Jose Ruffin | 1 May 01:31 2005
Picon

women like big "stuff"


--

-- 
Coco mailing list
Coco@...
http://five.pairlist.net/mailman/listinfo/coco

John E. Malmberg | 1 May 01:34 2005
Picon

Re: Someone might come to complain

John R. Hogerhuis wrote:
> On Fri, 2005-04-29 at 13:39 -0500, Roger Taylor wrote:
> 
>>I've had this problem trying to talk to a few Portal-9 customers to send 
>>them their key.  SPAM filters just plain suck. My own ISP catches a 
>>tremendous amount of real SPAM, which is great, but they also catch real 
>>e-mails and make me have to weed through their report e-mails to see which 
>>e-mails are not junk.  It takes less time to just hit delete on the obvious 
>>junk letters as they come in.

That is just indicating that your ISP has not implemented anything close 
to a state of the art anti-spam system and has just implemented one that 
is close to just being a placebo either because they really do not know 
what the state of the art is or they do not really care.

State of the art is that over 80% of the spam can be detected with no 
false positives from confirmed spam sources before the spam enters the 
mail server.  This was also state of the art well over 5 years ago.

You can get close to 99% with most people seeing no false positives if 
you refuse e-mail from known DHCP assigned addresses in addition to the 
above.

This was also state of the art over 10 years ago.

The above has been state of the art for so long, that it is built into 
just about all commercial mail server software.  All the mail server 
operator needs to do is set the configuration options, and if they are a 
large operation, some of the DNSbl services need compensation for the feed.

(Continue reading)

Dennis Bathory-Kitsz | 1 May 01:54 2005

Re: When the moderator's away

At 04:36 PM 4/30/05 -0700, Jim Cox wrote:
>The spammers will play.
>
>If you notice this email was sent to both Dennis and the 
>list.
>Most likely he needs to tweak something when he gets back
>
>We'll just have to tolerate it for a bit.

I'm here.

I have looked at the message, the headers, and the list rules, and find no
way that explains how this message got through. Hundreds of these are
automatically discarded daily. This address is not subscribed. nor is any
address like it.

Can anyone reading the headers help me figure this out? Does anybody know
mailman software well enough to understand this?

Thanks,
Dennis

--

-- 
Coco mailing list
Coco@...
http://five.pairlist.net/mailman/listinfo/coco

John E. Malmberg | 1 May 02:27 2005
Picon

How did this spam from an open proxy get through a moderated list?

: Original-Received: from unknown (HELO 216.92.131.37) (220.126.249.150)
:	by qs281.pair.com with SMTP; 30 Apr 2005 22:39:12 -0000

Absolute spam indicator when external mail server says helo with the 
I.P. address of the receiving mail server instead of it's name.

A mail server should be configured to just issue an SMTP 550 code to it, 
the message text does not matter since it did not come from

: http://www.spamhaus.org/query/bl?ip=220.126.249.150

This list is also known for zero false positives.

No rDNS at all, is an over 90% indication that the mail is spam.

When a mail server says hello with anything other than it's rDNS name, 
that is suspicious, but allowed by RFC, so I have been told.

I am also told that all servers connected to the internet including mail 
servers are required to have a working rDNS name by RFC.

Looks like a spammer is spoofing that they are coming from a subscribed 
user.  Since gmane munged it, I can not tell which one.

I do not think that this forum has any subscribers in Korea and if they 
are, would not be using an improperly configured mail server that is 
deliberately lying about it's origin, that has been confirmed to be 
sending e-mail to non-existent e-mail addresses.

-John
(Continue reading)

John E. Malmberg | 1 May 03:01 2005
Picon

How did this spam from an open proxy get through a moderated list?


: Original-Received: from unknown (HELO 216.92.131.37) (220.126.249.150)
:	by qs281.pair.com with SMTP; 30 Apr 2005 22:39:12 -0000

Absolute spam indicator when external mail server says helo with the
I.P. address of the receiving mail server instead of it's name.

A mail server should be configured to just issue an SMTP 550 code to it,
the message text does not matter since it did not come from

: http://www.spamhaus.org/query/bl?ip=220.126.249.150

This list is also known for zero false positives.

No rDNS at all, is an over 90% indication that the mail is spam.

When a mail server says hello with anything other than it's rDNS name,
that is suspicious, but allowed by RFC, so I have been told.

I am also told that all servers connected to the internet including mail
servers are required to have a working rDNS name by RFC.

Looks like a spammer is spoofing that they are coming from a subscribed
user.  Since gmane munged it, I can not tell which one.

I do not think that this forum has any subscribers in Korea and if they
are, would not be using an improperly configured mail server that is
deliberately lying about it's origin, that has been confirmed to be
sending e-mail to non-existent e-mail addresses.

(Continue reading)

John R. Hogerhuis | 1 May 04:09 2005
Picon

Re: Re: Someone might come to complain

Pobox is pretty up front about how they deal with spam. You get a list
of all bounces and you can configure some classifications to just hold
the message. I have my redirecting email address through them.

Yes, I guess 'reject' is the right term for what they do, not bounce.

As far as an ISP that will let you run your own MTA, I use Speakeasy
DSL, they explicitly allow servers, they will give you shell account,
mass storage, hosting, etc. If you can get it in your area, it's the
most geek friendly around. They even offer a service where if you want
to share your line out to your neighbors via wireless, they are willing
to handle all the billing for you as long as you do the tech support.
Cool company.

-- John.

--

-- 
Coco mailing list
Coco@...
http://five.pairlist.net/mailman/listinfo/coco

Dennis Bathory-Kitsz | 1 May 03:11 2005

Re: How did this spam from an open proxy get through a moderatedlist?

At 09:01 PM 4/30/05 -0400, John E. Malmberg wrote:
[snip spam stuff]

The spam quality is not important, nor is the origin. It is how it got
through a subscriber-only list where all non-subscribed mail is
automatically rejected without moderation.

>Looks like a spammer is spoofing that they are coming from a subscribed
>user.

Their fake address is not subscribed, and there is no other address in the
headers but mine. Maybe it's a lucky shot with my address (which is snagged
a lot) being joe-jobbed and sent to a whole bunch of mailman lists,
including this one.

I'll send you the full header if you like.

Dennis

--

-- 
Coco mailing list
Coco@...
http://five.pairlist.net/mailman/listinfo/coco

Dennis Bathory-Kitsz | 1 May 02:07 2005

Re: When the moderator's away

At 05:05 PM 4/30/05 -0700, Jim Cox wrote:
>Dennis, you're back?  OK, now I feel like an idiot. :)

Not you. I'm the one who can't figure out the headers on that message.

Looks like somehow they looped my address into the message in a way that
made mailman think it came from me. Still don't see it, though. :(

D

--

-- 
Coco mailing list
Coco@...
http://five.pairlist.net/mailman/listinfo/coco

Jim Cox | 1 May 02:05 2005

Re: When the moderator's away

Dennis, you're back?  OK, now I feel like an idiot. :)

-Jim

On Sat, 30 Apr 2005 19:54:08 -0400
  Dennis Bathory-Kitsz <bathory@...> wrote:
> At 04:36 PM 4/30/05 -0700, Jim Cox wrote:
>>The spammers will play.
>>
>>If you notice this email was sent to both Dennis and the 
>>list.
>>Most likely he needs to tweak something when he gets back
>>
>>We'll just have to tolerate it for a bit.
> 
> I'm here.
> 
> I have looked at the message, the headers, and the list 
>rules, and find no
> way that explains how this message got through. Hundreds 
>of these are
> automatically discarded daily. This address is not 
>subscribed. nor is any
> address like it.
> 
> Can anyone reading the headers help me figure this out? 
>Does anybody know
> mailman software well enough to understand this?
> 
> Thanks,
(Continue reading)

John E. Malmberg | 1 May 03:07 2005
Picon

Re: Someone might come to complain

[I hope this is not a duplicate, it appears that gmane is not accepting 
posts from my Adelphia I.P. at this time.]

John R. Hogerhuis wrote:
> On Fri, 2005-04-29 at 13:39 -0500, Roger Taylor wrote:
> 
>>I've had this problem trying to talk to a few Portal-9 customers to send 
>>them their key.  SPAM filters just plain suck. My own ISP catches a 
>>tremendous amount of real SPAM, which is great, but they also catch real 
>>e-mails and make me have to weed through their report e-mails to see which 
>>e-mails are not junk.  It takes less time to just hit delete on the obvious 
>>junk letters as they come in.

That is just indicating that your ISP has not implemented anything close
to a state of the art anti-spam system and has just implemented one that
is close to just being a placebo either because they really do not know
what the state of the art is or they do not really care.

State of the art is that over 80% of the spam can be detected with no
false positives from confirmed spam sources before the spam enters the
mail server.  This was also state of the art well over 5 years ago.

You can get close to 99% with most people seeing no false positives if
you refuse e-mail from known DHCP assigned addresses in addition to the
above.

This was also state of the art over 10 years ago.

The above has been state of the art for so long, that it is built into
just about all commercial mail server software.  All the mail server
(Continue reading)


Gmane