txucom.com

To: Debian ISP <debian-isp@lists.debian.org>
Subject: txucom.com
From: Russell Coker <russell@coker.com.au>
Date: Wed, 24 Dec 2003 02:23:22 +1100 (EST)
Message-id: <[🔎] 20031223152322.87FB9B57F5@lyta.coker.com.au>
Reply-to: russell@coker.com.au

domain is run by morons
Date: Wed, 24 Dec 2003 02:23:22 +1100
User-Agent: KMail/1.5.4
MIME-Version: 1.0
Content-Type: text/plain;
  charset="us-ascii"
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
Message-Id: <200312240223.22027.russell@coker.com.au>
Status: RO
X-Status: Q
X-KMail-EncryptionState:  
X-KMail-SignatureState:  

They have a filter that stops naughty language.  Their filter replies to the 
apparent sender of all messages (including mailing list messages).  They have 
an address for discussion of the filter but it applies the same filter (so if 
you forward their complaint message to discuss why it should not be blocked 
then you get even more of their messages).

If you CC multiple addresses in their domain then you get multiple responses.

Here are some ways that txucom.com can be abused:
Send a number of messages appearing to come from someone you don't like that 
are CC'd to many addresses at txycom.com (ITOne@TXUCOM.COM and 
postmaster@txycom.com are two that I know of).  The number of messages sent 
to the person you don't like will be N*M (where N is the number of messages 
and M is the number of names on the CC list).

The "Wall Alarm" program that they use contains a paragraph of text which 
contains the "naughty" word.  So a three line message about p**** enlargement 
with the P word in the middle line can be transmitted in the bounce message, 
thus getting around some spam filters (in effect an open-relay).

There are probably ways of making the "Wall Alarm" program reply to it's own 
messages and kill itself, but I didn't bother figuring it out.


This "Wall Alarm" program is evil and should not be allowed on the Internet.  
I recommend that everyone configure their mail server to reject messages 
who's header match the regex "^Subject: Wall Alarm", in Postfix you can do 
this by adding the following line to /etc/postfix/reject:
/^Subject: Wall Alarm/i REJECT

You also need the following in main.cf:
header_checks = regexp:/etc/postfix/reject


PS  I would appreciate it if the person from txucom.com would use hotmail.com 
to read this mailing list.

-- 
http://www.coker.com.au/selinux/   My NSA Security Enhanced Linux packages
http://www.coker.com.au/bonnie++/  Bonnie++ hard drive benchmark
http://www.coker.com.au/postal/    Postal SMTP/POP benchmark
http://www.coker.com.au/~russell/  My home page

Reply to:

Follow-Ups:
- Re: txucom.com
  - From: Russell Coker <russell@coker.com.au>

Prev by Date: Re: Attempts to poison bayesian systems
Next by Date: Re: txucom.com
Previous by thread: Re: Attempts to poison bayesian systems
Next by thread: Re: txucom.com
Index(es):
- Date
- Thread