Fighting email spam and anti-UBE pointers
am 23.04.2006 06:22:09 von unknown
Archive-name: mail/anti-ube-pointer
Posting-Frequency: 2 times a month
Maintainer: Jari Aalto A T cante net
Announcement: "Bounces, Challenge-response systems, MTA, Bayesian tools (article pointer)"
Availability
FAQ archive is at http://www.faqs.org/faqs/
This message is an excerpt from bigger from Procmail Module
Library project's README.html document titled "Procmail
strategies against spam." available at
http://pm-lib.sourceforge.net/
The key points discussed in the document:
- Auto-replying or bouncing is considered a bad tactic
- MTA rejects can be abused and system administrators should
check their setup at least in regard to viruses.
- Challenge-Response system is based on false assumption that sender's
address can be used for authentication. It cannot and thus any C-R
system will contribute nothing else by amplifying the spam problem.
See picture http://pm-lib.sourceforge.net/pic/cr-system-joe-job.png
What should be done then?
- Bayesian tools are non-intrusive, harm no third parties
(in contrast to C-R), are easy to use and provide a good shelter.
- Battery of bayesian tools give even better shield due to
each program using a slightly different algorithm.
Many clarifying pictures are included:
- How address harvesting works
- How viruses should not be treated (at MTA level)
- Challenge-Response based authentication (overview)
- Challenge-Response system causing "Joe-Job"
- How MTA level UBE prevention works
- Procmail with battery of statistical tools
Table of contents:
1.0 Thoughts about increasing spam annoyance
1.1 Bouncing messages do no good
1.2 Rule based systems are not the solution
1.3 Challenge-Response systems make matters worse
1.3.1 Challenge-Response is not a doorbell but a
gun shooting decoys
1.3.2 Questioning Challenge-Response systems implementations
1.3.3 Summary - What are the effects of Challenge-Response
systems
1.4 Spam appearing in your yard - a story
2.0 A lightweight UBE block system with pure procmail
2.1 Suitable for accounts which ...
2.2 Where to put "pure procmail" UBE checks?
2.3 Using Procmail Module Library to fight spam
3.0 A heavyweight UBE blocking system
3.1 Advice for Debian Exim 4 mail system administrator
3.2 Advice for the normal account
3.3 Configuring Bayesian programs
3.4 A heavyweight spam catch setup using procmail
Some terminology
._UBE_ = Unsolicited Bulk Email
._UCE_ = (subset of UBE) Unsolicited Commercial Email
_Spam_ = Spam describes a particular kind of Usenet posting (and
canned spiced ham), but is now often used to describe many kinds of
inappropriate activities, including some email-related events. It
is technically incorrect to use "spam" to describe email abuse,
although attempting to correct the practice would amount to tilting
at windmills.
_Spam_ = definition by Erik Beckjord. "Some people decide that Spam
is anything you decide you want to ban if you can't handle the
intellectual load on a list." Remember, not to be confused with
real spam, which is unwanted bulk mail.
People are nowadays seeking a cure which will stop
or handle UBE. That can be easily done with procmail (under your
control) and with sendmail (by your sysadm). In order to select the
right strategy against UBE messages, you should read this section
and then decide how you will be using your procmail to deal with it.
Re: Fighting email spam and anti-UBE pointers
am 23.04.2006 11:14:23 von Alan Connor
On comp.mail.misc, in , " (Jari Aalto+mail.procmail)" wrote:
> Path: newsspool2.news.pas.earthlink.net!stamper.news.pas.earthlink .net!stamper.news.atl.earthlink.net!elnk-atl-nf2!newsfeed.ea rthlink.net!nx01.iad01.newshosting.com!newshosting.com!198.1 86.190.250.MISMATCH!transit3.readnews.com!news-out.readnews. com!panix!bloom-beacon.mit.edu!senator-bedfellow.mit.edu!dre aderd!not-for-mail
> Message-ID:
> Supersedes:
> Expires: 22 May 2006 04:21:46 GMT
> X-Last-Updated: 2004/11/05
> Organization: none
Note the above. That's important. This is just some guy posting
an official _looking_ document on the Usenet.
Anyone could do it.
> From: (Jari Aalto+mail.procmail)
> Subject: Fighting email spam and anti-UBE pointers
> Newsgroups: comp.mail.misc,comp.answers,news.answers
The last two are moderated, post-only groups that will not
publish a rebuttal to this document.
comp.answers and news.answers
Which is a complete outrage.
I no longer even bother subscribing to those groups because
I no longer trust the information they publish.
In fact, almost no one subscribes to those groups.
Once upon a time, you could trust them, but no longer.
I had to remove them from the Newgroups header because they
would kill my article without passing it along to the other
groups on the line.
Which is _way_ wrong. They should just refuse to post it
on _their_ groups but pass it along to others.
Like I said: They are not to be trusted.
> Approved: news-answers-request AT MIT.EDU
> Followup-To: poster
> Precedence: bulk
A header only seen in spam that has no place here.
Ingrained habits die hard...
> Originator: faqserv@penguin-lust.mit.edu
> Date: 23 Apr 2006 04:22:09 GMT
> Lines: 90
> NNTP-Posting-Host: penguin-lust.mit.edu
> X-Trace: 1145766129 senator-bedfellow.mit.edu 572 18.181.0.29
> Xref: news.earthlink.net comp.mail.misc:77187 comp.answers:46369 news.answers:225079
> X-Received-Date: Sat, 22 Apr 2006 21:22:10 PDT (newsspool2.news.pas.earthlink.net)
>
>
Note that I have been calling "Jari Aalto" a "spammer" for years,on dozens and dozens of newsgroups.
He doesn't sue me for libel because there is no such person.
A person that doesnt' exist can't sue anyone.
And if he revealed who he really was, it would be easy to
investigate his activities....
Note also that the fact that this disinformation bulletin
includes links to documents on procmail.org means nothing.
Many spammers belong to that organization. They have to be able
to beat the traditional procmail spam filters too...
Many mailadmins are spammers on the one hand and seeming
spamfighters on the other.
Hard to make enough money to live selling mail accounts for $4
dollars a month (when so many are available for free)....And they
know more about spam filters than anyone...
>
> Archive-name: mail/anti-ube-pointer
> Posting-Frequency: 2 times a month
> Maintainer: Jari Aalto A T cante net
>
> Announcement: "Bounces, Challenge-response systems, MTA,
> Bayesian tools (article pointer)"
>
> Availability
>
> FAQ archive is at http://www.faqs.org/faqs/
>
> This message is an excerpt from bigger from Procmail
> Module Library project's README.html document titled
> "Procmail strategies against spam." available at
> http://pm-lib.sourceforge.net/
>
> The key points discussed in the document:
>
> - Auto-replying or bouncing is considered a bad tactic
> - MTA rejects can be abused and system administrators
> should check their setup at least in regard to viruses.
> - Challenge-Response system is based on false assumption
> that sender's address can be used for authentication. It
> cannot and thus any C-R system will contribute nothing
> else by amplifying the spam problem.
>
Garbage. Lies and distortions. Spammers (and trolls) _really_
hate Challenge-Response systems because they can't beat them, and
they don't want you to use them.
>See picture http://pm-lib.sourceforge.net/pic/cr-system-joe-job.png
If you are wondering why that makes no sense, it is because it
doesn't.
> What should be done then?
>
> - Bayesian tools are non-intrusive, harm no third parties
> (in contrast to C-R), are easy to use and provide a good
> shelter. - Battery of bayesian tools give even better
> shield due to each program using a slightly different
> algorithm.
Except that they don't work and you need to be a geek to even
get them to work as poorly as they do.
They've been employed for years and the spam hasn't gone away,
has it? Far from it. But spammers like them because they
can beat them.
But people who use Challenge-Response systems don't get any
spam at all and don't have to be a geek.
How about that?
For a short introduction to the subject of C/R systems and some
useful links, see:
http://home.earthlink.net/~alanconnor/elrav1/cr.html
There's also an anti-C/R webpage put up by a notorious spammer
who sometimes uses the alias "Karsten M Self". I tried to
write a response to that webpage but the simple fact is that
it makes no sense at all.
He just posts psuedo-technical gibberish to confuse the non-geeksand repeats "Challenge-Response systems are bad" in a multitude
of ways.
Of course, finding out that spammers have no ethical
contstraints shouldn't be a surprise to anyone
They will _not_ enter into a public contest between their
favorite bayesian filters and C/R systems. Ever. Guaranteed.
They'll post their lies all day long but won't stand behind
them in the real world.
-------------------------------
I won't be reading any responses to this. Too many spammers
and trolls hang out on these group and I no longer allow them
to phukk with my head.
[Note: I don't read the articles of "Sam" or his numerous
sockpuppets or his 'friends', nor any responses to them, and
haven't for years. He follows me all over the Usenet, and I
still don't read his articles. This _really_ pisses him off.
.]
And if _you_ are a troll or spammer, you will stay out of
my newsreader and my mailboxes.
Note that the filter I use for Usenet mail (see below) is
not a C-R system. It's something I worked out to deal with
all the dimwit malicious trolls on the Usenet, not something
for general usage.
Alan
--
http://home.earthlink.net/~alanconnor/contact.html
Fanclub: http://www.pearlgates.net/nanae/kooks/ac/
Other URLs of possible interest in my headers.
Re: Fighting email spam and anti-UBE pointers
am 23.04.2006 15:55:00 von Sam
This is a MIME GnuPG-signed message. If you see this text, it means that
your E-mail or Usenet software does not support MIME signed messages.
The Internet standard for MIME PGP messages, RFC 2015, was published in 1996.
To open this message correctly you will need to install E-mail or Usenet
software that supports modern Internet standards.
--=_mimegpg-commodore.email-scan.com-31190-1145800499-0001
Content-Type: text/plain; format=flowed; charset="UTF-8"
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
X-Mime-Autoconverted: from 8bit to quoted-printable by mimegpg
Usenet Beavis writes:
> Note the above. That's important. This is just some guy posting
> an official _looking_ document on the Usenet.
>=20
> Anyone could do it.
Right. Now, posting utter drivel, and meaningless crap, is something tha=
t=20
only the Usenet Beavis claims exclusive rights to.
>=20
>> From: (Jari Aalto+mail.procmail)
>> Subject: Fighting email spam and anti-UBE pointers
>=20
>> Newsgroups: comp.mail.misc,comp.answers,news.answers
>=20
> The last two are moderated, post-only groups that will not
> publish a rebuttal to this document.
Awwwwâ=A6 Poor Beavis. He is unable to spread his written diarrhea =
where he=20
wants to.
> comp.answers and news.answers
>=20
> Which is a complete outrage.
Boo-hoo-hoo.
> I no longer even bother subscribing to those groups because
> I no longer trust the information they publish.
Here's a pop quiz, Beavis: who exactly axed you for a list of groups that=20
you've subscribed to, and why exactly do you believe that this is of such=20
vital importance, that you feel it necessary to shout this from the=20
rooftops?
> I had to remove them from the Newgroups header because they
> would kill my article without passing it along to the other
> groups on the line.
Oh the humanity, the humanity!
> Which is _way_ wrong. They should just refuse to post it
> on _their_ groups but pass it along to others.
Can't wait for Beavis to go ahead and develop Usenet2.
> Ingrained habits die hard...
Like your mental disorders.
> Note that I have been calling "Jari Aalto" a "spammer" for years,on doz=
ens and dozens of newsgroups.
>=20
> He doesn't sue me for libel because there is no such person.
Either that, or he believes -- along with the rest of the civilized world =
--=20
that nobody places any weight in the diatribes of someone who:
1) Claims to be friends with Bigfoot (http://tinyurl.com/23r3f)
2) Claims to be molested by Xena, the Warrior Princess (http://tinyurl.co=
m/2gjcy)
3) Claims to be a leader of an offshoot Heavens Gate cult (http://tinyurl=
..com/24jqm)
For libel to exist, you must actually succeed in defaming someone. Your=20
chances of defaming someone are about the same as of a rat squashing an=20
elephant.
It just does not compute.
> A person that doesnt' exist can't sue anyone.
A Usenet Beavis can't defame anyone either.
> And if he revealed who he really was, it would be easy to
> investigate his activities....
You first, Beavis.
> Note also that the fact that this disinformation bulletin=20
> includes links to documents on procmail.org means nothing.
It means nothing that you are capable of understanding.
> Many spammers belong to that organization. They have to be able
> to beat the traditional procmail spam filters too...
Another priceless Beavis kookfart.
> Many mailadmins are spammers on the one hand and seeming
> spamfighters on the other.
Translation: "my arse is still sore from that paddling I got several year=
s=20
ago from Earthlink's AUP/TOS enforcement."
> Hard to make enough money to live selling mail accounts for $4
> dollars a month (when so many are available for free)....And they
> know more about spam filters than anyone...
And you don't.
Q.E.D.
>> - Auto-replying or bouncing is considered a bad tactic
>> - MTA rejects can be abused and system administrators
>> should check their setup at least in regard to viruses.
>> - Challenge-Response system is based on false assumption
>> that sender's address can be used for authentication. It
>> cannot and thus any C-R system will contribute nothing
>> else by amplifying the spam problem.
>>
>=20
> Garbage. Lies and distortions.
Awww. Poor Beavis. He just can't deal with reality.
> Spammers (and trolls) _really_
> hate Challenge-Response systems because they can't beat them, and
> they don't want you to use them.
I concede that the Usenet Beavis is an expert on the subject of spammers =
and=20
trolls. His superior knowledge in this area is beyond reproach.
> If you are wondering why that makes no sense, it is because it
> doesn't.
And because Beavis wrote it.
>> - Bayesian tools are non-intrusive, harm no third parties
>> (in contrast to C-R), are easy to use and provide a good
>> shelter. - Battery of bayesian tools give even better
>> shield due to each program using a slightly different
>> algorithm.
>=20
> Except that they don't work
Yes they do, Beavis.
> and you need to be a geek to even
> get them to work as poorly as they do.
And that's the problem: you lack the sufficient cranial capacity to even =
be=20
a geek apprentice, so this is completely over your head. You don't even=20
understand what "Bayesian" means.
Your only response to this will be a loud proclamation that you did not r=
ead=20
this post. That's probably the most sophisticated answer that you are=20
capable of coming up with.
> They've been employed for years and the spam hasn't gone away,
For you, I'm sure it's not, since you have absolutely no clue how to=20
effectively filter spam.
> has it? Far from it. But spammers like them because they=20
> can beat them.
Spammers like dimwits like you, because they can fill your mailbox with=20
complete garbage and you have no idea how to stop it.
> But people who use Challenge-Response systems don't get any
> spam at all and don't have to be a geek.
People who use Challenge-Response get automatically blacklisted worldwide=
,=20
and end up turning into a Usenet Beavis, and posting crap to Usenet.
> How about that?
Wonders never cease.
> For a short introduction to the subject of C/R systems and some
> useful links, see:
>=20
> http://www.pearlgates.net/nanae/kooks/ac/
That's very informative, Beavis. Thanks for the tip.
> There's also an anti-C/R webpage put up by a notorious spammer
> who sometimes uses the alias "Karsten M Self". I tried to=20
> write a response to that webpage but the simple fact is that
> it makes no sense at all.
The problem, Beavis, is your mental disorder. It has reduced your IQ to =
the=20
average level of a turnip. Because of that, you cannot comprehend even t=
he=20
simplest facts of life, and you blame everyone else, except yourself, for=20
it.
> He just posts psuedo-technical gibberish to confuse the non-geeksand re=
peats "Challenge-Response systems are bad" in a multitude
> of ways.
You don't even understand the difference between "he" and "she".
And it doesn't take a lot to confuse you. A pair of bouncing balls will =
do=20
the trick.
> Of course, finding out that spammers have no ethical
> contstraints shouldn't be a surprise to anyone
Especially to the Usenet Beavis.
> They will _not_ enter into a public contest between their
> favorite bayesian filters and C/R systems. Ever. Guaranteed.
Because there are no effective "C/R systems", because nobody uses them.
> They'll post their lies all day long but won't stand behind
> them in the real world.
That's a perfect description of your own modus operandi.
> -------------------------------
>=20
> I won't be reading any responses to this.
Of course not, Beavis. You're deathly afraid that you'll screw up, I rep=
ort=20
you to Earthlink again, and the cancel your account.
> Too many spammers
> and trolls hang out on these group
So why are you here, Beavis? If this is a true, a fine, intelligent, and=20
smart fella like you shouldn't be caught dead, around here.
You must enjoy the company of spammers and trolls -- that's the only logi=
cal=20
conclusion.
> and I no longer allow them
> to phukk with my head.
Indeed, it's already phukked beyond all recognition.
> [Note: it's not my fault that I'm a complete dumbass. I was dropped on =
my
> head as a child. See http://www.pearlgates.net/nanae/kooks/ac/ for
> more information]
>=20
> And if _you_ are a troll or spammer, you will stay out of
> my newsreader and my mailboxes.
And if you are a Usenet Beavis, you will continue to post crap to this=20
group.
> Note that the filter I use for Usenet mail (see below) is
> not a C-R system.
Mark this day on the calendar, folks.
Today, Beavis, after hollering his guts out for a long time, praising the=20
virtues of challenge/response, finally admits that it doesn't work.
> It's something I worked out to deal with
> all the dimwit malicious trolls on the Usenet, not something
> for general usage.
I hope not.
>=20
> Beavis
>=20
--=_mimegpg-commodore.email-scan.com-31190-1145800499-0001
Content-Type: application/pgp-signature
Content-Transfer-Encoding: 7bit
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.2 (GNU/Linux)
iD8DBQBES4czx9p3GYHlUOIRAqxpAJsG7oAM6mBzi/EPi1k+a41x/Fv0hwCf Z/OR
EMDTaJkG0EED6cVrxhyGqYE=
=8FKk
-----END PGP SIGNATURE-----
--=_mimegpg-commodore.email-scan.com-31190-1145800499-0001--