on Thu, Apr 11, 2002, Matt Frazer (matt@masie.com) wrote:
> Karsten neglects to mention that he also sent a Spam/UCE/UBE report to
> myself, abuse and postmaster@my.isp, abuse and postmaster@my.domain,
> as well as domain-registrar@register.com.
This is my SOP with spam.
I use a set of tools to automate much of this process. Don't feel
particularly singled out -- your system's spam is being treated the same
as the 10-20 messages that typically trip my filters (or sensibilities)
daily at home, or the 50-100+ messages doing same at work.
These tools include spamassassin (a spam flagging tool), additional
procmail filters and triggers, 'ricochet' (http://vipul.net/ricochet/),
spamassassin's reporting tool (which includes Razor and other services)
and a set of standard forward address / reporting services.
> The body of this report contained thinly veiled threats
Thes aren't threats of something I might do if I continue to be
personally affronted by your company specifically. They're simply how I
respond to spam. Your system administrators were put on notice that
posts of the nature received are treated as such, and will be reported
as such. Believe me, I could care less who it is I'm reporting [1],
for the most part, it's the _what_ that matters.
You (or various reporting addresses) likely also received my standard
spam script response.
> of being reported to the FTC as well as multiple abuse reporting
> systems and indicated that email from my domain would now be blocked
> by a large percentage of internet mail servers.
Let's quote me directly, eh? Actually, I'm not sure which message
Matt's quoting as I don't find a direct response to him, though I sent
substantially the same response to a couple of sysadmins on this issue:
My own response will be to treat such responses as spam. My own
systems will forward the issue to a site's known admin contact
addresses, upstream ISP, the FTC's spam abuse hotline, and several
online spam reporting services. This may have impacts beyond my
control on your network connectivity and communications ability,
depending on how others respond to this data.
> Who specifically this was reported to is unclear,
Whomever is responsible for configuring mail systems, and/or influencing
policy over same, at your site.
> however it is interesting to note that the bridgehead SMTP server that
> sits between our Exchange Server and the Internet began to indicate a
> high rate of forged address relay attempts shortly after this spam
> report email arrived.
Of which I can assure you I had no relation. I had enough to deal with
myself at work today. Not that I'm surprised, however.
> This surprises me in that other than the blanket definition of, Email
> I don't want to see, I do not understand how a mail server here
> replying to a message sender that it detected a virus in an attachment
> could be seen as Spam, or unsolicited commercial content.
This isn't simply mail I don't want to see (and concommittant use of
my systems and resources). It's _automated_ sending of content. As I
said in one of my posts (not sure if Matt saw this) earlier today:
The problem is the math. debian-user currently has 2075
subscribers[1], with others reading the list through propogators,
Usenet, or archives. If even a small percentage "lived" behind such
virus-screening/response software, a single virus message would
produce hundreds of list messages. This itself becomes a DDoS
attack on the list itself. I've seen other lists fall to such
attacks. It's sad.
I would strongly suggest you find out what lists are being
subscribed by individuals at your site and block these list
addresses from receiving responses.
> This is largely irrelevant as I have put in my request to unsubscribe,
> corporate policy requires I unsub from lists that trip the AV filter.
This is one solution. It's less than optimal, and speaks some volumes
of your employer.
> I must say as a long time debian user and advocate, it breaks my heart
> to see this foolhardy "anything that is Microsoft should be banned"
You've sorely misinterpreted this issue. The issue is good netiquette.
The fact that MSFT is often synonymous with poor netiquette is not
accidental, but two issues may be disaggregated. This generally takes a
modicum of clue.
Incidentally, I lied somewhat earlier -- I monitor several Debian lists
from work, though I limit active participation to my personal email.
I was somewhat heartened to find the following mail in my virus reports
folder today:
Subject: Virus found in sent message "Help"
Date: 10 Apr 2002 18:21:35 -0000
Cc: root@box4.freerun.com
X-Tnz-Problem-Type: 40
Attention: System Anti-Virus Administrator.
> [This message was _not_ sent to the originator, as they appear to
> be a mailing-list or other automated Email message]
A Virus was found in an Email message you sent.
This Email scanner intercepted it and stopped the entire message
reaching its destination.
The Virus was reported to be:
the VBS/Haptime@MM virus !!!
<...>
Note the highlighted passage.
The tool we use is uvscan, running with qmail on Red Hat 7.2. Clearly,
the tool is intelligent enough *not* to spam mailing lists with reports.
There is no project homepage I'm familiar with, but the following is a
good overview:
http://www-uxsup.csx.cam.ac.uk/pwf-linux/autodoc/packages/uvscan.html
Peace.
----------------------------------------
Notes:
1. With the exception that I add to a 'skip list' sites which are
likely to be falsely implicated by ricochet. It's a useful tool,
but a bit broad and naive in its reporting, something that's
starting to bother me. Otherwise, though, I'm fully egalitarian, I
assure you.
--
Karsten M. Self <kmself@ix.netcom.com> http://kmself.home.netcom.com/
What Part of "Gestalt" don't you understand?
A guide to GNU/Linux partitioning:
http://kmself.home.netcom.com/Linux/FAQs/partition.html
Attachment:
pgpbIOlDzPNwV.pgp
Description: PGP signature