Title: Message
MS Corporation Security Center
[EMAIL PROTECTED]
On Wed, Sep 24, 2003 at 12:44:50PM -0500, Gunnar Wolf <[EMAIL PROTECTED]> was
heard to say:
> Daniel Burrows dijo [Wed, Sep 24, 2003 at 01:10:57PM -0400]:
> > > And I insist... Do you want to stop every mail which is (peeking at my
> > > inbox) between 1887 and 2183 bytes long just because it migh
On Wed, Sep 24, 2003 at 10:05:54AM -0500, Gunnar Wolf <[EMAIL PROTECTED]> was
heard to say:
> Wouter Verhelst dijo [Wed, Sep 24, 2003 at 09:03:39AM +0200]:
> > > I don't think so - And if so, this could break many client MTAs.
> > > According to the protocol definition [1],
> >
> > [...]
> >
>
On Tue, 2003-09-23 at 03:44, Lars Wirzenius wrote:
> I favor this approach over simple applications of violence, such as
> using an axe on any computer infected by a virus.
Why punish the hardware for what is clearly a wetware problem?
signature.asc
Description: This is a digitally signed messa
On Mon, Sep 22, 2003 at 04:53:16PM +0200, Matthias Urlichs wrote:
> The list of hardware required to stop this spam unfortunately seems to
> include a time machine.
Just because you can't afford one...
Another (cheaper) solution though would be to pull the plug ;-).
There! No more spam problems!
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Tuesday 23 September 2003 01:48, Gunnar Wolf wrote:
> Mike Hommey dijo [Tue, Sep 23, 2003 at 12:28:44AM +0200]:
> > Maybe I'm wrong, but I think an MTA rejecting a mail because of oversized
> > body doesn't have to get the whole body before rejectin
Hi, Steve Lamb wrote:
> What would help is to be able to block an IP once it's been hit.
That won't work for people who have a secondary MX record.
I've set up a second mailer which simply rejects everything (one that
speaks correct SMTP... :-/ ), and the source addresses which flood me
wit
Hi,
Graham Wilson wrote:
> On Mon, Sep 22, 2003 at 04:53:16PM +0200, Matthias Urlichs wrote:
> > A pure MTA solution would still need to scan the body and thus would
> > still eat your bandwidth.
>
> i have postfix's body_checks setup to reject lines that match the
> following regular expression (
Hello,
On Sat, Sep 20, 2003 at 03:41:36PM +0200, Paul Seelig wrote:
> snip -
> Package: popsneaker
> Status: install ok installed
> Priority: optional
> Section: mail
> Installed-Size: 159
> Maintainer: Stefan Baehre <[EMAIL PROTECTED]>
> Version: 0.6.2-1
> Dep
On Wed, Sep 24, 2003 at 07:37:03AM -0700, Steve Lamb wrote:
> > Runs spamc twice. Usually it won't matter, but with higher traffic, the load
> > will increase for obvious reasons...
>
> spamc isn't run twice. exiscan-acl *can* run the mail through SA as a
> test. It doesn't /have/ to. So if
On Wed, Sep 24, 2003 at 06:33:45PM +0200, Wouter Verhelst wrote:
> Op wo 24-09-2003, om 17:05 schreef Gunnar Wolf:
> > And I insist... Do you want to stop every mail which is (peeking at my
> > inbox) between 1887 and 2183 bytes long just because it might be a
> > virus?
>
> Hm. I was under the i
Daniel Burrows dijo [Wed, Sep 24, 2003 at 01:10:57PM -0400]:
> > And I insist... Do you want to stop every mail which is (peeking at my
> > inbox) between 1887 and 2183 bytes long just because it might be a
> > virus?
>
> Um, those are line counts, not byte counts. 1889 lines is about 140k
> o
Op wo 24-09-2003, om 17:05 schreef Gunnar Wolf:
> And I insist... Do you want to stop every mail which is (peeking at my
> inbox) between 1887 and 2183 bytes long just because it might be a
> virus?
Hm. I was under the impression that they were a lot larger.
OK, never mind...
--
Wouter Verhels
Wouter Verhelst dijo [Wed, Sep 24, 2003 at 09:03:39AM +0200]:
> > I don't think so - And if so, this could break many client MTAs.
> > According to the protocol definition [1],
>
> [...]
>
> > [1] http://www.ietf.org/rfc/rfc0821.txt
>
> MTAs that still stick to nothing but RFC821 are horribly o
On Wed, 24 Sep 2003 16:17:45 +0200
Josip Rodin <[EMAIL PROTECTED]> wrote:
> Runs spamc twice. Usually it won't matter, but with higher traffic, the load
> will increase for obvious reasons...
spamc isn't run twice. exiscan-acl *can* run the mail through SA as a
test. It doesn't /have/ to. S
On Tue, Sep 23, 2003 at 12:52:30PM -0700, Steve Lamb wrote:
> > > Same here though I am sticking with SA-Exim because it saves the mail
> > > in a certain range so I can throw it at the Bayesian classifier.
>
> > I usually don't have large enough partitions to hold all the spam (!)
>
> C
Op di 23-09-2003, om 01:48 schreef Gunnar Wolf:
> Mike Hommey dijo [Tue, Sep 23, 2003 at 12:28:44AM +0200]:
> > > > helps catching 95%... But the bandwidth is still used... I'm still
> > > > looking for a pure MTA solution...
> > >
> > > A pure MTA solution would still need to scan the body and thu
On Tue, 23 Sep 2003 21:07:46 +0200
Josip Rodin <[EMAIL PROTECTED]> wrote:
> On Tue, Sep 23, 2003 at 10:43:30AM -0700, Steve Lamb wrote:
> > Same here though I am sticking with SA-Exim because it saves the mail
> > in a certain range so I can throw it at the Bayesian classifier.
> I usually do
On Tue, Sep 23, 2003 at 10:43:30AM -0700, Steve Lamb wrote:
> > For now I'm using the SA-Exim method because even though it's clumsy (needs
> > the .so file compiled from source so distribution isn't as trivial as an
> > apt-get invocation), I used it before the Exiscan patch was available and it
>
Steve Lamb dijo [Tue, Sep 23, 2003 at 10:29:51AM -0700]:
> Gunnar Wolf <[EMAIL PROTECTED]> wrote:
> > Steve Lamb dijo [Mon, Sep 22, 2003 at 07:21:05PM -0700]:
> > > Gunnar Wolf <[EMAIL PROTECTED]> wrote:
> > > > [1] http://www.ietf.org/rfc/rfc0821.txt
>
> > > And what does RFC2821 have to say
On Tue, 23 Sep 2003 16:45:55 +0200
Josip Rodin <[EMAIL PROTECTED]> wrote:
> For now I'm using the SA-Exim method because even though it's clumsy (needs
> the .so file compiled from source so distribution isn't as trivial as an
> apt-get invocation), I used it before the Exiscan patch was available
On Tue, 23 Sep 2003 08:39:02 -0400
"H. S. Teoh" <[EMAIL PROTECTED]> wrote:
> On Mon, Sep 22, 2003 at 08:46:15PM -0700, Steve Lamb wrote:
> > Except it never hits SA nor do I even have procmail installed. Can't
> > stand the ugly beast.
> It never hits SA? Almost all Swen mails I got were cau
You are aware Mutt is perfectly capable of responding to the list. Learn
it, love it, USE IT!
On Tue, 23 Sep 2003 10:20:46 -0500
Gunnar Wolf <[EMAIL PROTECTED]> wrote:
> Steve Lamb dijo [Mon, Sep 22, 2003 at 07:21:05PM -0700]:
> > Gunnar Wolf <[EMAIL PROTECTED]> wrote:
> > > [1] http://www.ie
Steve Lamb dijo [Mon, Sep 22, 2003 at 07:21:05PM -0700]:
> Gunnar Wolf <[EMAIL PROTECTED]> wrote:
> > [1] http://www.ietf.org/rfc/rfc0821.txt
>
> And what does RFC2821 have to say about it?
I would not trust every MTA to implement newer versions of the RFC -
However, it is up to you to decide
On Tue, Sep 23, 2003 at 08:39:02AM -0400, H. S. Teoh wrote:
> > > What are the exim rules you used to catch these things?
> >
> > exiscan-acl calling clamav and dropping it with a 550. A full log
> > line would be:
> >
> > 2003-09-22 07:38:05 1A1RpB-0007Xd-Of H=(smtp21.singnet.com.sg)
> > [1
Lars Wirzenius writes:
> I favor this approach over simple applications of violence, such as using
> an axe on any computer infected by a virus.
Psychiatry just for sending viruses? I don't know. Seems pretty extreme
to me. Are you sure simple beatings would not suffice?
--
John Hasler
[EMAIL
On Tue, Sep 23, 2003 at 02:31:22PM +0200, Josip Rodin wrote:
> On Mon, Sep 22, 2003 at 07:34:58PM -0400, H. S. Teoh wrote:
> > I've resorted to blocking port 25 to subnets from which these spams
> > originate. Currently I have about 45 subnets (/24 and a few /16) on my
> > blacklist, and so far 409
On Mon, Sep 22, 2003 at 08:46:15PM -0700, Steve Lamb wrote:
> On Mon, 22 Sep 2003 22:44:50 -0400
> "H. S. Teoh" <[EMAIL PROTECTED]> wrote:
> > Another major source is rr.com, which not only gives me tons of Swen, but
> > also other spam in general. I've blacklisted rr.com in /etc/hosts.deny,
> > bu
On Mon, Sep 22, 2003 at 07:34:58PM -0400, H. S. Teoh wrote:
> I've resorted to blocking port 25 to subnets from which these spams
> originate. Currently I have about 45 subnets (/24 and a few /16) on my
> blacklist, and so far 409 connections have been dropped.
The sad thing about this is that the
Hi,
Is there something similar for exim (woody version)? I don't care too
much about the incoming bandwidth, but more about the resources that the
spam and virus checks consume, especially during these spam virus waves.
So I could add a (hopefully) cheap check at MTA level to reject these
mails un
On Tue, Sep 23, 2003 at 12:28:44AM +0200, Mike Hommey wrote:
> Maybe I'm wrong, but I think an MTA rejecting a mail because of
> oversized body doesn't have to get the whole body before rejecting the
> mail.
You can issue a permanent error only after you have received the body.
On Tuesday 23 September 2003 01:45, Bernd Eckenfels wrote:
> On Tue, Sep 23, 2003 at 12:28:44AM +0200, Mike Hommey wrote:
> > Maybe I'm wrong, but I think an MTA rejecting a mail because of oversized
> > body doesn't have to get the whole body before rejecting the mail. Based
> > on this, it should
On ma, 2003-09-22 at 17:53, Matthias Urlichs wrote:
> The list of hardware required to stop this spam unfortunately seems to
> include a time machine.
Oh, that's not required at all. A simple couch will do.
The couch will require a team of psychiatrists surrounding it, of
course. They will then i
On Mon, 22 Sep 2003 22:44:50 -0400
"H. S. Teoh" <[EMAIL PROTECTED]> wrote:
> Another major source is rr.com, which not only gives me tons of Swen, but
> also other spam in general. I've blacklisted rr.com in /etc/hosts.deny,
> but obviously I'm missing something obvious, 'cos rr.com spam still gets
On Mon, Sep 22, 2003 at 07:18:56PM -0700, Steve Lamb wrote:
> On Mon, 22 Sep 2003 19:34:58 -0400
> "H. S. Teoh" <[EMAIL PROTECTED]> wrote:
> > I've resorted to blocking port 25 to subnets from which these spams
>
> What would help is to be able to block an IP once it's been hit. Thing is
> I
On Mon, Sep 22, 2003 at 04:53:16PM +0200, Matthias Urlichs wrote:
> Hi, Mike Hommey wrote:
> > helps catching 95%... But the bandwidth is still used... I'm still
> > looking for a pure MTA solution...
>
> A pure MTA solution would still need to scan the body and thus would still
> eat your bandwid
On Mon, 22 Sep 2003 18:48:58 -0500
Gunnar Wolf <[EMAIL PROTECTED]> wrote:
> [1] http://www.ietf.org/rfc/rfc0821.txt
And what does RFC2821 have to say about it?
--
Steve C. Lamb | I'm your priest, I'm your shrink, I'm your
PGP Key: 8B6E99C5 | main connection to t
On Mon, 22 Sep 2003 19:34:58 -0400
"H. S. Teoh" <[EMAIL PROTECTED]> wrote:
> I've resorted to blocking port 25 to subnets from which these spams
What would help is to be able to block an IP once it's been hit. Thing is
I cannot for the life of me figure out a way to do it. Here's the first 2
Mike Hommey dijo [Tue, Sep 23, 2003 at 12:28:44AM +0200]:
> > > helps catching 95%... But the bandwidth is still used... I'm still
> > > looking for a pure MTA solution...
> >
> > A pure MTA solution would still need to scan the body and thus would still
> > eat your bandwidth.
>
> Maybe I'm wrong
On Tue, Sep 23, 2003 at 12:28:44AM +0200, Mike Hommey wrote:
> Maybe I'm wrong, but I think an MTA rejecting a mail because of oversized
> body
> doesn't have to get the whole body before rejecting the mail. Based on this,
> it should be possible to reject the mail before it gets fully transfere
On Mon, Sep 22, 2003 at 04:53:16PM +0200, Matthias Urlichs wrote:
> Hi, Mike Hommey wrote:
>
> > helps catching 95%... But the bandwidth is still used... I'm still looking
> > for
> > a pure MTA solution...
>
> A pure MTA solution would still need to scan the body and thus would still
> eat you
On Monday 22 September 2003 16:53, Matthias Urlichs wrote:
> Hi, Mike Hommey wrote:
> > helps catching 95%... But the bandwidth is still used... I'm still
> > looking for a pure MTA solution...
>
> A pure MTA solution would still need to scan the body and thus would still
> eat your bandwidth.
May
Hi, Daniel Burrows wrote:
> On Fri, Sep 19, 2003 at 10:45:57AM -0500, Luca - De Whiskey's - De Vitis
> <[EMAIL PROTECTED]> was heard to say:
>> I'm getting one evry 30 minutes, more or less... but i've read on irc that
>> this is quite common now...
>
> You mean "seconds", not "minutes", right?
Hi, Mike Hommey wrote:
> helps catching 95%... But the bandwidth is still used... I'm still looking
> for
> a pure MTA solution...
A pure MTA solution would still need to scan the body and thus would still
eat your bandwidth.
The list of hardware required to stop this spam unfortunately seems
44 matches
Mail list logo
