Seeking help on anti-spam project - Security

This is a discussion on Seeking help on anti-spam project - Security ; The project I'm writing about ( www.wpbl.info ) is totally non commercial. It has now been operating for 3 years, already with the help of some of you! WPBL is a real time list of IP addresses that are currently ...

+ Reply to Thread
Page 1 of 2 1 2 LastLast
Results 1 to 20 of 22

Thread: Seeking help on anti-spam project

  1. Seeking help on anti-spam project

    The project I'm writing about (www.wpbl.info) is totally non commercial. It
    has now been operating for 3 years, already with the help of some of you!

    WPBL is a real time list of IP addresses that are currently sending us spam
    (a lot like the CBL project). The list is dynamic and hosts around the
    world ranging from small servers to very major ISPs want to query our
    database. The challenge is serving this list with limited resources

    I recently set up a DNSBL service, which uses (simplified) DNS software to
    answer queries. Our existing 3 nameservers answer about 130,000 queries per
    day in total but the load is guaranteed to rise. So I am seeking your help!
    This is a perfect place for co-operation, as in parallel we could serve a
    tremendous load even from relatively weak hosts. You would need:

    - Static IP (DHCP that lasts a month is ok) on a Linux/UNIX host you run
    - Will only use 10 MB/day total data transfer! Trivial bandwidth.
    - You're in a pool (ns1, ns2, ns3, ...) so downtime is ok
    - Open source rbldnsd software, safe, solid, very efficient DNSBL server
    (used by many ISPs, runs chroot, reduced privileges)
    - The software uses < 1 MB of RAM, nil CPU
    - You would have to rsync to me every 30 minutes, transfers < 20 KB each
    - Easy to setup and revoke your involvement at any time!

    Since rbldnsd sits on port 53, you can not do this if you already run BIND
    or djbdns.

    If you have a host from which you could serve UDP port 53 (DNS) lookups,
    please let me know or reply in the group so I can contact you. Resource
    demands on your node are practically nil for the forseeable future.

    - Jem
    feedback at wpbl dot info

  2. Re: Seeking help on anti-spam project

    ["Followup-To:" header set to comp.os.linux.security.]
    On Fri, 01 Dec 2006 13:33:23 -0600, Jem Berkes wrote:
    > The project I'm writing about (www.wpbl.info) is totally non commercial. It
    > has now been operating for 3 years, already with the help of some of you!
    >
    > WPBL is a real time list of IP addresses that are currently sending us spam
    > (a lot like the CBL project). The list is dynamic and hosts around the
    > world ranging from small servers to very major ISPs want to query our
    > database. The challenge is serving this list with limited resources


    Are you sure you want to get into this business? How will
    your list improve upon those many lists already available
    through the spam-check function at www.dnsstuff.com?

    --
    To email me, substitute nowhere->spamcop, invalid->net.

  3. Re: Seeking help on anti-spam project

    >> The project I'm writing about (www.wpbl.info) is totally non
    >> commercial. It has now been operating for 3 years, already with the
    >> help of some of you!
    >>
    >> WPBL is a real time list of IP addresses that are currently sending
    >> us spam (a lot like the CBL project). The list is dynamic and hosts
    >> around the world ranging from small servers to very major ISPs want
    >> to query our database. The challenge is serving this list with
    >> limited resources

    >
    > Are you sure you want to get into this business? How will
    > your list improve upon those many lists already available
    > through the spam-check function at www.dnsstuff.com?


    First of all, it isn't a business.

    Second, WPBL has been on the dnsstuff.com list for years now.

    If you don't need to use it, don't.

  4. Re: Seeking help on anti-spam project

    >Are you sure you want to get into this business? How will
    >your list improve upon those many lists already available
    >through the spam-check function at www.dnsstuff.com?


    There are several reasons why it's good to have new block
    lists on the net.

    Redundancy is good. Diversity is good too.

    It's an alternate view. A small list might notice a bad
    guy before the big lists get hit. Or maybe if the spammer
    is trying to fly under the radar, they will get noticed by
    one of the small lists when they don't hit any of the spamtraps
    run by the big lists because the spammer is good at listwashing.

    --
    These are my opinions, not necessarily my employer's. I hate spam.


  5. Re: Seeking help on anti-spam project

    On comp.mail.misc, in
    , "Jem Berkes"
    wrote:

    Another blacklisting of IPs project.

    > The project I'm writing about (www.wpbl.info) is totally non
    > commercial. It has now been operating for 3 years, already with
    > the help of some of you!
    >
    > WPBL is a real time list of IP addresses that are currently
    > sending us spam (a lot like the CBL project). The list is
    > dynamic and hosts around the world ranging from small servers
    > to very major ISPs want to query our database. The challenge is
    > serving this list with limited resources


    So some spammer finds a way to use someone's server/computer and
    they get blocklisted and suddenly they and maybe their clients
    won't be able to send mail to anyone.

    Or the IP addresses on the spam may be _forged_.

    This is a lazy, crude, and unfair approach to fighting spam.

    It assumes that everyone who is sending or relaying spam is doing
    it willfully.

    Even if you notified the server/computer that the spam was coming
    from or being relayed through, (and I saw no mention of this in
    your article) and they fixed the problem in a jiff, there is no
    guarantee that everyone would update their blocklist in a timely
    fashion, if ever. And that IP-domain would have its reputation
    tarnished.

    The ISPs facilitate spam. There's no doubt about that. And you
    can't beat them at their own game. They control the nameservers
    in most ways and the gateways and routers and mailservers, either
    directly or by setting policy.

    The only solution is for the individual to say no to spam and
    use a version of Challenge-Response system.

    http://home.earthlink.net/~alanconnor/cr.html

    But most people don't really want to get rid of spam. They just
    _say_ they do. They think they are going to get lucky. They read
    spam and enough of them go to the websites in the spam and enough
    of them buy stuff to make it profitable.

    And spammers are good customers for the ISPs. They buy a lot
    of accounts. And the companies they are spamming for buy a lot
    of accounts.

    I repeat: You either take care of the problem yourself or you
    won't ever get rid of spam.

    No solution like this will work. No traditional spam filter
    will work. The ISPs aren't going to fix it.

    I don't get any spam. And no stinking troll can send mail to me.

    Anyone who whines about having to take a couple of simple steps
    once in a lifetime to contact me is a punk that I don't want to
    know.

    Alan

    --
    http://home.earthlink.net/~alanconnor

  6. Re: [kook] Re: Seeking help on anti-spam project

    Thanks for your kookfart, Beavis.

    --

    Info about "Alan Connor"

    Alan "The Usenet Beavis" Connor is a good friend of Bigfoot:
    http://tinyurl.com/23r3f

    A couple of years ago he was kidnapped and raped by Xena,
    the Warrior Princess: http://tinyurl.com/2gjcy

    Beavis believes that the MSBlast virus of yesteryear was explicitly
    targeting him, for some inexplicable reason: http://tinyurl.com/ifrt

    Beavis belongs to a UFO cult: http://tinyurl.com/2hhdx
    Beavis's life in a UFO cult: http://tinyurl.com/24jqm
    Beavis knows all about network security: http://tinyurl.com/5qqb6
    And he's also a search engine expert: http://tinyurl.com/9pjnt


    <1164724734.389844@nnrp2.phx1.gblx.net>
    "But if you must know, Alans' name is Bruce Burhans, and he lives in
    Bellingham WA. To his hippie friends he calls himself "Tom Littlefoot"
    **Google Tom Littlefoot, Bruce Burhans and "Wildwood"**.

    Bruce has some serious mental problems and spends a lot of time as an
    in-patient at the big mental hospital in Bellingham, when he's not
    hospitalized, he posts to usenet. In every group he posts to he comes off as
    some sort of expert in the subject at hand, and when anyone disagrees (and
    they will, he sees to that) he starts in on his trollery.

    Again, Bruce is a true Professional Usenet Troll. It is his entertainment
    and it's what he lives for."


    http://www.pearlgates.net/nanae/kooks/ac/fga.shtml
    http://groups.google.com/groups/prof...-MEqh3HQ&hl=en
    http://www.pearlgates.net/nanae/kooks/ac/
    http://linuxmafia.com/faq/Mail/challenge-response.html
    http://www.spamcop.net/fom-serve/cache/329.html#CR
    http://www.gatago.com/authors_pgs/13650.html
    http://blog.bananasplit.info/?p=84
    http://tinyurl.com/ifrt
    http://tinyurl.com/3h6a5
    http://tinyurl.com/ys6z4

    Also in the headers for alan to read.

  7. Re: Seeking help on anti-spam project

    On comp.mail.misc, in ,
    "Alan Connor" wrote:

    > On comp.mail.misc, in
    >, "Jem Berkes"
    >wrote:
    >
    > Another blacklisting of IPs project.
    >
    >> The project I'm writing about (www.wpbl.info) is totally non
    >> commercial. It has now been operating for 3 years, already
    >> with the help of some of you!


    One of the biggest faults of projects like this is that the
    spammers can access the blocklist as easily as anyone else.

    Oh. That one is blocklisted so I'll use another one. Let's
    see, I have millions to choose from....

    Alan

    --
    http://home.earthlink.net/~alanconnor/cr.html

  8. Re: [kook] Re: Seeking help on anti-spam project

    Thanks for your kookfart, Beavis.

    --

    Info about "Alan Connor"

    Alan "The Usenet Beavis" Connor is a good friend of Bigfoot:
    http://tinyurl.com/23r3f

    A couple of years ago he was kidnapped and raped by Xena,
    the Warrior Princess: http://tinyurl.com/2gjcy

    Beavis believes that the MSBlast virus of yesteryear was explicitly
    targeting him, for some inexplicable reason: http://tinyurl.com/ifrt

    Beavis belongs to a UFO cult: http://tinyurl.com/2hhdx
    Beavis's life in a UFO cult: http://tinyurl.com/24jqm
    Beavis knows all about network security: http://tinyurl.com/5qqb6
    And he's also a search engine expert: http://tinyurl.com/9pjnt


    <1164724734.389844@nnrp2.phx1.gblx.net>
    "But if you must know, Alans' name is Bruce Burhans, and he lives in
    Bellingham WA. To his hippie friends he calls himself "Tom Littlefoot"
    **Google Tom Littlefoot, Bruce Burhans and "Wildwood"**.

    Bruce has some serious mental problems and spends a lot of time as an
    in-patient at the big mental hospital in Bellingham, when he's not
    hospitalized, he posts to usenet. In every group he posts to he comes off as
    some sort of expert in the subject at hand, and when anyone disagrees (and
    they will, he sees to that) he starts in on his trollery.

    Again, Bruce is a true Professional Usenet Troll. It is his entertainment
    and it's what he lives for."


    http://www.pearlgates.net/nanae/kooks/ac/fga.shtml
    http://groups.google.com/groups/prof...-MEqh3HQ&hl=en
    http://www.pearlgates.net/nanae/kooks/ac/
    http://linuxmafia.com/faq/Mail/challenge-response.html
    http://www.spamcop.net/fom-serve/cache/329.html#CR
    http://www.gatago.com/authors_pgs/13650.html
    http://blog.bananasplit.info/?p=84
    http://tinyurl.com/ifrt
    http://tinyurl.com/3h6a5
    http://tinyurl.com/ys6z4

    Also in the headers for alan to read.

  9. Re: Seeking help on anti-spam project

    > So some spammer finds a way to use someone's server/computer and
    > they get blocklisted and suddenly they and maybe their clients
    > won't be able to send mail to anyone.


    If individual IP addresses are blocked, the collateral is very minimal.
    If a PC is compromised (virus, zombie, etc.) it is a source of internet
    wide abuse and there are many admins who would legitimately block it.

    The one situation I am unhappy about is when some bad apples relay mail
    through the ISP's server and it looks like the ISP's mail server is a
    spam source. I try very hard to fix that problem, but it's a downside.

    > Or the IP addresses on the spam may be _forged_.


    No, not on modern TCP stacks (which thwart sequence attacks). SMTP
    requires a two way conversation so if the data is flowing back to the
    other IP, it is not forged. If the IP was fake then the two way
    conversation is impossible. When you receive a TCP connection from an IP
    address, that is the real IP address you are talking with ... and those
    are the IPs we use. The crap in the headers is often added to confuse,
    though the real IP address is in there too if you look in the right spot.

    > It assumes that everyone who is sending or relaying spam is doing
    > it willfully.


    If your PC is compromised by a virus, relaying spam, or severely
    misconfigured and flooding networks, your host is responsible for abuse
    and your host will be seen unfavourably by others. What is unfair about
    this? A community frowns upon a member (host) acting irresponsibly.

    > Even if you notified the server/computer that the spam was coming
    > from or being relayed through, (and I saw no mention of this in
    > your article) and they fixed the problem in a jiff, there is no
    > guarantee that everyone would update their blocklist in a timely
    > fashion, if ever. And that IP-domain would have its reputation
    > tarnished.


    Alan, I don't think you're a bad guy by any means. But I am not running
    after the hundreds of thousands of hosts who spam me daily, asking them
    politely to fix their problems. They may be malicious, they may be not, I
    really DO NOT CARE. Most of the IP addresses that spam me are bots,
    zombies, running custom spamming/flooding software. They operate in
    distributed networks, remote controlled, on stolen resources.

    I am just listing the IP addresses which send me and my members spam,
    nothing more, nothing less.

    I am not telling anyone to block those IPs. I'm not claiming these are
    bad people. I am not making a statement about their business practices or
    motivations, or religion. All I am saying is: THIS IP SENT ME SPAM.

    --
    Jem Berkes
    www.sysdesign.ca

  10. Re: Seeking help on anti-spam project

    On comp.mail.misc, in
    , "Jem Berkes"
    wrote:

    >> So some spammer finds a way to use someone's server/computer
    >> and they get blocklisted and suddenly they and maybe their
    >> clients won't be able to send mail to anyone.

    >
    > If individual IP addresses are blocked, the collateral is very
    > minimal. If a PC is compromised (virus, zombie, etc.) it is
    > a source of internet wide abuse and there are many admins who
    > would legitimately block it.


    The owner of the computer should be notified first and given
    a chance to fix the problem.

    > The one situation I am unhappy about is when some bad apples
    > relay mail through the ISP's server and it looks like the ISP's
    > mail server is a spam source. I try very hard to fix that
    > problem, but it's a downside.


    Indeed.

    >
    >> Or the IP addresses on the spam may be _forged_.

    >
    > No, not on modern TCP stacks (which thwart sequence
    > attacks). SMTP requires a two way conversation so if the data
    > is flowing back to the other IP, it is not forged.


    > If the IP was fake then the two way conversation is
    > impossible. When you receive a TCP connection from an IP
    > address, that is the real IP address you are talking with ...
    > and those are the IPs we use. The crap in the headers is often
    > added to confuse, though the real IP address is in there too if
    > you look in the right spot.


    There could be a proxy between the two, re-writing the
    IP to make it look as if it came from the proxy. It would
    only be forwarding in two directions.

    >> It assumes that everyone who is sending or relaying spam is
    >> doing it willfully.

    >
    > If your PC is compromised by a virus, relaying spam, or
    > severely misconfigured and flooding networks, your host is
    > responsible for abuse and your host will be seen unfavourably
    > by others. What is unfair about this? A community frowns upon a
    > member (host) acting irresponsibly.


    Sure. But again, that person should be notified before
    blocklisting.

    >> Even if you notified the server/computer that the spam was
    >> coming from or being relayed through, (and I saw no mention
    >> of this in your article) and they fixed the problem in a
    >> jiff, there is no guarantee that everyone would update their
    >> blocklist in a timely fashion, if ever. And that IP-domain
    >> would have its reputation tarnished.

    >
    > Alan, I don't think you're a bad guy by any means.


    Thanks for that, Jem.

    > But I am not running after the hundreds of thousands of
    > hosts who spam me daily, asking them politely to fix their
    > problems.


    That many?!

    Holy _____!!

    > They may be malicious, they may be not, I really
    > DO NOT CARE. Most of the IP addresses that spam me are bots,
    > zombies, running custom spamming/flooding software. They
    > operate in distributed networks, remote controlled, on stolen
    > resources.


    That's my understanding. I don't bother trying track them down
    myself, actually. If it's spam it gets dumped.

    I've done the basic host and whois checks on a couple of spams
    and sent complaints to the domains and received no responses.

    > I am just listing the IP addresses which send me and my members
    > spam, nothing more, nothing less.


    So it would be a very good idea for _everyone_ to check the
    blocklists for their own IP on a regular basis?

    > I am not telling anyone to block those IPs. I'm not claiming
    > these are bad people. I am not making a statement about their
    > business practices or motivations, or religion. All I am saying
    > is: THIS IP SENT ME SPAM.


    Okay. Thanks for the clarification.

    At least you are trying.

    I'll do it my way. I am actually even harder in this regard
    than you are. Though I don't block by IP/FQDN.

    http://home.earthlink.net/~alanconnor/cr.html

    ---------------------------------------------------------

    Now you could do me a big favor and explain how it is that
    spam can arrive in my box without my address in any of the
    addressing headers. I have been _told_ that there isn't a
    long list of addresses in the Bcc header.


    Alan



  11. Re: [kook] Re: Seeking help on anti-spam project

    Thanks for your kookfart, Beavis.

    --

    Info about "Alan Connor"

    Alan "The Usenet Beavis" Connor is a good friend of Bigfoot:
    http://tinyurl.com/23r3f

    A couple of years ago he was kidnapped and raped by Xena,
    the Warrior Princess: http://tinyurl.com/2gjcy

    Beavis believes that the MSBlast virus of yesteryear was explicitly
    targeting him, for some inexplicable reason: http://tinyurl.com/ifrt

    Beavis belongs to a UFO cult: http://tinyurl.com/2hhdx
    Beavis's life in a UFO cult: http://tinyurl.com/24jqm
    Beavis knows all about network security: http://tinyurl.com/5qqb6
    And he's also a search engine expert: http://tinyurl.com/9pjnt


    <1164724734.389844@nnrp2.phx1.gblx.net>
    "But if you must know, Alans' name is Bruce Burhans, and he lives in
    Bellingham WA. To his hippie friends he calls himself "Tom Littlefoot"
    **Google Tom Littlefoot, Bruce Burhans and "Wildwood"**.

    Bruce has some serious mental problems and spends a lot of time as an
    in-patient at the big mental hospital in Bellingham, when he's not
    hospitalized, he posts to usenet. In every group he posts to he comes off as
    some sort of expert in the subject at hand, and when anyone disagrees (and
    they will, he sees to that) he starts in on his trollery.

    Again, Bruce is a true Professional Usenet Troll. It is his entertainment
    and it's what he lives for."


    http://www.pearlgates.net/nanae/kooks/ac/fga.shtml
    http://groups.google.com/groups/prof...-MEqh3HQ&hl=en
    http://www.pearlgates.net/nanae/kooks/ac/
    http://linuxmafia.com/faq/Mail/challenge-response.html
    http://www.spamcop.net/fom-serve/cache/329.html#CR
    http://www.gatago.com/authors_pgs/13650.html
    http://blog.bananasplit.info/?p=84
    http://tinyurl.com/ifrt
    http://tinyurl.com/3h6a5
    http://tinyurl.com/ys6z4

    Also in the headers for alan to read.

  12. Re: Seeking help on anti-Beavis project

    Usenet Beavis writes:

    > Another Beavis-slapping project.


    Yup.

    > So I get desperate because nobody's paying attention to me, and I
    > go back to Usenet to post my kookfarts.


    Indeed, that's what appears to be happening here.

    Where have you been for the last two weeks, Beavis? We missed you.

    > I'm just a stupid Beavis, and an unfair waste of perfectly good oxygen.


    I wouldn't go that far.

    > You can assume that everything I say is wrong.


    That's a safe bet.

    > Even if you did not know that I'm Usenet's laughing stock, and I never
    > have even the slightest clue as to what I'm babbling about, it should
    > become clear before long.


    Right.

    > The Beavis posts kookfarts. There's no doubt about that. And you
    > can't beat me with sheer quantity.


    It's not the quantity, Beavis, it's the quality.

    > One of the way to keeps smacking my bitch up, and make me go cuckoo
    > is to post a link to the Beavis FAQ
    >
    > http://www.pearlgates.net/nanae/kooks/ac/


    Taken care of.

    > But most people already know that I'm a first-class kookbag.


    Yes, they do.

    > I repeat: You must always point your fingers at me, and laugh.


    Good advice.

    > I don't have any brains. And everyone laughs at me.


    Right.

    > Anyone who tries to have an intelligent conversation with me
    > always lives to regret it.


    Hi, Beavis.

    > Beavis
    >
    > --
    > http://tinyurl.com/23r3f



    -----BEGIN PGP SIGNATURE-----
    Version: GnuPG v1.4.5 (GNU/Linux)

    iD8DBQBFcZk9x9p3GYHlUOIRAsgpAJ9XWS9FedDVNFy+biv+wI d6jN7QXgCfR14m
    p1Czf0n9vyuhYkGFN73+lzY=
    =Ydrd
    -----END PGP SIGNATURE-----


  13. Re: Seeking help on anti-Beavis project

    Usenet Beavis writes:

    > On comp.mail.misc, in ,
    > "Usenet Beavis" wrote:


    Beavis, you'll go blind if you keep doing this.

    > One of the biggest reasons why I'm Usenet's laughing stock is
    > because I was dropped on my head, as a child.


    You poor thing.

    > Oh, and please continue smacking me upside the head, all the time.
    > It really works.


    I know.

    > Beavis
    >
    > --
    > http://tinyurl.com/23r3f



    -----BEGIN PGP SIGNATURE-----
    Version: GnuPG v1.4.5 (GNU/Linux)

    iD8DBQBFcZlXx9p3GYHlUOIRAmD8AJ9Undcs2EsN/pe1THnyhUsQ0JgvbQCeL8pG
    TMUVUB2C0qNq6n9e56NurI0=
    =UQSs
    -----END PGP SIGNATURE-----


  14. Re: Seeking help on anti-Beavis project

    Usenet Beavis writes:

    > Please ignore everything I post on this topic. I'm just a Beavis, and
    > I'm only pretending that I know what I'm talking about.


    Yes, you do.

    >> If the IP was fake then the two way conversation is
    >> impossible. When you receive a TCP connection from an IP
    >> address, that is the real IP address you are talking with ...
    >> and those are the IPs we use. The crap in the headers is often
    >> added to confuse, though the real IP address is in there too if
    >> you look in the right spot.

    >
    > There could be a proxy between the two, re-writing the
    > IP to make it look as if it came from the proxy. Not that I really
    > understand what a proxy is. Mentioning something about a proxy makes
    > me look smart, which I'm not.


    Right.

    >> If your PC is compromised by a virus, relaying spam, or
    >> severely misconfigured and flooding networks, your host is
    >> responsible for abuse and your host will be seen unfavourably
    >> by others. What is unfair about this? A community frowns upon a
    >> member (host) acting irresponsibly.

    >
    > Sure. But again, that person should be notified before
    > blocklisting. That's what Bigfoot told me is the right thing to do.


    Speaking of ol' Sasquatch, what has he been up to, lately?

    >> Alan, I don't think you're a bad guy by any means.

    >
    > Thanks for that, Jem. I'm not a bad guy, I'm just stupid.


    It's not your fault, Beavis. Blame the society.

    >> They may be malicious, they may be not, I really
    >> DO NOT CARE. Most of the IP addresses that spam me are bots,
    >> zombies, running custom spamming/flooding software. They
    >> operate in distributed networks, remote controlled, on stolen
    >> resources.

    >
    > That's my understanding. Of course, keep in mind that whatever
    > my understanding is, on any technical subject, the correct
    > answer always lies 180 degrees to the opposite.


    That's a very good rule of thumb to follow.

    > I've done the basic host and whois checks on a couple of spams
    > and sent complaints to the domains and received no responses.


    That's because you don't know what you were doing. You still can't figure
    out Earthlink's wildcard DNS entry.

    > So it would be a very good idea for _everyone_ to smack me
    > upside the head on a regular basis?


    Yup.

    > Okay. Thanks for the clarification.
    >
    > At least you are trying to help a Beavis.


    It's a thankless task. No way I'd do it.

    > I'll do it my way. Because I'm a kookbag, that's why.
    >
    > http://www.pearlgates.net/nanae/kooks/ac/


    We know.

    > Now you could do me a big favor and explain how it is that
    > spam can arrive in my box without my address in any of the
    > addressing headers. I have been _told_ that there isn't a
    > long list of addresses in the Bcc header.


    Beavis, the E-mail expert.

    > Beavis




    -----BEGIN PGP SIGNATURE-----
    Version: GnuPG v1.4.5 (GNU/Linux)

    iD8DBQBFcZlkx9p3GYHlUOIRAo4TAJoD0KNhYPHNCP1DMkREyP YxcjNhqACfZUFP
    K+yBeZAvN71Gnz4QrAtwevg=
    =BwXQ
    -----END PGP SIGNATURE-----


  15. Re: Seeking help on anti-spam project

    On Sat, 2 Dec 2006, Jem Berkes wrote:

    JB>
    JB> The one situation I am unhappy about is when some bad apples relay mail
    JB> through the ISP's server and it looks like the ISP's mail server is a
    JB> spam source. I try very hard to fix that problem, but it's a downside.
    JB>

    I used to use a mail forwarder. This works by, for instance, mail to
    sardines@purse-seine.net being forwarded to my mail box at big mail
    provider such as hotmail.

    So the mail forwarder is forwarding everything, just as their customers
    have requested. Including spam. Just as their customers have requested.
    So what happens? The mail forwarders ip addresses are blacklisted as
    sources of spam by the inept, big mailbox providers.

    Please make sure you know what you are doing otherwise you become part of
    the problem rather than the solution.

    --
    Alan

    ( If replying by mail, please note that all "sardines" are canned.
    There is also a password autoresponder but, unless this a very
    old message, a "tuna" will swim right through. )


  16. Re: Seeking help on anti-spam project

    > I used to use a mail forwarder. This works by, for instance, mail to
    > sardines@purse-seine.net being forwarded to my mail box at big mail
    > provider such as hotmail.
    >
    > So the mail forwarder is forwarding everything, just as their
    > customers have requested. Including spam. Just as their customers
    > have requested. So what happens? The mail forwarders ip addresses are
    > blacklisted as sources of spam by the inept, big mailbox providers.
    >
    > Please make sure you know what you are doing otherwise you become part
    > of the problem rather than the solution.


    I understand what you are saying. One of the services that taught me this
    lesson was the bigfoot.com forwarder. Now I'm always on the lookout for an
    IP address that appears to be the 'source' of many sightings.

    --
    Jem Berkes
    www.sysdesign.ca

  17. Re: Seeking help on anti-spam project

    On Sat, 02 Dec 2006 08:52:07 GMT, Alan Connor
    wrote:

    >On comp.mail.misc, in
    >, "Jem Berkes"
    >wrote:
    >
    >>> So some spammer finds a way to use someone's server/computer
    >>> and they get blocklisted and suddenly they and maybe their
    >>> clients won't be able to send mail to anyone.

    >>
    >> If individual IP addresses are blocked, the collateral is very
    >> minimal. If a PC is compromised (virus, zombie, etc.) it is
    >> a source of internet wide abuse and there are many admins who
    >> would legitimately block it.

    >
    >The owner of the computer should be notified first and given
    >a chance to fix the problem.


    How would you do that?

    >> The one situation I am unhappy about is when some bad apples
    >> relay mail through the ISP's server and it looks like the ISP's
    >> mail server is a spam source. I try very hard to fix that
    >> problem, but it's a downside.

    >
    >Indeed.
    >
    >>
    >>> Or the IP addresses on the spam may be _forged_.

    >>
    >> No, not on modern TCP stacks (which thwart sequence
    >> attacks). SMTP requires a two way conversation so if the data
    >> is flowing back to the other IP, it is not forged.

    >
    >> If the IP was fake then the two way conversation is
    >> impossible. When you receive a TCP connection from an IP
    >> address, that is the real IP address you are talking with ...
    >> and those are the IPs we use. The crap in the headers is often
    >> added to confuse, though the real IP address is in there too if
    >> you look in the right spot.

    >
    >There could be a proxy between the two, re-writing the
    >IP to make it look as if it came from the proxy. It would
    >only be forwarding in two directions.


    Only two directions? Heh. Hey, Beavis, the packets *would* be coming
    from the proxy, "re-writing" makes no sense in this context.

    >>> It assumes that everyone who is sending or relaying spam is
    >>> doing it willfully.

    >>
    >> If your PC is compromised by a virus, relaying spam, or
    >> severely misconfigured and flooding networks, your host is
    >> responsible for abuse and your host will be seen unfavourably
    >> by others. What is unfair about this? A community frowns upon a
    >> member (host) acting irresponsibly.

    >
    >Sure. But again, that person should be notified before
    >blocklisting.


    Again, how would you do that? Use the Microsoft Messenger that so many
    spammers like to use? There's no way for a third party to notify the
    owner of a spam zombie, and there's no reason to coutinue to accept spam
    from one of the millions of spam zombies prior to notifying them of their
    problem even if there was a way to notify them.

    >>> Even if you notified the server/computer that the spam was
    >>> coming from or being relayed through, (and I saw no mention
    >>> of this in your article) and they fixed the problem in a
    >>> jiff, there is no guarantee that everyone would update their
    >>> blocklist in a timely fashion, if ever. And that IP-domain
    >>> would have its reputation tarnished.

    >>
    >> Alan, I don't think you're a bad guy by any means.


    Alan is a crazy dingbat. He's also a "bad guy" in the sense that he's
    an abusive asshole.

    >Thanks for that, Jem.
    >
    >> But I am not running after the hundreds of thousands of
    >> hosts who spam me daily, asking them politely to fix their
    >> problems.

    >
    >That many?!
    >
    >Holy _____!!


    Beavis, there are hundreds of thousands of new spam zombies entering
    service every day.

    >> They may be malicious, they may be not, I really
    >> DO NOT CARE. Most of the IP addresses that spam me are bots,
    >> zombies, running custom spamming/flooding software. They
    >> operate in distributed networks, remote controlled, on stolen
    >> resources.

    >
    >That's my understanding. I don't bother trying track them down
    >myself, actually. If it's spam it gets dumped.
    >
    >I've done the basic host and whois checks on a couple of spams
    >and sent complaints to the domains and received no responses.


    Based on the 'net competence you've demonstrated, you probably sent
    your reports to the spammers themselves.

    >> I am just listing the IP addresses which send me and my members
    >> spam, nothing more, nothing less.

    >
    >So it would be a very good idea for _everyone_ to check the
    >blocklists for their own IP on a regular basis?


    Yeah, you chould check your IP address. It's on many blocklists.

    >> I am not telling anyone to block those IPs. I'm not claiming
    >> these are bad people. I am not making a statement about their
    >> business practices or motivations, or religion. All I am saying
    >> is: THIS IP SENT ME SPAM.

    >
    >Okay. Thanks for the clarification.
    >
    >At least you are trying.
    >
    >I'll do it my way. I am actually even harder in this regard
    >than you are. Though I don't block by IP/FQDN.
    >
    >http://home.earthlink.net/~alanconnor/cr.html
    >
    >---------------------------------------------------------
    >
    >Now you could do me a big favor and explain how it is that
    >spam can arrive in my box without my address in any of the
    >addressing headers. I have been _told_ that there isn't a
    >long list of addresses in the Bcc header.


    Ah, what a great ending to a Beavis post. After blabbing a bunch of
    bull**** he admits that he doesn't even understand how email works.
    That's just perfect. :-)

    --
    Steve Baker

  18. Re: Seeking help on anti-spam project

    On Sat, 02 Dec 2006 11:22:30 -0600, Jem Berkes wrote:

    >> I used to use a mail forwarder. This works by, for instance, mail to
    >> sardines@purse-seine.net being forwarded to my mail box at big mail
    >> provider such as hotmail.
    >>
    >> So the mail forwarder is forwarding everything, just as their
    >> customers have requested. Including spam. Just as their customers
    >> have requested. So what happens? The mail forwarders ip addresses are
    >> blacklisted as sources of spam by the inept, big mailbox providers.
    >>
    >> Please make sure you know what you are doing otherwise you become part
    >> of the problem rather than the solution.

    >
    >I understand what you are saying. One of the services that taught me this
    >lesson was the bigfoot.com forwarder. Now I'm always on the lookout for an
    >IP address that appears to be the 'source' of many sightings.


    As I understand it the bigfoot.com forwarder would also be a source of
    non-spam and thus would likely not end up in the blacklist.

    --
    Peter Peters, senior netwerkbeheerder
    Dienst Informatietechnologie, Bibliotheek en Educatie (ITBE)
    Universiteit Twente, Postbus 217, 7500 AE Enschede
    telefoon: 053 - 489 2301, fax: 053 - 489 2383, http://www.utwente.nl/itbe

  19. Re: Seeking help on anti-spam project

    >>I understand what you are saying. One of the services that taught me
    >>this lesson was the bigfoot.com forwarder. Now I'm always on the
    >>lookout for an IP address that appears to be the 'source' of many
    >>sightings.

    >
    > As I understand it the bigfoot.com forwarder would also be a source of
    > non-spam and thus would likely not end up in the blacklist.


    That's right (ideally) except the address was so old, late 1990s, it became
    a source of pure spam.

    --
    Jem Berkes
    www.sysdesign.ca

  20. Re: Seeking help on anti-spam project

    ["Followup-To:" header set to comp.os.linux.security.]
    On 2006-12-03, Steve Baker wrote:

    > On Sat, 02 Dec 2006 08:52:07 GMT, Alan Connor
    > wrote:
    >>
    >>Now you could do me a big favor and explain how it is that
    >>spam can arrive in my box without my address in any of the
    >>addressing headers. I have been _told_ that there isn't a
    >>long list of addresses in the Bcc header.


    > Ah, what a great ending to a Beavis post. After blabbing a bunch of
    > bull**** he admits that he doesn't even understand how email works.
    > That's just perfect. :-)


    Now, isn't Alan the guy who's been promoting the undefeatable and
    perfectly effective challenge/response method fighting spam? Is this an
    admission that C/R doesn't work even for him?

    --

    John (john@os2.dhs.org)

+ Reply to Thread
Page 1 of 2 1 2 LastLast