TLUG spam
Michael Kennedy
michael-FlpYSvOe4ac6W4JZGn+SJw at public.gmane.org
Thu Sep 13 22:23:15 UTC 2007
Another approach would be to invalidate mail coming from list members
that have incorrect full names.... As an example, the ones that are
coming in now are supposedly from 'drew-lxSQFCZeNF4 at public.gmane.org', and 'drew-lxSQFCZeNF4 at public.gmane.org's
usual full name is "Drew Sullivan", so if we see a message coming in
from 'drew-lxSQFCZeNF4 at public.gmane.org' with a name like "Selma Hartley", then that should
raise the 'spamosity' metrics of the message and push it into the
teeth of the filter.
Is that doable?
MK
On 9/13/07, Tyler Aviss <tjaviss-Re5JQEeQqe8AvxtiuMwx3w at public.gmane.org> wrote:
> Hmmm, how many of these are coming up with invalid domains? If that
> was the case, then perhaps we could just ignore mail that comes up
> with a host-not-found for the reverse-DNS?
>
> Of course, that would break mailservers which don't have a proper
> reverse-DNS, but at least there's nothing to say we must require the
> reverse-DNS actually resolves to the @someserver.com of the sender...
>
> Alternately, perhaps it could check against a listing of users that
> are known to have PGP keys (and require such), that would prevent
> spammers from at least using those addresses.
>
> On 9/13/07, CLIFFORD ILKAY <clifford_ilkay-biY6FKoJMRdBDgjK7y7TUQ at public.gmane.org> wrote:
> > Lennart Sorensen wrote:
> > > On Wed, Sep 12, 2007 at 06:13:36PM -0400, Dave Mason wrote:
> > >> Is this the result of TLUG accepting posting from the world? Or is
> > >> someone here running Windows and thier computer is infected? I suspect
> > >> the former based on the only apparently useful header:
> > >>
> > >> X-Originating-IP: 234.239.150.212 by smtp.201.17.187.101; Wed, 12 Sep 2007 17:48:28 -0500
> > >>
> > >> For those IPs I get:
> > >> ; host 234.239.150.212
> > >> Host 212.150.239.234.in-addr.arpa not found: 3(NXDOMAIN)
> > >> ; host 201.17.187.101
> > >> 101.187.17.201.in-addr.arpa domain name pointer c911bb65.bhz.virtua.com.br.
> > >>
> > >> Can we make the list so only people on the list can email to the list? Please???
> > >
> > > I think someone discovered that drew-lxSQFCZeNF4 at public.gmane.org as your From: address will
> > > allow posting anything you want to the mailing list. Perhaps the mail
> > > server should be more picky about where it thinks drew can send mail
> > > from. On the other hand the mailing list is expecting to receive
> > > incoming mail from subscribers (which i am sure drew-lxSQFCZeNF4 at public.gmane.org is), and
> > > forward it to all members of the list.
> > >
> > > So simply messages sent with a fake From: address which the mailing list
> > > accepts.
> > >
> > > Any spammer that uses a forged from address of any subscriner to the
> > > list would be able to do what this spammer is doing, and I am not sure
> > > what you can do about it.
> >
> > Is there is a way to configure a list server to accept only PGP signed
> > messages? That way, even if someone spoofs the email address of a
> > subscriber, it would not do him any good unless he also has the PGP key
> > of the subscriber.
> > --
> > Regards,
> >
> > Clifford Ilkay
> > Dinamis Corporation
> > 1419-3266 Yonge St.
> > Toronto, ON
> > Canada M4N 3P6
> >
> > <http://dinamis.com>
> > +1 416-410-3326
> > --
> > The Toronto Linux Users Group. Meetings: http://gtalug.org/
> > TLUG requests: Linux topics, No HTML, wrap text below 80 columns
> > How to UNSUBSCRIBE: http://gtalug.org/wiki/Mailing_lists
> >
> --
> The Toronto Linux Users Group. Meetings: http://gtalug.org/
> TLUG requests: Linux topics, No HTML, wrap text below 80 columns
> How to UNSUBSCRIBE: http://gtalug.org/wiki/Mailing_lists
>
--
The Toronto Linux Users Group. Meetings: http://gtalug.org/
TLUG requests: Linux topics, No HTML, wrap text below 80 columns
How to UNSUBSCRIBE: http://gtalug.org/wiki/Mailing_lists
More information about the Legacy
mailing list