SUMMARY: spam

From: Systems Admin (sysadmin@lvision.com)
Date: Tue Sep 09 1997 - 12:26:51 CDT


Original question:

How are you sysadmins coping with the recent barrage of SPAM mail? Is there
a list of sites that are known for this? Are there other methods than using
procmail to trash all junk mail? Need help.

Thanks to all that replied.

mfrisch@saturn.tlug.org
dbaker@wrangler.cuckoo.com
nickolai@zepa.net
rsk@itw.com
groenvel@cse.psu.edu
oyang@jove.fcit.monash.edu.au
rali@meitca.com
habicht@ims.uni-hannover.de
ca@informatik.uni-kiel.de
Michael.Neef@neuroinformatik.ruhr-uni-bochum.de
jbirtley@baesema.co.uk
SG@datcon.co.uk
boss@netcom.com
maraboli@dcsc.utfsm.cl
ric@rtd.com
marable@firefly.com
alejolo@sue.ideam.gov.co
chan@library.ucsf.edu
jasonm@vsl.com

Solutions/Comments:

=-=-=-=-=-

procmail for individual and site usage
with a list of spam sites that it looks for

=-=-=-=-=-

an addition in sendmail which denies all mail from specified sites

=-=-=-=-=-

Block rogue sites at the routers and convert your legacy MTA's to ones which
relay selectively. http://spam.abuse.net

=-=-=-=-=-

This is not a question specifically about the management of Sun
systems, and therefore it does not belong here. Please read the
FAQ carefully before sending any further questions.

=-=-=-=-=-

1. Look at http://spam.abuse.net/ for much information on the issue.
2. Look at www.sendmail.org for info on using sendmail.cf rules to filter spams.
3. Send me mail with "get proc-recipes" in the subject and get my procmail spam
filter recipes back (they catch what little gets thru the ideas in 1 & 2 ...)

=-=-=-=-=-

sendmail 8.8, see
http://www.informatik.uni-kiel.de/%7Eca/email/check.html
http://www.Sendmail.ORG/antispam.html
Other URLs about spam are:
<A HREF="http://spam.abuse.net/spam/">Fight Spam on the Internet!</A>

AOL
maintains a list of spammers, called
<A HREF="http://www.idot.aol.com/preferredmail/">PreferredMail(tm) List</A>.

The most infamous spammer is Sanford Wallace. There is even a FAQ about his
``company''
<A HREF="http://members.aol.com/macabrus/cpfaq.html">Cyberpromo</A>.

=-=-=-=-=-

there is a mailing list about spam issues (SPAM-L). Its FAQ is here:
http://www.ot.com/~dmuth/spam-l

=-=-=-=-=-

Check out http://www.dgl.com/docs/antispam.html

=-=-=-=-=-

sendmail 8 has routines that you can use to ban known spammers - by
domain or email address.
Check out check_compat at www.sendmail.org (i think it has a link to a
university in Germany)

=-=-=-=-=-

I upgraded to sendmail 8.8.7 (from ftp://ftp.sendmail.org) and also
grabbed the anti-relay code (keep spamers from going indirect thru
your site to hide their silliness), and the anti-spam code from
http://www.sendmail.org. I've been adding users and/or hosts to
the spammers database as needed.

=-=-=-=-=-

Either block them at your router or install anti-spam measures to
prevent people from using your mail server as a relay.

=-=-=-=-=-

There are two MTAs you can use: sendmail (htt://www.sendmail.org) or
exim (http://www.exim.org). The latter is a lot easier to configure by
hand if you have previous experiences with smail. The latter works
well with medium sized mailhosts (30,000 messages/day) and has many
anti-spam measures built-in. The former has the hooks, but the
anti-spam solutions available are mainly hacks as yet
(http://spam.abuse.net).

If you choose sendmail, you must use sendmail 8.8.7 or later as well
as link it to Berkeley DB 1.87 (http://www.sleepycat.com). There are
several issues on compiling sendmail and db in solaris treated in the
documentation. You need a little hack to make the resolver interfaces
work correctly (as well as the BIND 4.9.3 patch from sunsolve, no
escape). As well, you have to be careful not to compile ndbm support
into db nor install the ndbm interface files included with db in your
include directories. On the other hand, exim is almost a canned job
and has several attractive features (like a real time desktop monitor
and a built-in filter facility that allows you to dispense the need of
procmail for all but the most sophisticated mail groking, both
site-wide and user especific).

On spam lists, the anti-spam site above has several pointers. The most
up-to-date list of spamming domains (the professional people like
Cyber Promotions) is at http://www.idot.aol.com/.

=-=-=-=-=-

http://www.sprocket.com/Security/Stopping-UCE.html

=-=-=-=-=-

Procmail is the best solution. Sendmail 8.8.x can refuse mail if you
cannot reverse-lookup the domain name of the sender (so things like
9824982734@9273498234.com will bounce, but things like 9824982734@aol.com
will still bounce...).

There are people working on a real solution to the problem, but it's slow
going, and SMTP is a very old standard which will be hard to get everyone
to change. Hell, it's almost impossible to convince everyone to implement
the anti-relay-rape filters for 8.8.x!

=-=-=-=-=-

I'm using a patch to sendmail 8.8.6 called spamcan to filter all the junk
into one system wide trashcan. spamcan can be found in http://consult.ml.org
 
My spamcan.cf is:
 
productlink@earthlink\.com
sales@claythay\.com
keepmailing
x-advertisement
sexyhot
marathon4com
(^Subject:.*(free|making).*money)
fresh.*addresses
mega-mailer
ExtractorPro
((stealth|mass).*mailer)
corporate.*marketing.*lists
marketing.*make.*you.*rich
make.*money.*fast
health\.information\.news
mail.*for.*sale
million.*messages.*per.*hour
message.*millions.*hour
(^(From|To):.*[0-9]{8}@.*\.(org|net|com))
(cyber(market|shop|promo|gold))
e-mail.*marketing
((From|To):.*(sales|srhot|foryou|allvip|mailman|succeed|success|everyon|megaweb|
emailer|allinternetusers|market|4u|Friend)@.*\.(org|net|com))
((psi|sallynet|scholarship|shoppingplanet|answerme|onlineprofit|yourdomain|ispam
|devotion|quantcom|savetrees|nowhere|bank)\.(com|org))
^\$.*per.*month
^\$.*a.*minute
E-X-P-0-S-E
major.*credit.*card
--- CLOAKED! ---
Internet\.Mail\.Delivery
low.*cost.*service
(long.*distance.*(service|rates))
^([a-z]*[0-9]+@juno.com)
Adults Only
(international.*(rates|service))
VideoSex
(Floodgate.*(pro|bulk))
save.*over.*[0-9]+%
save the [a-z]+.*(!|\*).*(!|\*)
-0600 (EST)
root\@\[207\.124\.161
[38\.11\.102\.
t-1net
sympatico
it.earthlink.net
pub-ip.psi.net
lightcom.net
newhome.com

=-=-=-=-=-

i use elm to read email, and have an extensive filter partly created
from AOL's master spam list and partly from personal spam lists. I've
attached it at the bottom. unfortuantely spammers are getting smart;
they're creating fake email addresses from domain names that you can't
just filter out (juno.com, hotmail.com, aol.com, etc)...i don't have a
good solution for fixing those...
 
Surf to Aol's list:
http://www.idot.aol.com/preferredmail/
 
# Rule 1 -- SPAMSPAMSPAM
 
sas@mgtsolutions.com
mrchicken@toys.com
billy@aol.com
giiqeroa@aol.com
Terri@netup.cl
bizopps@power-agents.com
26202475@juno.com
money@lightningads.com
rusewoi@compuserve.com
wayne64@workload.com
mac634@Juno.com
que11331236@compuserve.com
webmaster@vst.net
kristi1793@eclipse.freemanchester.com
lionsroar@ascella.net
7447290@hotmail.com
mclc9813@aol.com
alternatives@alternativeproducts.com
picsmbiz@rapidconnect.com
kurt2@virtcity.com
GreatOpportunity@juno.com
@qlink2info.com
friends@tel-tech.com
signup@bonusmail.com
mail.msgcenter.net@mail.msgcenter.net
im007@falcon-es.com
surfboy@ns.sympatico.ca
3768_usme@rapidcnct.com
mereo@onlinebiz.net
james@worldnet.net
89521700@prodigy.com
ciufuupi@aol.com
stopspam@consumernet.com
remove@wholesale-direct.com
homebiz@pwrmarket.com
85889000@cyberbundle.net
lightwired@becsplace.com
78153062@rt66.com
picsmbiz@rapidconnect.com
team@development.net
business@boris.infomagic.com
tpoint.net
35600380@aol.com
gapaare@zeta.org.au
90471256@hotmail.com
pristine@mail.cdsnet.net
kditeman@earthlink.net
DKMENTER@sprintmail.com
40221405@hotmail.com
geniyisis@enterprise.net
baron@clara.net
floodgate
suahoudi@zeta.org.au
77411390@huntel.net
LIMITEDNUMBER@INCOME.COM
Kellys@t-1net.com
13465829@ecqual.net
emaster@email-man.com
39089264@usa.net
02062143@turboma.dyn.ml.org
sbliss@glenfinnan.com
mail@mailermachine.com
88428115@hotmail.com
40087304@usa.net
tehoweu@gosnet.com
Candy69X@ix.netcom.com
66949356@juno.com
biiopp@juno.com
dreamlove774@usa.net
sarah59@hotmail.com
success@gox.com
ertui4@infonet.com.br
franklin.usa1.com
Dear.Friend
freemoney999@hotmail.com
xzzpnrs.qqna@sprint.net
dreamsworthliving589@usa.net
homecom.net
mail1.livecybersluts.com
pwrnet.com
dragonindustries.com
10551650@juno.com
inet.it
dapco.com
howto@terrestrial.com
Companies@Juno.com
top@ascella.net
alf.tel.hr
76846418@aol.com
host@usa.com
gty28nhg8@netcom.net
4success@ynterpro.com
prose@quantcom.com
Susanlaney@aol.com
global@spica.net
sure@ynterpro.com
andrewr@earthfriends.com
santiago@inneraction.com
empower@sumter.awod.com
sbbs@mapsexpress.com
86277048@aol.com
valuebenefit@spica.net
markdan@gte.net
a8@ourlocation.com
readme@worldnet.com
36619644@netcom.net
zx325s7xv@sumter.awod.com
cash@foryou.net
danny7865@juno.com
wgrip@spica.net
Denterprises@hotmail.com
savetrees.com
cyber-broadcasting.com
cyberpromotions.com
interramp.com
1stfamily.com
usa.net
internetmedia.com
hooters.com
nectar.com.au
planet.eon.net
im_concepts
mail-response.com
MailMan
Vapor.net
valuplus.com
pornking.com
newsyoucanuse.com
xsend.com
ipo.net
address.com
aip.mk.ua
dynamic-resources.com
204.188.52.117
globalserve.net
byosys.net
opportunity@aol.com
earthfriends.com
rcomputer.com
investigations.com
ItsNew.com
isite2000.com
JUN0.COM
glenfinnan.com
moneytree
net-quest.com
netmang.com
t-1net.com
rd_enterprises
mary-world.com
 
# from aol
 
1floodgate.com
207.176.34.97
207.201.206.210
299.78.01.37.4
4yourbiz.std.com
ISPAM.COM
ISPAM.NET
Interconnectivity.com
Matata.Com
MoneyNow.com1
SteveC@aol.com
SteveCase@aol.com
all-domains.com
allvip.com
answerme.com
antevetzse.com
asxcom2.net
besenders.com
best-deal-magazines.com
bestbiz.net
bigdeal.net
bigfeet.net
bitb.net
bizimage.com
blastnet.comy
bmxi.com
brobro.com
bucsathom.std.com
bulkmail.net
casndrrasecret.com
ccom.com
cdemo.net
center4mail
cmestrip.com
cnn.net
cockring.com
cocktails-n-dreams.com
computerterms.com
consumermoney.com
cosmoderoux.com
crushnet.com
cvcom.net
cyberonline.com
cyberpromo.com
damsel.com
dekaetron.com
deliveryman.net
devoted2u.com
dm5d72.com
domaol.net
dontdelay.com
eager4u.com
email4you.com
emailad.smart.com
emailadvertisingusa.now
erotic4u.com
exoticbabes4u.com
extractor.com
fleamarket.net
flosenders.com
flsenders.com
forever.std.com
foryou.ca
freestuff4u.com
gatewayfin.com
gatewayfree.com
genuinedraft.com
getstartedhomebased.com
ghtr.net
globalfinan.com
globalfinc.com
globalfn.com
globalprosp.com
globalprosper.com
globaltech2000.com
gmgmarketing.com
goddesseswaiting.com
greatoffer.com
gtwinc.com
gwf.net
happytoseeu.com
hardview.com
heat4u.com
hmloan.com
hnclg.com
honeys.com
hotgrrls.com
hunks4u.com
ia173.com
iceberg.fijord.dirkensens.org.jp
imarketdirect.com
inetarm.com
inetcomm.net
instatpc.com
intcomm.net
intense4u.com
internet-ici.com
internet-income.com
intimatedesires.com
intmarkings.com
iporegistrationlink-122.com
iq-internet.com
justfouru.com
keepmailing.com
klundgren.com
knocking.net
letsmarket.com
lewd4u.com
livekinkysex.com
lowestprices.com
lust2thous.com
lust4u.com
luv2cu.com
magical-mail.com
mail.health.com
mail.justfouru.com
mail.ourpage.com
mail183.com
mail192.com
mail98.com
mailhub22.com
mailhubsend.com
mailman.com
mailout.com
mailout.net
mailout4u.com
mailpost6761.com
mandy.com
marketglobally.com
markettheworld.com
mass-email.com
matata.com
mdw.net
mesend.com
migasofterware.com
mirabilis.com
mirth.net
mlm-net.net
mmtx.com
mnetinc.com
moneyreports.com
moneyspider.com
mpowernet.com
mra4.com
msrnetworks.com
mxjca.com
mxtmil.com
nastymail.com
naury.com
netfree.com
netmail2000.com
netmailer2001.com
netresearch@megd.com
new.release.com
newguide.com
now89.com
nowhere.com
ntview.com
ntz.com
obscene4u.com
offshoremarketing.com
ooolalala.com
opseek.com
outmail.com
outmail.net
outmail4u.com
overtheair.com
papola.com
party6969.com
pathwayintl.com
peepshow.com
phoneworx.com
phsychicfriends.net
phychicfriend.com
phychicfriend.net
pleaseread.com
pleasure4u.com
plusisheref.com
plusisherefinally.com
porno4u.com
prepaidinternet.com
primedatasystems.com
pro1.net
progressfort.com
promail34.com
prosenders.com
prosteps.com
psychicfriend.net
psyychicfriends.net
publicmail33.com
publicmail39.net
pubmail22.com
pynet.com
pyruvateplusforyou.net
quantcom.com
rakkwzw.com
rasha.com
readytopartybaby.com
refill.now
remmo.net
replybyphone.com
respondback.com
returnmail.com
rorap.com
rrdse.com
s2mgs4.com
s2mrgsdnt4.com
sandkconsulting.com
delete
seinc.net
sensual4u.com
sensuousexotics.com
seriousincome.com
serveramerica.com
sexysearch.com
shoni.com
showuthemoney.com
snappy.com
softwareoutlet.worldnet.att.net
solmio.net
spamford.com
spicy4u.com
sua.net
suger.com
sultry4u.com
supergood.com
survus.com
svenska.net
sweeties.com
sweinc.com
swq4-g.net
takealook.com
taxhtr.com
taxshltr.com
teamwealth-ii.net
timesav.net
tosguard.com
troyfree.com
ultragrafix.com
underlig.com
utkform.com
vcity.net
vdocam.com
wealth.kit.net
webcreations.com
wedo2.com
wedo2.net
wedoit2.com
wwexchangepro.com
xps.com
xtc4u2c.com
xxdoe.net
y5gvrp.com
youget.com
youraccount.com
yourhealthisimportant.com
yrbizman.com
z6lpr8.com
zzdoe.net

=-=-=-=-=-



This archive was generated by hypermail 2.1.2 : Fri Sep 28 2001 - 23:12:02 CDT