Re: MS mail bombs
On Sat, 2003-09-20 at 05:16, Michael C. wrote:
> In linux.debian.user, Ron Johnson <ron.l.johnson@cox.net> wrote:
> > On Sat, 2003-09-20 at 00:22, Steve Lamb wrote:
> > > On Fri, 19 Sep 2003 23:08:42 -0600
> > > "Walt L. Williams" <wwilliams@intergate.com> wrote:
> > > > Is there anyone else out there being mail bombed with emails
> > > > that look like there from M$? The rate at which their coming
> > > > is increasing exponentially.
> > >
> > > My solution has been exim4, exiscan-acl, clamav, spamassassin and liberal
> > > use of shorewall's blacklist.
> >
> > Does that prevent the emails from being downloaded from the ISP's
> > pop3 server in the 1st place?
>
> I asked this on alt.os.linux. I was told to search freshmeat.net for a
> perl script called "poppy." It will get headers only, and ask what you
> want to do with the mail one by one, but it also includes a script
> called spamkill, which does okay.
>
> I'm debugging some changes I made now. I tweaked it so if my email
> isn't in the To:, Cc:, or Bcc: header it should be considered spam.
>
> Right now To:, and Cc: both work.
Thanks.
> Any other headers that I need to check for?
>
> BTW my normal traffic had been 23-30 messages a day for about two weeks,
> it was close to half that 2 months ago. I know I've topped 350 in the
> last 24 hours.
>
> I wonder if this is a particularly nasty bug, or we're feeling the
> effects of Verisign's decision to claim *.com and *.net?
It's a new one called Swen.
--
-----------------------------------------------------------------
Ron Johnson, Jr. ron.l.johnson@cox.net
Jefferson, LA USA
"Whatever may be the moral ambiguities of the so-called
demoratic nations and however serious may be their failure to
conform perfectly to their democratic ideals, it is sheer moral
perversity to equate the inconsistencies of a democratic
civilization with the brutalities which modern tyrannical states
practice."
Reinhold Nieburhr, ca. 1940
Reply to: