True. YOu could strip out teh extra crap. I am sure that could be done in perl, or something. Or, just post some spam-trap addresses around on usenet and on web-pages on geocities/angelfire/etc... I am sure that will get you a big pile of spam pretty quickly.
why should they care. They care because not everyone feels that young children should be exposed to hardcore pornorgaphy and violence.
It's a question that will escalate up the ranks, probably ending up with some bullshit congressional hearing or other, in which it is decided that all people over 18 with children will be implanted with authorization chips that activate the software. It'll be part of signing the baby out of the newborn wing of the hospital - just sign this birth certificate - by the way, you may feel some initial discomfort. Wow. You have the tin-foil hat on pretty tight today, don't you?
Ironically, the under-17 crowd that has children, such as you might find in just about any broken-down central urban district (and, here's the scary bit, *elsewhere too*), will be utterly helpless coming from either direction. Fortunately, they don't count, and the program to discourage voting proceeds according to schedule. Activate phase 3. OMG. I think that some child in a 'broken-down central urban district' (AKA: Tha Ghetto) has more pressing concerns than the possibility that he/she won't get to play the latest gore packed shoot-em-up.
I know kids get all worked up over their games, but they are just games. Please, get some priorities. Thank you.
The GPL adds rights to those you are granted under copyright law as enforced in the US and most contries. If you don't agree to the license, you have less rights than you do before. Therefore there is no reason to not agree to the license.
Unless I want to do something that the GPL will not allow. What if I want to distribute binaries but not the modifies source code. If my script removed the GPL before I read it. Would it apply? In the article I posted earlier, Slashdot readers are saying that it is OK to not read a companies license.
...wouldn't this seriously increase their own space usage? I mean if now every account is getting spammed by every 'marketing partner'
Well, now that you have signed up to recieve spam, Yahoo! can sell your address to spammers. The spammers get fresh email addresses, Yahoo! gets some $, and you get it in the shorts.
Well, in my job, I have had the pleasure of talking to many a customer who had an open relay. Here are some VERY common reasons:
"What mail server?" Someone's DNS has a mail server installed on it. The customer did a default install of his OS and it installs a mail server by default. Some customers are not even aware that there is a mail server installed on the box.
"That old box?" "Sendmail 8.6-SMI runs just fine, why would I change it?" MTAs came 'open' by default untill about 3 years ago. You would be supprised at how many mail boxes just run at the back of some office for years on end with no intervention.
"But, it needs to be open" Customers have users who travel or send mail from different ISPs. Instead of using POP-before-SMTP or AuthenticatedSMTP they just open the mail server up to everyone. It is just easier that way.
I can understand getting burned out on excuses and all that. But, SPEWS might be doing the anti-spammers a big dis-favor by sending the innocent into nanae. My customer now feels that ALL anti-spammers are a bunch of jerks who just want to bully people around.
I can't see how you'd get listed in the first place.Well, a customer gets his bandwidth from where ever. If that ISP has a spammer on it, SPEWS will list that entire/24 (or bigger) at the drop of a hat.
certain ISP dialup ranges in Michigan and the Dallas-Ft. Worth area. Yeah. Alan Ralsky is a real choad-smoker, isn't he? I'll have to call Alan again and let him know he is a douche-nozzle.
Well, considering how little email I get in a day, I don't see how it could be a real problem. Plus, it could cache entries that have passed the test, so that email from mailing lists would
only be tested once (per day/week/whatever). For people running mail servers for personal use, it would not be a problem. But, if you had several thousand users, there would be a delay.
And it should catch web forms, also, because web forms are just front-ends to smtp servers, aren't they? The script that spammers abuse the most is 'formmail.pl'. Check and see how that script delivers it's mail and you will have your answer.
Hmmm... I wonder if it's possible to write a script that scans the header of every email that arrives, does an open relay test on the sending IP, and if it fails, discard the email? You should not need to scan headers. Just get the connecting IP from your logs. Just send out some '220-' lines and it will keep the connecting server holding while you find out if it is an open relay.
What's an open proxy? These are proxies that spammers will use to redirect traffic to where ever they want to go. They are called HTTP Connect Proxies. Exploiting these is as simple as:
aeolus:telnet 198.xxx.xxx.x 80
Trying 198.xxx.xxx.x...
Connected to echspc4.xxxxxx.xxxxx.xxx.us (198.xxx.xxx.x). Escape character is '^]'. CONNECT 208.146.xxx.xx:25 HTTP/1.0
HTTP/1.0 200 Connection established
220 bass.sport_fish ESMTP Server (Microsoft Exchange Internet Mail Service 5.5.2650.21) ready
Disclaimer: I am not SPEWS. I don't know who SPEWS is. If I did, I'd buy them a beer. Uh-huh.... Sure you aren't.;)
Here is the problem. The customer gets his bandwidth from ISP A. ISP A has some spammers on a '/24'. My customer has a '/29' in that '/24'. My customer goes to the newsgroup to ask to be let out of SPEWS. Group members flame my customer to a crisp because he is supporting spammers when he pays his bill every month. My customer is told that he has to talk to his ISP about getting rid of spammers (which should be SPEWS job, IMHO) or move his network. My customer doesn't want to do either, so we route his mail thru the colo. Problem solved.
Not is there is no spam coming from it.:) I check to see if the customer is a spammer and if they are running a open relay. If they are a spammer, I tell them to fuck off. If they have an open relay, I fix it. If they are none of the above, I send them thru a colo.
Um. That would list all mail servers, sparky.:) I think you are trying to say that your mail server should perform an open relay test on any IP that is connecting to your mail server. This would work but, it will be quite a performance hit on your mail-server (doing that kind of check is gonna take a lot of time) and you won't catch the open proxies or web-forms that spammers are starting to abuse.
We have had customers find themselves on SPEWS. We just set up a smart host on a colo and have thier mail server direct all outgoing mail thru the colo. This way, the non-spammer does not have to re-locate and SPEWS has to do their own dirty work.
Slashdot Mirror
Considering how many socks are lost each year, we may need more IP space then.
I think someone thinks a bit *too* highly of themselves. ;)
True. YOu could strip out teh extra crap. I am sure that could be done in perl, or something. Or, just post some spam-trap addresses around on usenet and on web-pages on geocities/angelfire/etc... I am sure that will get you a big pile of spam pretty quickly.
Look in UseNet. The group news.admin.net-abuse.sightings is where people post their spams. Enjoy!
$ Slashdot gets paid to run these 'stories'. How else do you think this site stays up? By subscriptions? Ha!
That and we were able to stop most of the DoS with some mittigation tools we have for such an occasion.
God, this place has gone to shit.
Back in the day(tm), we had a string we could send that would reset their modem to a 300baud connection then save to memory. :)
No shit. I shower every week, even if I don't need it. F-ing clean freaks.
They care because not everyone feels that young children should be exposed to hardcore pornorgaphy and violence.
It's a question that will escalate up the ranks, probably ending up with some bullshit congressional hearing or other, in which it is decided that all people over 18 with children will be implanted with authorization chips that activate the software. It'll be part of signing the baby out of the newborn wing of the hospital - just sign this birth certificate - by the way, you may feel some initial discomfort.
Wow. You have the tin-foil hat on pretty tight today, don't you?
Ironically, the under-17 crowd that has children, such as you might find in just about any broken-down central urban district (and, here's the scary bit, *elsewhere too*), will be utterly helpless coming from either direction. Fortunately, they don't count, and the program to discourage voting proceeds according to schedule. Activate phase 3.
OMG. I think that some child in a 'broken-down central urban district' (AKA: Tha Ghetto) has more pressing concerns than the possibility that he/she won't get to play the latest gore packed shoot-em-up.
I know kids get all worked up over their games, but they are just games. Please, get some priorities. Thank you.
Unless I want to do something that the GPL will not allow. What if I want to distribute binaries but not the modifies source code. If my script removed the GPL before I read it. Would it apply? In the article I posted earlier, Slashdot readers are saying that it is OK to not read a companies license.
But, if you do not read the license, you are not bound by it, right?
Why is it ok to not abide by a MS EULA, but not ok to not abide by a FSF EULA?
The post is about TrustE and the story is about TrustE. How is this OffTopic?!?
It is an awesome package. Plus the key fobs have a very high geek factor.
Well, now that you have signed up to recieve spam, Yahoo! can sell your address to spammers. The spammers get fresh email addresses, Yahoo! gets some $, and you get it in the shorts.
I hope this has answered your questions.
Kooks have threatened to blackhole all of UUnet for ages. No one has yet to do it. I doubt anyone, of importance, ever will.
I can understand getting burned out on excuses and all that. But, SPEWS might be doing the anti-spammers a big dis-favor by sending the innocent into nanae. My customer now feels that ALL anti-spammers are a bunch of jerks who just want to bully people around.
certain ISP dialup ranges in Michigan and the Dallas-Ft. Worth area.
Yeah. Alan Ralsky is a real choad-smoker, isn't he? I'll have to call Alan again and let him know he is a douche-nozzle.
only be tested once (per day/week/whatever).
For people running mail servers for personal use, it would not be a problem. But, if you had several thousand users, there would be a delay.
And it should catch web forms, also, because web forms are just front-ends to smtp servers, aren't they?
The script that spammers abuse the most is 'formmail.pl'. Check and see how that script delivers it's mail and you will have your answer.
Hmmm... I wonder if it's possible to write a script that scans the header of every email that arrives, does an open relay test on the sending IP, and if it fails, discard the email?
You should not need to scan headers. Just get the connecting IP from your logs. Just send out some '220-' lines and it will keep the connecting server holding while you find out if it is an open relay.
What's an open proxy?
These are proxies that spammers will use to redirect traffic to where ever they want to go. They are called HTTP Connect Proxies. Exploiting these is as simple as:
aeolus:telnet 198.xxx.xxx.x 80
Trying 198.xxx.xxx.x...
Connected to echspc4.xxxxxx.xxxxx.xxx.us (198.xxx.xxx.x).
Escape character is '^]'.
CONNECT 208.146.xxx.xx:25 HTTP/1.0
HTTP/1.0 200 Connection established
220 bass.sport_fish ESMTP Server (Microsoft Exchange Internet Mail Service 5.5.2650.21) ready
now, just spam like mad
Uh-huh.... Sure you aren't.
Here is the problem. The customer gets his bandwidth from ISP A. ISP A has some spammers on a '/24'. My customer has a '/29' in that '/24'. My customer goes to the newsgroup to ask to be let out of SPEWS. Group members flame my customer to a crisp because he is supporting spammers when he pays his bill every month. My customer is told that he has to talk to his ISP about getting rid of spammers (which should be SPEWS job, IMHO) or move his network. My customer doesn't want to do either, so we route his mail thru the colo. Problem solved.
Not is there is no spam coming from it. :) I check to see if the customer is a spammer and if they are running a open relay. If they are a spammer, I tell them to fuck off. If they have an open relay, I fix it. If they are none of the above, I send them thru a colo.
Um. That would list all mail servers, sparky. :) I think you are trying to say that your mail server should perform an open relay test on any IP that is connecting to your mail server. This would work but, it will be quite a performance hit on your mail-server (doing that kind of check is gonna take a lot of time) and you won't catch the open proxies or web-forms that spammers are starting to abuse.
We have had customers find themselves on SPEWS. We just set up a smart host on a colo and have thier mail server direct all outgoing mail thru the colo. This way, the non-spammer does not have to re-locate and SPEWS has to do their own dirty work.
How large of an increase? I send two letters a month (bills). Even if the price doubled, it would be worth it to me.