For those who follow such things [ot]
In the past 36 hours, I have been hit by several dozen 'Undeliverable mail Returned to sender' messages, in response to spam sent out notionally in the name of my domain. Thank you for your contribution, Patrick Shanahan, to placing my email address in plain view on the internet.
Vince Littler wrote:
In the past 36 hours, I have been hit by several dozen 'Undeliverable mail Returned to sender' messages, in response to spam sent out notionally in the name of my domain. Thank you for your contribution, Patrick Shanahan, to placing my email address in plain view on the internet.
By participating in forums/lists such as this you have already done so yourself. Patricks contribution (whatever it might be) is negligible. Several dozen in 36hours isn't too bad. I have a customer that is regularly hit by waves of 100.000/day. /Per Jessen, Zürich
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 The Saturday 2006-04-15 at 20:17 +0200, Per Jessen wrote:
Vince Littler wrote:
In the past 36 hours, I have been hit by several dozen 'Undeliverable mail Returned to sender' messages, in response to spam sent out notionally in the name of my domain. Thank you for your contribution, Patrick Shanahan, to placing my email address in plain view on the internet.
I have got some of those bounces, too. It means people that bounce after accepting the email, which is a no-no.
By participating in forums/lists such as this you have already done so yourself. Patricks contribution (whatever it might be) is negligible.
Well, the fact that some people answer emails here including the full real address of the person they are responding to complicates things. It's being more than a year since the SuSE archive stopped including that info, which is nice (thanks to Chris, I think). But that is only true for this one list, not the rest of SuSE lists.
Several dozen in 36hours isn't too bad. I have a customer that is regularly hit by waves of 100.000/day.
Bounces? Or simply spams? Because I know how to filter spam, but bounces caused by spam, no, not yet. - -- Cheers, Carlos Robinson -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.0 (GNU/Linux) Comment: Made with pgp4pine 1.76 iD8DBQFEQT8OtTMYHG2NR9URAmCOAJ0WUSTjPccCc+4mP5SAKwadpBv6dwCfTyM1 XGCL3SQqduA1KU3HTxYGCrc= =9Y7C -----END PGP SIGNATURE-----
Carlos E. R. wrote:
By participating in forums/lists such as this you have already done so yourself. Patricks contribution (whatever it might be) is negligible.
Well, the fact that some people answer emails here including the full real address of the person they are responding to complicates things.
What I meant was - if anyone wants to harvest email-addresses, all they have to do is sign up for a few mailing-lists. The minute you write to a list, your email-address is public. Archiving might make the addresses more accessible, but not more public.
Several dozen in 36hours isn't too bad. I have a customer that is regularly hit by waves of 100.000/day.
Bounces? Or simply spams? Because I know how to filter spam, but bounces caused by spam, no, not yet.
No, 100.000 bounces because of emails/spams sent with a forged sender-address. /Per Jessen, Zürich
Perhaps Patrick should now have the opportunity to put his side of things? -- ============================================== I am only human, please forgive me if I make a mistake it is not deliberate. ============================================== Xmas may be over but, PLEASE DON'T drink and drive you'll make it to the next one that way. Kevan Farmer Linux user #373362 Cheslyn Hay Staffordshire WS6 7HR
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 The Saturday 2006-04-15 at 21:13 +0200, Per Jessen wrote:
What I meant was - if anyone wants to harvest email-addresses, all they have to do is sign up for a few mailing-lists. The minute you write to a list, your email-address is public. Archiving might make the addresses more accessible, but not more public.
That's true enough. Still, I don't like to make life easier for them by including people emails in my texts.
Several dozen in 36hours isn't too bad. I have a customer that is regularly hit by waves of 100.000/day.
Bounces? Or simply spams? Because I know how to filter spam, but bounces caused by spam, no, not yet.
No, 100.000 bounces because of emails/spams sent with a forged sender-address.
Horrible! :-( How can you fight that, besides dumping the client (recipient) address? - -- Cheers, Carlos Robinson -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.0 (GNU/Linux) Comment: Made with pgp4pine 1.76 iD8DBQFEQY2ctTMYHG2NR9URAgMHAKCToz08kBpCrrdmY9dUxfSV4KTTMQCdG/mt DcoKmTF3eHJkdXWi9NyI2jQ= =4E/e -----END PGP SIGNATURE-----
No, 100.000 bounces because of emails/spams sent with a forged sender-address.
Horrible! :-(
How can you fight that, besides dumping the client (recipient) address?
Carlos E. R. wrote:
Bounces? Or simply spams? Because I know how to filter spam, but bounces caused by spam, no, not yet.
No, 100.000 bounces because of emails/spams sent with a forged sender-address.
Horrible! :-( How can you fight that, besides dumping the client (recipient) address?
You can't really - they are genuine rejects of forged emails. Depending on how much of the rejected email is attached, sometime the reject will be recognised as spam, sometimes it won't. /Per Jessen, Zürich -- http://www.spamchek.com/ - managed anti-spam and anti-virus solution. Let us analyse your spam- and virus-threat - up to 2 months for free.
On Sun, 2006-04-16 at 11:45 +0200, Per Jessen wrote:
Carlos E. R. wrote:
Horrible! :-( How can you fight that, besides dumping the client (recipient) address?
You can't really - they are genuine rejects of forged emails. Depending on how much of the rejected email is attached, sometime the reject will be recognised as spam, sometimes it won't.
Doesn't that make them easy to detect? Recognize them as reject messages by the subject line or other means, then check the body for something (message id or subject?) that corresponds to a message in the Sent folder for the claimed address? If there's a match, it's a real reject. If not, bin it! Cheers, Dave
Dave Howorth wrote:
On Sun, 2006-04-16 at 11:45 +0200, Per Jessen wrote:
Carlos E. R. wrote:
Horrible! :-( How can you fight that, besides dumping the client (recipient) address? You can't really - they are genuine rejects of forged emails. Depending on how much of the rejected email is attached, sometime the reject will be recognised as spam, sometimes it won't.
Doesn't that make them easy to detect? Recognize them as reject messages by the subject line or other means, then check the body for something (message id or subject?) that corresponds to a message in the Sent folder for the claimed address? If there's a match, it's a real reject. If not, bin it!
There are problems on more than one layer. Postfix doesn't neccessarily has access to the storage where the emails from the "Sent" folder are stored. There is currently no design in Postfix to keep track of messages beyond delivery. The easiest way would probably be to store the message id in a database and then check if the message id of the bounce is a hit or not. Even for that you would need a custom filter because Postfix has no internal mechanism to grap the message id. It's probably a job for a policy daemon. Sandy -- List replies only please! Please address PMs to: news-reply2 (@) japantest (.) homelinux (.) com
* Sandy Drobic
There is currently no design in Postfix to keep track of messages beyond delivery.
But you may with procmail (formail): :0 Whc: msgid.lock | $FORMAIL -D 16384 msgid.cache -- Patrick Shanahan Registered Linux User #207535 http://wahoo.no-ip.org @ http://counter.li.org HOG # US1244711 Photo Album: http://wahoo.no-ip.org/gallery2
Patrick Shanahan wrote:
* Sandy Drobic
[04-16-06 07:32]: There is currently no design in Postfix to keep track of messages beyond delivery.
But you may with procmail (formail):
:0 Whc: msgid.lock | $FORMAIL -D 16384 msgid.cache
If you use procmail that would be a way. I think about an implementation in amavisd-new, if all message are processed by amavis. Then you could also decide how to evaluate the result together will all other tests. Sandy -- List replies only please! Please address PMs to: news-reply2 (@) japantest (.) homelinux (.) com
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 The Sunday 2006-04-16 at 15:58 +0200, Sandy Drobic wrote:
If you use procmail that would be a way. I think about an implementation in amavisd-new, if all message are processed by amavis. Then you could also decide how to evaluate the result together will all other tests.
It would also have to distinguish outgoing and in-going. And senders. - -- Cheers, Carlos Robinson -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.0 (GNU/Linux) Comment: Made with pgp4pine 1.76 iD8DBQFEQlgKtTMYHG2NR9URAlnUAJ9iw1aiNLThyaUK6ihyBssj6OCIEACeNVVs dtisrow6qYYchvuXHKdM6xU= =RQbv -----END PGP SIGNATURE-----
On Sun, 2006-04-16 at 11:14 +0100, Dave Howorth wrote:
Doesn't that make them easy to detect? Recognize them as reject messages by the subject line or other means, then check the body for something (message id or subject?) that corresponds to a message in the Sent folder for the claimed address? If there's a match, it's a real reject. If not, bin it!
No, you're wanting server level software to mess with user software (which is more often than not on a different machine). The only real way to achive this would be to track messages via the logs. So postfix would "remember" that it sent a certain message out, and would know if it gets a bounce for that message that it is valid or not. But there are two problems with this. 1. On a very busy site the resources required for this would be enormous. 2. The original mail (that was bounced) may not have been sent via the server that receives the bounce. For example, I'm on ADSL at home, with a dynamic IP, so I have to send mail through my ISP's smtp server, which doesn't receive mail for any of the domains I use for e-mail. So if I sent a mail out via my ISP, with a typo in the address, say, and it gets bounced, it goes back to my mail domain's server (which has nothing to do with the ISP), who will see: "Oh, I didn't send this mail out, so this bounce must be invalid." Hans
Dave Howorth wrote:
On Sun, 2006-04-16 at 11:45 +0200, Per Jessen wrote:
You can't really - they are genuine rejects of forged emails. Depending on how much of the rejected email is attached, sometime the reject will be recognised as spam, sometimes it won't.
Doesn't that make them easy to detect? Recognize them as reject messages by the subject line or other means, then check the body for something (message id or subject?) that corresponds to a message in the Sent folder for the claimed address? If there's a match, it's a real reject. If not, bin it!
Bounces are easy to detect - they have no Return-Path. But whether they are results of genuine emails is different. Checking against the "Sent" folder presumes you have access to it - which I don't. Is suspect it might also be a little heavy resource-wise. /Per Jessen, Zürich -- http://www.spamchek.com/ - managed anti-spam and anti-virus solution. Let us analyse your spam- and virus-threat - up to 2 months for free.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 The Sunday 2006-04-16 at 11:45 +0200, Per Jessen wrote:
Horrible! :-( How can you fight that, besides dumping the client (recipient) address?
You can't really - they are genuine rejects of forged emails. Depending on how much of the rejected email is attached, sometime the reject will be recognised as spam, sometimes it won't.
Do rejects have to contain the msgid of the rejected message? As in the "References" header? If so, you could store the msgsids of all messages you (ie, your client, I mean) sent (months back). If it doesn't match, it is a suspect. - -- Cheers, Carlos Robinson -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.0 (GNU/Linux) Comment: Made with pgp4pine 1.76 iD8DBQFEQitStTMYHG2NR9URAo18AJ9DODnFtf8dM7tltyjKBRKIYYjd5wCeLL9s lxA9a8W9RuT9li87Q5k5gLw= =+y3B -----END PGP SIGNATURE-----
On Sat, Apr 15, 2006 at 08:44:28PM +0200, Carlos E. R. wrote:
The Saturday 2006-04-15 at 20:17 +0200, Per Jessen wrote:
In the past 36 hours, I have been hit by several dozen 'Undeliverable mail Returned to sender' messages, in response to spam sent out notionally in the name of my domain. Thank you for your contribution, Patrick Shanahan, to placing my email address in plain view on the internet. I have got some of those bounces, too. It means people that bounce after accepting the email, which is a no-no.
Unfortunately, last time I checked, Suse's default postfix configuration was to do just this (bouncing) :-( I've brought the topic to the suse-security list, but noone seemed to care :-((
Because I know how to filter spam, but bounces caused by spam, no, not yet.
Yes, bounces caused by spam is a big problem for me too :-( And Suse contributes to this problem because, by default, it is configured to bounce.
On Saturday 15 April 2006 20:17, Per Jessen wrote:
Vince Littler wrote:
In the past 36 hours, I have been hit by several dozen 'Undeliverable mail Returned to sender' messages, in response to spam sent out notionally in the name of my domain. Thank you for your contribution, Patrick Shanahan, to placing my email address in plain view on the internet.
By participating in forums/lists such as this you have already done so yourself. Patricks contribution (whatever it might be) is negligible.
Several dozen in 36hours isn't too bad. I have a customer that is regularly hit by waves of 100.000/day.
He won't listen. He's bound and determined that Patrick, and only Patrick is the reason he gets spam. I did a search, and found his address in several places on the net. But he'll keep right on complaining as if anyone really cared. Mike -- Powered by SuSE 10.0 Kernel 2.6.13 KDE 3.4 Kmail 1.8 For Mondo/Mindi backup support go to http://www.mikenjane.net/~mike 8:55pm up 10 days 1:41, 4 users, load average: 1.16, 1.23, 1.27
On Saturday 15 April 2006 19:57, Mike wrote:
On Saturday 15 April 2006 20:17, Per Jessen wrote:
Vince Littler wrote:
In the past 36 hours, I have been hit by several dozen 'Undeliverable mail Returned to sender' messages, in response to spam sent out notionally in the name of my domain. Thank you for your contribution, Patrick Shanahan, to placing my email address in plain view on the internet.
By participating in forums/lists such as this you have already done so yourself. Patricks contribution (whatever it might be) is negligible.
Several dozen in 36hours isn't too bad. I have a customer that is regularly hit by waves of 100.000/day.
He won't listen. He's bound and determined that Patrick, and only Patrick is the reason he gets spam.
In my own words, Patrick Shanahan knows he is putting my email address in the archives, circumventing the address removal. He goes on doing it, despite repeated requests not to, and he has done it deliberately. I do not know the extent to which he is a contributor, its doing it knowingly and deliberately which I object to, while all the time he rebukes thread hijackers and top posters.
On Saturday 15 April 2006 15:22, Vince Littler wrote:
In my own words, Patrick Shanahan knows he is putting my email address in the archives, circumventing the address removal. He goes on doing it, despite repeated requests not to, and he has done it deliberately. I do not know the extent to which he is a contributor, its doing it knowingly and deliberately which I object to, while all the time he rebukes thread hijackers and top posters.
A very valid point in my view.
On Saturday 15 April 2006 21:22, Vince Littler wrote:
In my own words, Patrick Shanahan knows he is putting my email address in the archives, circumventing the address removal.
As no one can be completely sure that there are no spammers subscribed to this mailinglist, aren't /you/ the *first* person who is to blaim for making your email address public by sending email to this mailinglist? [...]
while all the time he rebukes thread hijackers and top posters.
Please, don't change the subject! Cheers, Leen
On Sat, 15 Apr 2006 20:57:48 +0200, you wrote:
On Saturday 15 April 2006 20:17, Per Jessen wrote:
Vince Littler wrote:
In the past 36 hours, I have been hit by several dozen 'Undeliverable mail Returned to sender' messages, in response to spam sent out notionally in the name of my domain. Thank you for your contribution, Patrick Shanahan, to placing my email address in plain view on the internet.
By participating in forums/lists such as this you have already done so yourself. Patricks contribution (whatever it might be) is negligible.
Several dozen in 36hours isn't too bad. I have a customer that is regularly hit by waves of 100.000/day.
He won't listen. He's bound and determined that Patrick, and only Patrick is the reason he gets spam. I did a search, and found his address in several places on the net. But he'll keep right on complaining as if anyone really cared.
I've been using my real email address for years, here, there & everywhere. If you're willing to configure spamassassin properly and do a bit of 'outside the box thinking' it doesn't have any impact on spam. Mike- -- If you're not confused, you're not trying hard enough. -- Please note - Due to the intense volume of spam, we have installed site-wide spam filters at catherders.com. If email from you bounces, try non-HTML, non-encoded, non-attachments,
On Sat, 2006-04-15 at 19:51 -0400, Michael W Cocke wrote:
On Sat, 15 Apr 2006 20:57:48 +0200, you wrote:
On Saturday 15 April 2006 20:17, Per Jessen wrote:
Vince Littler wrote:
In the past 36 hours, I have been hit by several dozen 'Undeliverable mail Returned to sender' messages, in response to spam sent out notionally in the name of my domain. Thank you for your contribution, Patrick Shanahan, to placing my email address in plain view on the internet.
By participating in forums/lists such as this you have already done so yourself. Patricks contribution (whatever it might be) is negligible.
Several dozen in 36hours isn't too bad. I have a customer that is regularly hit by waves of 100.000/day.
He won't listen. He's bound and determined that Patrick, and only Patrick is the reason he gets spam. I did a search, and found his address in several places on the net. But he'll keep right on complaining as if anyone really cared.
I've been using my real email address for years, here, there & everywhere. If you're willing to configure spamassassin properly and do a bit of 'outside the box thinking' it doesn't have any impact on spam.
Absolutely, here in France we have a whole industry based on putting
publicity in peoples letterboxes, if you are living in a street you get
the publicity for that street, unless you put a notice on your box to
say you don't want it. Only problem is that in my area the local
government uses the same company to distribute its information, no pub
no info.
If you don't want _any_ spam close your mailboxes, but remember there is
also stuff you want and will miss.
--
Dave Cotton
Dave Cotton wrote:
Absolutely, here in France we have a whole industry based on putting publicity in peoples letterboxes, if you are living in a street you get the publicity for that street, unless you put a notice on your box to say you don't want it. Only problem is that in my area the local government uses the same company to distribute its information, no pub no info.
Similar system here in Switzerland - except even if you have a sticker "Keine Werbung" on your mailbox, you will still get e.g. info from the local Gemeinde etc. /Per Jessen, Zürich
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 The Sunday 2006-04-16 at 11:38 +0200, Per Jessen wrote:
Absolutely, here in France we have a whole industry based on putting publicity in peoples letterboxes, if you are living in a street you get the publicity for that street, unless you put a notice on your box to say you don't want it. Only problem is that in my area the local government uses the same company to distribute its information, no pub no info.
Similar system here in Switzerland - except even if you have a sticker "Keine Werbung" on your mailbox, you will still get e.g. info from the local Gemeinde etc.
Interesting method, I like it. No such thing here in Spain - and it would be useless, the postman would ignore it: once he gets a letter with your address, he is "sworn" to deliver it. Another thing is anonymous mail. - -- Cheers, Carlos Robinson -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.0 (GNU/Linux) Comment: Made with pgp4pine 1.76 iD8DBQFEQlnjtTMYHG2NR9URAhkiAJ9mtdFsMD1XaIxSmDFRZ4l4GQN8/ACfSsU+ T/UFKF3N1i32a1WwlmdhwwI= =DrKA -----END PGP SIGNATURE-----
On Saturday 15 April 2006 7:00 pm, Vince Littler wrote:
In the past 36 hours, I have been hit by several dozen 'Undeliverable mail Returned to sender' messages, in response to spam sent out notionally in the name of my domain. Thank you for your contribution, Patrick Shanahan, to placing my email address in plain view on the internet.
Vince. I have received many Undeliverable Mail messages too, but I haven't sent a posting to the SUSE mailing list for many weeks, or even several months. So I think it is something else which is triggering them. Cheers Keith
On Saturday 15 April 2006 20:38, Keith Powell wrote:
On Saturday 15 April 2006 7:00 pm, Vince Littler wrote:
In the past 36 hours, I have been hit by several dozen 'Undeliverable mail Returned to sender' messages, in response to spam sent out notionally in the name of my domain. Thank you for your contribution, Patrick Shanahan, to placing my email address in plain view on the internet.
I have received many Undeliverable Mail messages too, but I haven't sent a posting to the SUSE mailing list for many weeks, or even several months.
So did I: I received 8 undeleverables all from administrator at c05.lnx, and only from emails sent to this list (received 2006-04-10 20:10 MET).
So I think it is something else which is triggering them.
Probably. Cheers, Leen
On Saturday 15 April 2006 20:00, Vince Littler wrote:
In the past 36 hours, I have been hit by several dozen 'Undeliverable mail Returned to sender' messages, in response to spam sent out notionally in the name of my domain. Thank you for your contribution, Patrick Shanahan, to placing my email address in plain view on the internet.
I can't say how spammers operate to gather their lists of addresses, but if I were to do it, I would subscribe to the mailing lists with an anonymous address. That would bypass any protection schemes put in web archives. The only way to get around that would be to re-send list mail to subscribers using the list address instead of the original sender address, but of course that has its own set of problems
participants (17)
-
Anders Johansson
-
Bruce Marshall
-
Carlos E. R.
-
Dave Cotton
-
Dave Howorth
-
Hans du Plooy
-
Josef Wolf
-
Keith Powell
-
Kevanf1
-
Leendert Meyer
-
Michael W Cocke
-
Mike
-
Patrick Shanahan
-
Per Jessen
-
Sandy Drobic
-
Ulf Rasch
-
Vince Littler