Yeah it is getting ridiculous. I installed Canit Pro a while back to tie all the various OSS spam filtering apps together that I've been using for years. My spam influx has dropped from hundreds and hundreds a day to less than a dozen. The ones that get through now are the extremely stripped down oto practically nothing. I don't mind deleting them though, as long as the majority is dealt with without me.
On your topic though of giving it out to folks when you sign up I agree; it's a perfect tactic. I used to use Sendmail plus notation for that but I switched to using Sendmail aliases in the end. I can shut off the flow a whole lot easier for a given spam address. I wrote more about it in a previous post I was surprised to see what all reputable magazines, catalogs, and credit card companies sold my address to others. At least I can shut down the spam easily enough.
China or India could possibly submarine this argument, but I do believe that both of those countries have quite a few regional dialects to keep it valid in that neither has one language that the whole population speaks. I have nothing with which to back this up, however.
True, but if a person is your friend then obviously you two managed to communicate well enough to become friends. If someone is your friend then you likely speak a common language. That's my take on it at least. I think they simply need to use localization on their website to curb the problem.
Alan Ralsky, is that you? Ernie Haberli, is that you? No wait, I know who you are, you're Scott Richter. Hi Scott. I knew only a spammer could possibly say so many stupid things in one post. Yes Scott, it really is inconvienent for you when we anit-spammers quickly forward all your lovely little spams to postmaster @ the provider whos poor customer was compromised by your little ope proxy viruses and unknowingly let you spam via their computer. Yes, that is inconvienent. Wouldn't you love it if no one used postmaster or abuse or any other standardized mailbox to contact mail admins around the globe? Why your spamming might be able to go on for a day or two before we determined few could find a way of contacting the right people--that's if we can get through the various levels of BS at any one given company to actually get to the mail administrator. There there Scott, don't cry. I know it's been tough on you. That's too bad though because this accepted practice just isn't going to stop any time soon. There is hope for you though. Get ahold of the zone files from rfc-ignorant.org. They compile lists of the really ignorant people that can't seem to comprehend what a RFC is and how to use it. You should be able to spam freely from those ignoramuses since they obviously aren't very compotent mail administrators. Been nice talking to you Mr. Scott Richter, spammer.
BTW, you're intentionally inciting a DoS attack on the RFCI folks. Don't you know that's illegal? Maybe you should just step away from the computer now before you really get yourself into trouble.
So as someone who claims to be a mail admin you're saying you don't want to use the estalbished method of contacting mail admins to be used on your server? How else do you expect mail admins to contact you? Do you want them to jump through hoops and search your website for new contact information? Sure postmaster gets spam. All postmasters get spam. Cry us a river and deal with it like every other responsible mail admin out there. It's something we just put up with because doing with it unacceptable. There are reasons we have RFC-I. Your attitude and those that share it are the main reason.
Actually that's how most are found. Some aware person sent a message to postmsater or abuse at a given domain and it bounced with some error that indicates that it's either not a valid mailbox or that it won't be read by a human. Usuaully this happens during the practice of spam LARTing. You take the full headers and body of the message that indicated that the address was invalid or wouldn't be read by a human and you submit it to the RFCI folks either via a web form or via email. They'll examine your submission, confirm your claim, and blacklist the domain in the appropriate places. No (that I know of anyhow) goes out looking for domains to blacklist at RFCI. They just stumble across them in the course of their normal activities.
I hear you. I got tons of spam on my spamtrap domains. I had the domains hosted out of my house. I had to shutdown DNS and mail service on my server to play games. Shutting down mail service was the big one. As long as I was sending TCP RSTs to tcp/25 connection requests I had enough bandwidth to play games. Otherwise my DSL line ran at about 75% utilization all the time. Shutting down DNS didn't stop the UDP request packets but it did keep more spammers from resolving the IP of my mail server on those domains for a short time. Handy.
I wasn't using Bayes at the time. It was pretty immature and the implementations that were available didn't work too well. It's infinitely better now though. I had a procmail recipe that auto-munged and posted copies to NANAS. It also forwarded a copy to the FTC. Finally it submitted the spam to Pyzor and Razor. That recipe worked great until I was joe-jobbed. I never did get manage to get that recipe to filter out those bounces before performing the various actions. I was getting too much spam per day to confirm each and every message. When I moved and changed the DNS entries to point to localhost I was getting just over 120,00 pieces a day. I couldn't archive it. I had to trash it. I need to get it started again now that I have a permanently co-lo'd server. capable of handling anything I'll ever throw at it.
If you aren't already doing it, I highly recommend you implement greylisting. I'm implementing it soon. I hear it's wonderful. Canit has built in greylisting capabilities. Best of luck.
If they want people to accept their mail then they'd best play by the established rules of the Internet. I reject mail from domains that don't conform the the RFCs on all my mail servers. Don't you?
That's actually what I just said. It's only useful if you want spam.:-) My first post in this article goes into more detail. I wrote a HOWTO a year or so ago. I should dig that out and post it somewhere.
If a person fat-fingers an address and it is sent to the wrong user on your system you are required to send a DSN. Have you never read the relevant RFCs to administrate a mail system? That should be a prerequisite before being allowed to join the Internet community as a mail administrator.
Advice can not get any worse than this. Postmaster and Abuse are required mailboxes. They are not optional. RFC 2142 mandates their use. This isn't some new requirement either. That RFC was written in 1997. People who violate this RFC will find themselves in a blacklist at a very aptly-named website: RFC-Ignorant.Org. A very fitting name for a very ignorant group of people.
Moderators, please moderate the parent down for being a fool giving fool's advice.
You are correct. A catch-all gives a valid user where otherwise there wouldn't be one. Thus no DSN is sent. Using a catch-all with a domain in which its sole purpose is to collect spam and has no other valid use (like a couple of my domains) is great. Using a catch-all on any domain with other valid email use would actually causes violations of the RFCs. If a user fat-fingers an address and sends it to nillgates@microsoft.com instead of billgates@microsoft.com then you are required by the RFCs to return the appropriate DSN. With a spamtrap domain your intention for that domain is to have all addresses be valid and you do take action on that mail. Thus I don't believe that would violate the RFCs. However using a catch-all on a domain with valid email traffic is a violation of the RFCs IMHO.
Your advice is insane. Any person with any experience with mail administration would know better than to use a catch-all address on a domain with valid uses. Please stop giving out bad advice to people that don't know better.
There are better ways to do this. First off there's Sendmail "plus notation," also known as "user+detail" format. If you haven't heard about this you should do some research on Sendmail's website. The other method if you own your own domain, which obviously you do if your using a catch-all address, is to simply use aliases. Add your custom alias to your local aliases file, rerun newaliases, and you're set. Personally I use a little of both. I use aliases all the time. I can add an alias in a matter of seconds at any given point and time. A quick look at my current aliases file shows me aliases for dictionary.com, outdoorsuperstore.com, The Wall Street Journal, The New York Times and more. The best part about aliases is I can turn off the flow of spam by simply removing the alias. To stop the flow of spam to an address using plus notation I have to whip up a procmail recipe. I've seen more than one spammer strip the plus notation from outgoing addresses though so it isn't always going to stop the flow of spam. Not all web forms accept the plus sign as a valid email character. YMMV, no, I take that back. I can guarantee your mileage won't vary. Catch-all addresses have only one valid use: to collect spam. Plus notation will work much of the time. Aliases will work all of the time.
Turning it off? It's off to begin with. Only a fool would turn it on for any domain with legitimate uses. The only time you ever tunr it on is when you WANT spam. There are very few of us that want hundreds of thousands of pieces of spam per day.
But I think it depends on what you are using your domain for; wildcard spam is minor/rare compared to targetted spam
On the contrary wildcard spam is extremely common. When was the last time you ever watched the maillog of a busy MTA? I garuntee you it will be riddled with User Unknown errors from dictionary, Rumplestiltskin and wildcard attacks. It's that way on every mail system I've ever administrated, including the ones I administrate now.
If you ever plan on using that domain for any legitimate purposes then do not EVER give it a catchall address. A catchall address blatently invites spam. Rumplestilskin and dictionary attacks will find an infinite amount of valid email addresses in your domain and your influx of spam will grow exponentially. At some point your provider will proclaim "Enough!" and either tell you to take your business elsewhere or will start charging your by how much email you send and receive. Don't doubt this. It will happen. If you provider had any sense whatsoever they wouldn't give you the option of having a wildcard recipient.
There is but one valid reason for ever having a catch-all address. That reason is if you actually, honestly, truely WANT spam. "Who wants spam?"/I you say? I do. I have a handful of domains that have no other purpose in life but to collect spam. I've seeded addresses from those domains into dozens of spammers' "remove" forms. I built a list of 525,000 proper pronouns and used that to compile a list of userid@spamme-domains.tld addresses to seed those remove forms with. The end result is hundreds of thousands pieces of spam per day flowing into those domains. I archive much of it and automatically report the rest to the FTC as spam. Oh happy day. That's the only valid reason for ever using a catchall address that's publicly exposed to the Internet.
The patent process must obviously be flawed. How else can they explain how so few patents have ever been voided? They can't claim that the application process adequately weeds them out when you take a cursory glance at the crap that slips through. The whole damned system is screwed up.
You see my friend there is this little internal group at every company that seems to have the ear of the suits that sign the checks (well, order someone else to sign the checks). You may think that influential group is you, the IT department. After all you department alone has more years of education and intelligence among its members than all the other departments combined. You'd be wrong though. Who has the ear of the suits? Marketing. And if Marketing says no then no matter how well you know your job and how neurotic they may be you still do what they say.
We don't want SCO to go bankrupt yet. We want them to lose the case, uphold the GPL, prove Microsoft's involvement and then, ONLY THEN do we want them to be squashed like the bugs that they are.
It is obvious to people like you and I but to a person that's security-illiterate it's not something they know. Slashdot caters to every type so it's a good idea to speak to the lowest common denominator for discussions like these. Thinking back to when I was a newbie if I came across a discussion talking about the greatest SunOS config tools like this one I would have gobbled up every piece of information possible. If they didn't dumb it down for me though I probably wouldn't be understand the best recommendations.
Making your coffee, washing your dog, cooking you a 5 course meal, etc... The point is it's bloated beyond repair. What we need to a complete and total rewrite from the ground up. If people want vi to read to the kids and feed their fish then give them that ability through the use of plugins. Don't bloat it for everyone. Damn. And to think we actually complain about Microsoft bloat in Office and Windows. Vi and emacs are worse!
You know, I can't recall the last time I had X running on any of my Linux servers. It would have to be at least as far back as 1999. At least. I do everything with the CLI. I don't count ncurses environments as GUIs either thought I know some really odd ducks that do (never understood that train of thought). CLI is the only way to go. Learn to use that; then you can pretty tools.
Unless your rpm command is compromised and replaced with one that either a) ignored dbpath or b) forces it to just the one in/var. They do it with ps and netstat all the time. No reason they couldn't just as easily do it to rpm. The trick is to put all binaries you need to validate your system on the read-only medium with the necessary data files.
Slashdot Mirror
On your topic though of giving it out to folks when you sign up I agree; it's a perfect tactic. I used to use Sendmail plus notation for that but I switched to using Sendmail aliases in the end. I can shut off the flow a whole lot easier for a given spam address. I wrote more about it in a previous post I was surprised to see what all reputable magazines, catalogs, and credit card companies sold my address to others. At least I can shut down the spam easily enough.
I never realized how similar Portuguese to Spanish. I used to know Spanish. Maybe I'll pickup both someday. Thanks!
True, but if a person is your friend then obviously you two managed to communicate well enough to become friends. If someone is your friend then you likely speak a common language. That's my take on it at least. I think they simply need to use localization on their website to curb the problem.
BTW, you're intentionally inciting a DoS attack on the RFCI folks. Don't you know that's illegal? Maybe you should just step away from the computer now before you really get yourself into trouble.
So as someone who claims to be a mail admin you're saying you don't want to use the estalbished method of contacting mail admins to be used on your server? How else do you expect mail admins to contact you? Do you want them to jump through hoops and search your website for new contact information? Sure postmaster gets spam. All postmasters get spam. Cry us a river and deal with it like every other responsible mail admin out there. It's something we just put up with because doing with it unacceptable. There are reasons we have RFC-I. Your attitude and those that share it are the main reason.
Actually that's how most are found. Some aware person sent a message to postmsater or abuse at a given domain and it bounced with some error that indicates that it's either not a valid mailbox or that it won't be read by a human. Usuaully this happens during the practice of spam LARTing. You take the full headers and body of the message that indicated that the address was invalid or wouldn't be read by a human and you submit it to the RFCI folks either via a web form or via email. They'll examine your submission, confirm your claim, and blacklist the domain in the appropriate places. No (that I know of anyhow) goes out looking for domains to blacklist at RFCI. They just stumble across them in the course of their normal activities.
I wasn't using Bayes at the time. It was pretty immature and the implementations that were available didn't work too well. It's infinitely better now though. I had a procmail recipe that auto-munged and posted copies to NANAS. It also forwarded a copy to the FTC. Finally it submitted the spam to Pyzor and Razor. That recipe worked great until I was joe-jobbed. I never did get manage to get that recipe to filter out those bounces before performing the various actions. I was getting too much spam per day to confirm each and every message. When I moved and changed the DNS entries to point to localhost I was getting just over 120,00 pieces a day. I couldn't archive it. I had to trash it. I need to get it started again now that I have a permanently co-lo'd server. capable of handling anything I'll ever throw at it.
If you aren't already doing it, I highly recommend you implement greylisting. I'm implementing it soon. I hear it's wonderful. Canit has built in greylisting capabilities. Best of luck.
If they want people to accept their mail then they'd best play by the established rules of the Internet. I reject mail from domains that don't conform the the RFCs on all my mail servers. Don't you?
That's actually what I just said. It's only useful if you want spam. :-) My first post in this article goes into more detail. I wrote a HOWTO a year or so ago. I should dig that out and post it somewhere.
If a person fat-fingers an address and it is sent to the wrong user on your system you are required to send a DSN. Have you never read the relevant RFCs to administrate a mail system? That should be a prerequisite before being allowed to join the Internet community as a mail administrator.
Moderators, please moderate the parent down for being a fool giving fool's advice.
You are correct. A catch-all gives a valid user where otherwise there wouldn't be one. Thus no DSN is sent. Using a catch-all with a domain in which its sole purpose is to collect spam and has no other valid use (like a couple of my domains) is great. Using a catch-all on any domain with other valid email use would actually causes violations of the RFCs. If a user fat-fingers an address and sends it to nillgates@microsoft.com instead of billgates@microsoft.com then you are required by the RFCs to return the appropriate DSN. With a spamtrap domain your intention for that domain is to have all addresses be valid and you do take action on that mail. Thus I don't believe that would violate the RFCs. However using a catch-all on a domain with valid email traffic is a violation of the RFCs IMHO.
Your advice is insane. Any person with any experience with mail administration would know better than to use a catch-all address on a domain with valid uses. Please stop giving out bad advice to people that don't know better.
There are better ways to do this. First off there's Sendmail "plus notation," also known as "user+detail" format. If you haven't heard about this you should do some research on Sendmail's website. The other method if you own your own domain, which obviously you do if your using a catch-all address, is to simply use aliases. Add your custom alias to your local aliases file, rerun newaliases, and you're set. Personally I use a little of both. I use aliases all the time. I can add an alias in a matter of seconds at any given point and time. A quick look at my current aliases file shows me aliases for dictionary.com, outdoorsuperstore.com, The Wall Street Journal, The New York Times and more. The best part about aliases is I can turn off the flow of spam by simply removing the alias. To stop the flow of spam to an address using plus notation I have to whip up a procmail recipe. I've seen more than one spammer strip the plus notation from outgoing addresses though so it isn't always going to stop the flow of spam. Not all web forms accept the plus sign as a valid email character. YMMV, no, I take that back. I can guarantee your mileage won't vary. Catch-all addresses have only one valid use: to collect spam. Plus notation will work much of the time. Aliases will work all of the time.
Turning it off? It's off to begin with. Only a fool would turn it on for any domain with legitimate uses. The only time you ever tunr it on is when you WANT spam. There are very few of us that want hundreds of thousands of pieces of spam per day.
On the contrary wildcard spam is extremely common. When was the last time you ever watched the maillog of a busy MTA? I garuntee you it will be riddled with User Unknown errors from dictionary, Rumplestiltskin and wildcard attacks. It's that way on every mail system I've ever administrated, including the ones I administrate now.
There is but one valid reason for ever having a catch-all address. That reason is if you actually, honestly, truely WANT spam. "Who wants spam?"/I you say? I do. I have a handful of domains that have no other purpose in life but to collect spam. I've seeded addresses from those domains into dozens of spammers' "remove" forms. I built a list of 525,000 proper pronouns and used that to compile a list of userid@spamme-domains.tld addresses to seed those remove forms with. The end result is hundreds of thousands pieces of spam per day flowing into those domains. I archive much of it and automatically report the rest to the FTC as spam. Oh happy day. That's the only valid reason for ever using a catchall address that's publicly exposed to the Internet.
The patent process must obviously be flawed. How else can they explain how so few patents have ever been voided? They can't claim that the application process adequately weeds them out when you take a cursory glance at the crap that slips through. The whole damned system is screwed up.
You see my friend there is this little internal group at every company that seems to have the ear of the suits that sign the checks (well, order someone else to sign the checks). You may think that influential group is you, the IT department. After all you department alone has more years of education and intelligence among its members than all the other departments combined. You'd be wrong though. Who has the ear of the suits? Marketing. And if Marketing says no then no matter how well you know your job and how neurotic they may be you still do what they say.
*adding to wishlist*
We don't want SCO to go bankrupt yet. We want them to lose the case, uphold the GPL, prove Microsoft's involvement and then, ONLY THEN do we want them to be squashed like the bugs that they are.
It is obvious to people like you and I but to a person that's security-illiterate it's not something they know. Slashdot caters to every type so it's a good idea to speak to the lowest common denominator for discussions like these. Thinking back to when I was a newbie if I came across a discussion talking about the greatest SunOS config tools like this one I would have gobbled up every piece of information possible. If they didn't dumb it down for me though I probably wouldn't be understand the best recommendations.
Making your coffee, washing your dog, cooking you a 5 course meal, etc... The point is it's bloated beyond repair. What we need to a complete and total rewrite from the ground up. If people want vi to read to the kids and feed their fish then give them that ability through the use of plugins. Don't bloat it for everyone. Damn. And to think we actually complain about Microsoft bloat in Office and Windows. Vi and emacs are worse!
You know, I can't recall the last time I had X running on any of my Linux servers. It would have to be at least as far back as 1999. At least. I do everything with the CLI. I don't count ncurses environments as GUIs either thought I know some really odd ducks that do (never understood that train of thought). CLI is the only way to go. Learn to use that; then you can pretty tools.
Unless your rpm command is compromised and replaced with one that either a) ignored dbpath or b) forces it to just the one in /var. They do it with ps and netstat all the time. No reason they couldn't just as easily do it to rpm. The trick is to put all binaries you need to validate your system on the read-only medium with the necessary data files.