercial availability or quality of any property, goods, or services which is transmitted to any person without that person's prior express invitation or permission.
so the sections
(b) Restrictions on Use of Automated Telephone Equipment
(1) Prohibitions. It shall be unlawful for any person within the United States -
...
(C) to use any telephone facsimile machine, computer, or other device to send an unsolicited advertisement to a telephone facsimile machine; ...(5) Private Right of Action. A person who has received more than one telephone call within any 12-month period by or on behalf of the same entity in violation of the regulations prescribed under this subsection may, if otherwise permitted by the laws or rules of court of a State bring in an appropriate court of that State (emphysis is mine) -
(A) an action based on a violation of the regulations prescribed under this subsection to enjoin such violation,
(B) an action to recover for actual monetary loss from such a violation, or to receive up to $500 in damages for each such violation, whichever is greater, or
(C) both such actions.Additionaly
(1) Prohibition. It shall be unlawful for any person within the United States -
(B) to use a computer or other electronic device to send any message via a telephone facsimile machine unless such person clearly marks, in a margin at the top or bottom of each transmitted page of the message or on the first page of the transmission, the date and time it is sent and an identification of the business, other entity, or individual sending the message and the telephone number of the sending machine or of such business, other entity, or individual.
(f) Actions by States
(1) Authority of States. Whenever the attorney general of a State, or an official or agency designated by a State, has reason to believe that any person has engaged or is engaging in a pattern or practice of telephone calls or other transmissions to residents of that State in violation of this section or the regulations prescribed under this section, the State may bring a civil action on behalf of its residents to enjoin such calls, an action to recover for actual monetary loss or receive $500 in damages for each violation, or both such actions. If the court finds the defendant willfully or
knowingly violated such regulations, the court may, in its discretion, increase the amount of the award to an amount equal to not more than 3 times the amount available under the preceding sentence.
(8) ''Attorney General'' Defined. As used in this subsection, the term ''attorney general'' means the chief legal officer of a State.while IANAL, it seems to me that Deputy Communications Minister Andrei Korotkov, A person under US law has recieved an unsolicited advertisement, to his computer which has the capacity to send and recieve faxes via a telephone line so it
-
Re:FYI- link to the PDF of the lawsuit
Instead of
/.ing that one site, chose one from the list tmork provided or use the "randomizer" for this document at http://www.LinxNet.com/misc/spam/slapp.php -
Have you already forgotten the lesson?
Here is a link that Slashdot previously posted about a guy who successfully used 47USC227 to sue spammers. You can do it too. Go for the money, or gonads, whichever turns you on the most.
-
Re:Unsolicited Faxes are illegal. Why not spam?