Re: MS mail bombs

To: debian-user@lists.debian.org
Subject: Re: MS mail bombs
From: "Michael C." <mcsuper5@usol.com>
Date: Sat, 20 Sep 2003 14:12:55 -0400
Message-id: <[🔎] E1A0mE4-0000YX-00@jaguar>
Reply-to: mcsuper5@usol.com
In-reply-to: <xSME.3HX.9@gated-at.bofh.it>
References: <xNtx.3CD.7@gated-at.bofh.it> <xNtx.3CD.9@gated-at.bofh.it> <xNtx.3CD.11@gated-at.bofh.it> <xNtx.3CD.5@gated-at.bofh.it> <xSME.3HX.9@gated-at.bofh.it>

On Sat, 20 Sep 2003 18:30:16 +0200, csj <csj@zapo.net> wrote:
>  At Sat, 20 Sep 2003 06:16:31 -0400,
>  Michael C. wrote:
> > 
> > In linux.debian.user, Ron Johnson <ron.l.johnson@cox.net> wrote:
> > >  On Sat, 2003-09-20 at 00:22, Steve Lamb wrote:
> > > > On Fri, 19 Sep 2003 23:08:42 -0600
> > > > "Walt L. Williams" <wwilliams@intergate.com> wrote:
> > > > > Is there anyone else out there being mail bombed with emails
> > > > > that look like there from M$? The rate at which their coming 
> > > > > is increasing exponentially.
> > > > 
> > > >     My solution has been exim4, exiscan-acl, clamav,
> > > > spamassassin and liberal use of shorewall's blacklist.
> > >  
> > >  Does that prevent the emails from being downloaded from the ISP's
> > >  pop3 server in the 1st place?
> > 
> > I asked this on alt.os.linux.  I was told to search
> > freshmeat.net for a perl script called "poppy."  It will get
> > headers only, and ask what you want to do with the mail one by
> > one, but it also includes a script called spamkill, which does
> > okay.
> > 
> > I'm debugging some changes I made now.  I tweaked it so if my
> > email isn't in the To:, Cc:, or Bcc: header it should be
> > considered spam.
> > 
> > Right now To:, and Cc: both work.
> > 
> > Any other headers that I need to check for?
>  
>  Check for size.  Delete everything over 40K.
>  
My ISP thinks it's doing me a favor by removing windows executables and
throwing a virus warning in as an attachment in its place.  So most of
this junk is only around 15K but on dial-up it still bogs me down.

Since I'm doing the filtering myself now, I wish they'd leave it be.  I
never liked them modifying my headers.  Reading their headers it appears
they do use SA, if it trims anything I guess I wouldn't know.

The blocking windows executables is a nightmare too.  I spent a few
weeks helping a buddy with BASIC, I had to walk him through saving the
mail as *.bas, and editing it because he didn't want to install WinZip.

I tried getting an attached *.bas file that was stripped, and never
heard from them.  I can't imagine that these executables are actually
being stored.

I'm just glad I'm using Linux right now, I never learned vbs and I'd
sure hate to try to do all of this background stuff with bat files and
windows scheduler.

Michael C.
-- 
mcsuper5@usol.com http://mcsuper5.freeshell.org/
Registered Linux User #303915 http://counter.li.org/

Reply to:

Follow-Ups:
- Re: MS mail bombs
  - From: Geoff Thurman <geoffthur@ntlworld.com>

Prev by Date: Re: /etc/aliases
Next by Date: libpthreads problem in testing
Previous by thread: Re: MS mail bombs
Next by thread: Re: MS mail bombs
Index(es):
- Date
- Thread