Re: how to deal with spam

To: debian-user@lists.debian.org
Subject: Re: how to deal with spam
From: Stan Hoeppner <stan@hardwarefreak.com>
Date: Sat, 25 Feb 2012 12:13:46 -0600
Message-id: <[🔎] 4F4924DA.4090605@hardwarefreak.com>
Reply-to: stan@hardwarefreak.com
In-reply-to: <[🔎] 201202232050.26949.Martin@lichtvoll.de>
References: <20120223174443.DFEDD2BFDD@240plan.ovh.net> <[🔎] 4F4691CF.5070005@schwaz.net> (sfid-20120223_204308_344119_8004D9FC) (sfid-20120223_204308_344119_8004D9FC) (sfid-20120223_204308_344119_8004D9FC) <[🔎] 201202232050.26949.Martin@lichtvoll.de>

On 2/23/2012 1:50 PM, Martin Steigerwald wrote:

Hi Martin, fellow Debian, Postfix, and XFS user (small world).

> Please never ever again respond to spam on list. 

I'm surprised some people still do this.  Lack of education apparently.
 Again, never ever again respond to spam.  Not list spam nor direct
spam.  It's similar to pouring gasoline on a fire, i.e. you WILL get burned.

> I noticed this spam only 
> through your response. The actual spam has been filtered out by either 
> policyd-weight or crm114.

I doubt it was policyd-weight on your end, as it would have analyzed
HELO, MAIL FROM: and RCPT TO commands from the Debian list server, which
are all legit, not the info from the original sending MTA at OVH.
Additionally, the listserver itself uses policyd-weight and didn't
reject these (threshold to low?).  So I'd guess it was crm114, or
possible something else on your MTA that rejected/discarded.  You'd
obviously have to check.

> 1) Contact post/listmasters with some example spam mails including headers 
> and politely ask for adjusting spam filters. I think there is even a howto 
> on the debian pages.

Best option.

> 2) Contact abuse center of the provider where the spam originates.

This will be fruitless with OVH/Orange.  Especially if you send an email
composed in English.  In fact, in my experience, no French ISPs/NSPs
take action on spam complaints from anyone, even other Frenchman, let
alone read them.  Which is why I locally block many French ISP netblocks
WRT direct SMTP connections.  That and I don't speak French.  I
whitelist when/if necessary.  The only emails I receive directly from
French IP space are from members of the various FOSS lists I sub, such
as this one.  The rest is all spam.

> 3) Get yourself spam filtering technology that makes it unviable for 
> spammers to send spam. Like policyd-weight and crm114 that I mentioned. If 
> everyone does it, then the business model of spammers would work out 
> anymore.

All of this particular crap is spamvertising URLs in the message body.
Any body filter that does URL checking against uribl/surbl/dbl/ivmURI
will easily deal with these.  Apparently the Debian list serve/MX does
not take advantage of URL checking in SpamAssassin, or we'd never see
this junk.

-- 
Stan

Reply to:

References:
- Re: Petites annonces gratuites
  - From: Hans Vogelsberger <li.vog@schwaz.net>
- how to deal with spam (was: Re: Petites annonces gratuites)
  - From: Martin Steigerwald <Martin@lichtvoll.de>

Prev by Date: Testing and Flash card in Android phone
Next by Date: Mutt and HTML signatures
Previous by thread: Re: how to deal with spam (was: Re: Petites annonces gratuites)
Next by thread: live usb automatic boot parameters
Index(es):
- Date
- Thread