Re: OT - worm problem

To: debian-powerpc@lists.debian.org
Subject: Re: OT - worm problem
From: Clive Menzies <clive@clivemenzies.co.uk>
Date: Tue, 28 Oct 2003 23:44:18 +0000
Message-id: <[🔎] 20031028234418.GB925@apollo>
Mail-followup-to: debian-powerpc@lists.debian.org
In-reply-to: <[🔎] BBC42F87.8DD8%dylan@iici.no-ip.org>
References: <[🔎] 20031028214611.GA18436@cattlegrid.net> <[🔎] BBC42F87.8DD8%dylan@iici.no-ip.org>

On (28/10/03 14:36), dylan wrote:
> I have tried to implement such a scheme with an exim system filter... but
> strangely enough it only *sort of* works... about half of the emails come
> through... or if i wait long enough it seems like all of them do...(but only
> on weekdays? :)  )
> 
> has anyone put together some exim-style rules for filtering swen-related
> junk?
Hi Dylan

Not sure if you're using a POP 3 account but I've been using mailfilter
to delete these from the server prior to download with fetchmail and it
works pretty well.  Let me know if you want the rc file off list.  Even
if you aren't using POP3, you may be able to adapt it for filtering in
Exim.

There have been a lot of posts on this on Debian-User search on:
Insidious Spam/swen/Garbage
How to stop viruses at SMTP time
speedy spam
spam software

...../and many others

Regards

Clive


> 
> on 03.10.28 1:46 PM, christophe barbe at christophe@cattlegrid.net was
> reported to have writen:
> 
> > On Tue, Oct 28, 2003 at 12:27:27PM -0800, Johnathon Jamison wrote:
> >> What is the chance that email addresses in the archives could be
> >> modified to say something like
> >> * From: Zach Archer <chaz (at) dslnorthwest.net>
> >> instead of
> >> * From: Zach Archer <chaz@dslnorthwest.net>
> >> so the email address spiders do not get them?  I think this may help in
> >> the future (but will do nothing for the past).
> > 
> > 0. Your email address is grabbed by the worm (swen) on a newsgroup
> > gateway. So the problem is not the archive. And in anycase trying to
> > protect you address would only bother real people not worm/spammers.
> > 
> > Concerning swen, I use the following procmail rules:
> > 
> > :0
> > * -2^0
> > * 1^0 > 140000
> > * 1^0 < 165000
> > * 1^0 ^subject: (undeliverable|undelivered|returned)? ?(mail|message)(:?
> > (returned to (mail|send)er|user unknown))?
> > * 1^0 ^subject: (new(est)?|latest|last|current)?
> > ?(net(work)?|microsoft|internet)? ?(critical|security)?
> > * ?(pack|patch|update|upgrade)
> > * 1^0 ^subject: (abort|bug|error|failure)?
> > * ?(advice|announcement|letter|message|notice|report)
> > {
> > :0 BD
> > * b3IAAABBZG1pbgAAAEdFVCBodHRwOi8vd3cyLmZjZS52dXRici5jei9iaW4vY291bnRlci5naWYv
> > /dev/null
> > }
> > 
> > :0
> > * > 140000
> > * < 165000
> > *^subject: *$
> > {
> > :0 BD
> > * b3IAAABBZG1pbgAAAEdFVCBodHRwOi8vd3cyLmZjZS52dXRici5jei9iaW4vY291bnRlci5naWYv
> > /dev/null
> > }
> > 
> > which are simples and very effectives.
> > 
> > Christophe
> 
> 
> 
> 
> 
> -- 
> "The world is a dangerous place to live; not because of the people who are
> evil, but because of the people who don't do anything about it."
> -Albert Einstein
> 
> 
> -- 
> To UNSUBSCRIBE, email to debian-powerpc-request@lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
> 

-- 
http://www.clivemenzies.co.uk
strategies for business

Reply to:

References:
- Re: OT - worm problem
  - From: christophe barbe <christophe@cattlegrid.net>
- Re: OT - worm problem
  - From: dylan <dylan@iici.no-ip.org>

Prev by Date: Re: Problems with X on my Titanium PB
Next by Date: Re: Problems with X on my Titanium PB
Previous by thread: Re: OT - worm problem
Next by thread: Re: OT - worm problem - THX
Index(es):
- Date
- Thread