Re: how to deal with spam

To: debian-user@lists.debian.org
Subject: Re: how to deal with spam
From: Stan Hoeppner <stan@hardwarefreak.com>
Date: Sat, 25 Feb 2012 12:33:26 -0600
Message-id: <[🔎] 4F492976.8010706@hardwarefreak.com>
Reply-to: stan@hardwarefreak.com
In-reply-to: <[🔎] 20120223202656.4acad39c@lap.g8jvm.com>
References: <20120223174443.DFEDD2BFDD@240plan.ovh.net> <[🔎] 4F4691CF.5070005@schwaz.net> <[🔎] 201202232050.26949.Martin@lichtvoll.de> <[🔎] 4F469BF7.2050003@gmail.com> <[🔎] 20120223202656.4acad39c@lap.g8jvm.com>

On 2/23/2012 2:26 PM, richard wrote:

> this was an easy one to deal with, created a filter to delete "yahoo.fr"

That won't stop it all, and may cause FPs.  Much better is a
header regex such as:

/Received: from .*213.251.189.205/

The spam in this campaign is all originating from a [likely compromised]
OVH server at IP address 213.251.189.205:

Received: from gw5.ovh.net (HELO 240plan.ovh.net) (213.251.189.205)

$ grep -c 213.251.189.205 1-Debian-Users
49

-- 
Stan

Reply to:

Follow-Ups:
- Re: how to deal with spam
  - From: Michelle Konzack <linux4michelle@tamay-dogan.net>

References:
- Re: Petites annonces gratuites
  - From: Hans Vogelsberger <li.vog@schwaz.net>
- how to deal with spam (was: Re: Petites annonces gratuites)
  - From: Martin Steigerwald <Martin@lichtvoll.de>
- Re: how to deal with spam
  - From: Don deJuan <donjuansjiz@gmail.com>
- Re: how to deal with spam
  - From: richard <richard.bown@blueyonder.co.uk>

Prev by Date: Mutt and HTML signatures
Next by Date: Re: pulseaudio /usr/share/alsa/pulse-alsa.conf
Previous by thread: Re: how to deal with spam
Next by thread: Re: how to deal with spam
Index(es):
- Date
- Thread