marketwatch.com
Yeah I'm not sure people are even checking these before reporting to me. But this is used by a LOT of financial spam. Legit site.
Chris Santerre System Admin and SARE Ninja http://www.rulesemporium.com 'It is not the strongest of the species that survives, not the most intelligent, but the one most responsive to change.' Charles Darwin
On Tuesday, May 25, 2004, 1:49:44 PM, Chris Santerre wrote:
marketwatch.com
Yeah I'm not sure people are even checking these before reporting to me. But this is used by a LOT of financial spam. Legit site.
Thanks Chris. I've whitelisted marketwatch.com. If you find any others to whitelist, please let me know.
Same goes for everyone!
Jeff C.
On Tuesday, May 25, 2004, 1:49:44 PM, Chris Santerre wrote:
marketwatch.com
Yeah I'm not sure people are even checking these before reporting to me. But this is used by a LOT of financial spam. Legit site.
Thanks Chris. I've whitelisted marketwatch.com. If you find any others to whitelist, please let me know.
I'm founding many spams with messagelabs.com as a secondary URL.
I'm not sure, but I think this isn't a spammer.
Same goes for everyone!
Jeff C.
Discuss mailing list Discuss@lists.surbl.org http://lists.surbl.org/mailman/listinfo/discuss
On Wednesday, May 26, 2004, 2:09:29 PM, Jose Cruz wrote:
I'm founding many spams with messagelabs.com as a secondary URL.
I'm not sure, but I think this isn't a spammer.
Thanks Jose. They look non-spammy to me so I've whitelisted the domain.
Anyone else seeing any others to whitelist?
Jeff C.
Hi all, On Wed, 26 May 2004, Jeff Chan wrote:
On Wednesday, May 26, 2004, 2:09:29 PM, Jose Cruz wrote:
I'm founding many spams with messagelabs.com as a secondary URL.
I'm not sure, but I think this isn't a spammer.
Thanks Jose. They look non-spammy to me so I've whitelisted the domain.
Anyone else seeing any others to whitelist?
We might have some when all the spamikaze users are tied together but I might come back on this in a later stage.
Another point or remark. At the surbl site it is mentioned that sendmail isn't aware of bodies. This isn't true for part of your conclusion. It is possible to check the body in sendmail but the problem is dat you will have to fetch the data block to do it. Then again, not getting spam in the users INBOX might also help.
A little file to help understand the above:
http://spamikaze.is-a-geek.org/sendmail-subjectblocking.txt
Reading the SubjMatchReject file will produce a 550.
The good thing about it is that you will not block the ipnumber like the surbl goal is stated on the site. The bad thing is that spamming sites will keep pumping data to the mta.
Kind regards,
Hans Wolters Spamikaze --
On Wednesday, May 26, 2004, 3:16:45 PM, hans hans wrote:
On Wed, 26 May 2004, Jeff Chan wrote:
Anyone else seeing any others to whitelist?
We might have some when all the spamikaze users are tied together but I might come back on this in a later stage.
Bitte. (Please.)
Another point or remark. At the surbl site it is mentioned that sendmail isn't aware of bodies. This isn't true for part of your conclusion. It is possible to check the body in sendmail but the problem is dat you will have to fetch the data block to do it. Then again, not getting spam in the users INBOX might also help.
Yes, milters can be used with sendmail to block on message bodies, but as you note it requires letting the data through. On the other hand regular RBLs can be used by the MTA to reject a lot of connections directly based only on headers. After passing RBLs the bodies need to be checked, and doing that with an MTA milter probably uses fewer resources than doing it in SpamAssassin, for example.
A little file to help understand the above:
Reading the SubjMatchReject file will produce a 550.
The good thing about it is that you will not block the ipnumber like the surbl goal is stated on the site. The bad thing is that spamming sites will keep pumping data to the mta.
Blocking on subjects is definitely interesting, but bodies are where the spam sites typically are.
Jeff C.
Jeff Chan wrote:
On Wednesday, May 26, 2004, 3:16:45 PM, hans hans wrote:
On Wed, 26 May 2004, Jeff Chan wrote:
Anyone else seeing any others to whitelist?
We might have some when all the spamikaze users are tied together but I might come back on this in a later stage.
Bitte. (Please.)
Another point or remark. At the surbl site it is mentioned that sendmail isn't aware of bodies. This isn't true for part of your conclusion. It is possible to check the body in sendmail but the problem is dat you will have to fetch the data block to do it. Then again, not getting spam in the users INBOX might also help.
Yes, milters can be used with sendmail to block on message bodies, but as you note it requires letting the data through. On the other hand regular RBLs can be used by the MTA to reject a lot of connections directly based only on headers. After passing RBLs the bodies need to be checked, and doing that with an MTA milter probably uses fewer resources than doing it in SpamAssassin, for example.
A little file to help understand the above:
Reading the SubjMatchReject file will produce a 550.
Not really...
SMTP protocol is based on a series of commands.
- EHLO - MAIL FROM - RCPT TO - DATA
Message body and ALL headers are inside DATA command. So, if you've decided to block the message, based on the Subject Header content, the MTA needs to receive ALL the message body, before sending the 550 answer to the smtp client. Even if it seems to you you've already said to the MTA that it shall reject the message. This isn't particular to sendmail, but defined at RFCs.
The good thing about it is that you will not block the ipnumber like the surbl goal is stated on the site. The bad thing is that spamming sites will keep pumping data to the mta.
Blocking on subjects is definitely interesting, but bodies are where the spam sites typically are.
Jeff C.
Discuss mailing list Discuss@lists.surbl.org http://lists.surbl.org/mailman/listinfo/discuss
On Thursday, May 27, 2004, 2:02:06 AM, Jose Cruz wrote:
Jeff Chan wrote:
On Wednesday, May 26, 2004, 3:16:45 PM, hans hans wrote:
On Wed, 26 May 2004, Jeff Chan wrote:
Another point or remark. At the surbl site it is mentioned that sendmail isn't aware of bodies. This isn't true for part of your conclusion. It is possible to check the body in sendmail but the problem is dat you will have to fetch the data block to do it. Then again, not getting spam in the users INBOX might also help.
Yes, milters can be used with sendmail to block on message bodies, but as you note it requires letting the data through. On the other hand regular RBLs can be used by the MTA to reject a lot of connections directly based only on headers. After passing RBLs the bodies need to be checked, and doing that with an MTA milter probably uses fewer resources than doing it in SpamAssassin, for example.
A little file to help understand the above:
Reading the SubjMatchReject file will produce a 550.
Not really...
SMTP protocol is based on a series of commands.
- EHLO
- MAIL FROM
- RCPT TO
- DATA
Message body and ALL headers are inside DATA command. So, if you've decided to block the message, based on the Subject Header content, the MTA needs to receive ALL the message body, before sending the 550 answer to the smtp client. Even if it seems to you you've already said to the MTA that it shall reject the message. This isn't particular to sendmail, but defined at RFCs.
Good point. I forgot that Subject is in the message body and not the headers as far as SMTP is concerned. Subject is only apparently included with the headers by MUAs. So if you've got the Subject line you could also process the rest of the body with SURBLs.
Jeff C.
-
Chris Santerre -
hans -
Jeff Chan -
Jose Marcio Martins da Cruz -
Jose Marcio Martins da Cruz