From owner-freebsd-questions@FreeBSD.ORG Thu Aug 23 23:19:32 2007 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 4ED9C16A41A for ; Thu, 23 Aug 2007 23:19:32 +0000 (UTC) (envelope-from kline@tao.thought.org) Received: from tao.thought.org (dsl231-043-140.sea1.dsl.speakeasy.net [216.231.43.140]) by mx1.freebsd.org (Postfix) with ESMTP id C32B913C4A7 for ; Thu, 23 Aug 2007 23:19:31 +0000 (UTC) (envelope-from kline@tao.thought.org) Received: from tao.thought.org (localhost [127.0.0.1]) by tao.thought.org (8.13.8/8.13.1) with ESMTP id l7NNJJFv047005; Thu, 23 Aug 2007 16:19:24 -0700 (PDT) (envelope-from kline@tao.thought.org) Received: (from kline@localhost) by tao.thought.org (8.13.8/8.13.1/Submit) id l7NNJ67U047004; Thu, 23 Aug 2007 16:19:06 -0700 (PDT) (envelope-from kline) Date: Thu, 23 Aug 2007 16:19:06 -0700 From: Gary Kline To: "Peter N. M. Hansteen" Message-ID: <20070823231906.GA46832@thought.org> References: <87r6lumboh.fsf@thingy.datadok.no> <20070823195015.GA45853@thought.org> <87mywilzxt.fsf@thingy.datadok.no> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <87mywilzxt.fsf@thingy.datadok.no> User-Agent: Mutt/1.4.2.2i X-Organization: Thought Unlimited. Public service Unix since 1986. X-Of_Interest: Observing twenty years of service to the Unix community Cc: Gary Kline , freebsd-questions@freebsd.org Subject: Re: spammers harvesting emaill address from this list X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 23 Aug 2007 23:19:32 -0000 On Thu, Aug 23, 2007 at 11:10:38PM +0200, Peter N. M. Hansteen wrote: > Gary Kline writes: > > > If your user login is "smith", you could have all mailing > > list mail sent to "smitty" and keep an open mutt or other reader > > a click away. Spam could be easily flagged ... . > > Yes, there are several things you could filter on. > > However the traplist activities are really about identifying spam > sending hosts. If a machine we have not exchanged mail with in recent > times tries to deliver mail to something bizarre like > <3c86y7xj60op.fsf@amidala.datadok.no> (which looks like it was actually > based on a GNUS message-ID), the message is either spam or in some > very rare cases a bounce message triggered by an attempt to deliver > spam. I run my sendmail out to a number of filter sites, and have the greylist filtering. /etc/mail/access catches at least several thousand spam messages a day; a tail -f maillog tells me that much. I just snagged your list of IP's and catted|awk'd the bunch into my access list. TY, TY. STILL--and this really makes me angrier than it should--still, I get dozens of spams/day. Would it be possible to filter on both the ^Subject: "A friend has sent you a Greeting card!" as well as the body? HTML or plaintext? As soon as I see one (usually different) spam I know there well be several other similar or identical messages. How difficult would it be to flag spam on "you" "sent" "greeting card", for example? Plus the hundreds of variations on "Are you enough of a man?" and the ones for some kind of pills? Or home loans at 5.1%!!! (*mumble*) > > > I'm bcc'ing this to my account with evolution to check out your > > blog info. I've run into problems with spamd and other suites. > > I would be interested in hearing what the problems were. It's worth noting > that spamd from OpenBSD 4.1 onwards differs in several important ways from > earlier versions. And also, it's important not to confuse this spamd with > the program with the same name out of spamassassin. It's been years since I looked at spamassassin. > 5. Maybe three since I last got into a Snit, :), over this and checked out spamd? It just seemed like at least days of studying, followed by more days of integration. Is there any spamd documentation that follows a cookbook model? Do A, B, C, and you're done! I've found that a couple examples are worth ten thousand words. thanks again, gary > > Cheers, > -- > Peter N. M. Hansteen, member of the first RFC 1149 implementation team > http://bsdly.blogspot.com/ http://www.datadok.no/ http://www.nuug.no/ > "Remember to set the evil bit on all malicious network traffic" > delilah spamd[29949]: 85.152.224.147: disconnected after 42673 seconds. -- Gary Kline kline@thought.org www.thought.org Public Service Unix