[Talk] Combatting spam (was: (no subject))

Greg 'groggy' Lehey Greg.Lehey at auug.org.au
Thu Aug 15 12:15:12 EST 2002 

On Thursday, 15 August 2002 at  9:25:30 +1000, David J N Begley wrote:
> On Wed, 14 Aug 2002, dr mariam abacha wrote:
>
>> Date: Wed, 14 Aug 2002 22:41:13 -0700
>> From: dr mariam abacha <ededeb at yahoo.com>
>> To: talk at auug.org.au
>> Subject: [Talk] (no subject)
>
> What was that about allowing every man and 'is dog to post to the AUUG "talk"
> mailing list?!  :-(

Well, we never allowed spammers to post to any of our lists.  Not that
they pay much attention.

> Couldn't it be "posts by list members only" (as distinct from the
> discussion over whether or not non-AUUG members could/should be able
> to join the "talk" list)?

Certainly that's a point for discussion.

> I know the traffic's low, but it's not going to increase with any
> value if this sort of crap is allowed through.  :-(

Well, if this were the only list to be targetted by spammers, you'd
have a point.  We need to keep a balance between spam and useful
content.  I'd recommend listening to Shane Hird's paper "Technical
Solutions for Controlling Spam" at the AUUG 2002 conference this year
(and while I'm on the subject, a reminder that you can "bring a mate"
and avoid the late fee if you register before next Tuesday.  See
http://www.auug.org.au/winter/auug2002/, where you can register
online).

There are ways to stop this kind of spam.  I didn't get the original
message, for example: it landed in my caughtspam folder because it
purported to come from yahoo.com, but didn't contain any yahoo
headers:

  Received: from pcug.org.au (supreme.pcug.org.au [203.10.76.34])
          by www.auug.org.au (Postfix) with ESMTP id 9EF6032859
          for <talk at auug.org.au>; Wed, 14 Aug 2002 19:06:38 +0930 (CST)
  Received: from yahoo.com (host-63-122-154-131.verestar.net [63.122.154.131])
          by pcug.org.au (8.12.2/8.12.2/TIP-2.20) with SMTP id g7E9a12O007136
          for <talk at auug.org.au>; Wed, 14 Aug 2002 19:36:15 +1000 (EST)
  Message-Id: <200208140936.g7E9a12O007136 at pcug.org.au>
  From: "dr mariam abacha" <ededeb at yahoo.com>

I catch this kind of message with the following procmail rules:

  :0
  * ^Received: .*mail[.a-z0-9]+yahoo.com \[
  /var/mail/grog
  
  :0
  * ^Received: .*mail.yahoo.co.jp (
  /var/mail/grog
  
  :0
  * ^Received: .*in.yahoo.com \[
  /var/mail/grog
  
  :0
  * ^From: .*@yahoo.co
  /home/grog/Mail/caughtspam

In other words, if they come from Yahoo! (first three rules), I accept
them, otherwise they go into caughtspam.

It's also interesting to note that this message camed from
verestar.net.  I have already noticed that there's a lot of spam
coming from them.  What do members think of blocking sites which send
too much spam?

Yet another interesting site is
http://www.noie.gov.au/Projects/consumer/Spam/Interim_Report/index.htm.
It invites interested parties to submit comments.  Should AUUG be
doing so?

Greg
--
See complete headers for address and phone numbers

More information about the Talk mailing list