|
|
| Author |
Message |
| 25 new of 149 responses total. |
keesan
|
|
response 28 of 149:
| 
Jan 4 16:45 UTC 2006 |
Do the spammers use mail lists (available with Pine, don't know about other
mail programs)? Is there anything specific they do which can be restricted
to paying members without seriously interfering with mail use by other normal
users?
|
other
|
|
response 29 of 149:
|
Jan 5 16:23 UTC 2006 |
> If the time stamp is <= 24 hours old, just increment the message count
> for the sender and refuse to accept the message for processing. If
> the time stamp is more than 24 hours old, the message count is reset
> to 1 and the date stamp is set to the current time.
26: Don't you mean "If the time stamp is more than 24 hours old *and
the message count is higher than x*?
|
ric
|
|
response 30 of 149:
|
Jan 5 18:32 UTC 2006 |
let's say I wanted to use grex to send spam.
I'd create an account.
I'd upload a list of addresses... say 50,000 email addresses, one per line.
I'd create a text file with my spam message.
Then i'd run the following perl script:
##################################################
#!/usr/local/bin/perl
open(FH,"~/addresses.txt") or die;
while(<FH>) {
chomp;
system("cat ~/spam.txt | mail -s Spam $_");
}
close(<FH>);
##################################################
And poof. 50,000 spam messages go out.
That being said.. the only way I can think of to stop spam from happening
on grex is to unplug grex or disable outgoing mail.
you could reduce spam by creating a waiting period for access to email.
But I'd make it longer than 48 hours... a week, at least.
You could reduce it even more by allowing access to email ONLY to members.
Then a spammer would have to give money to grex and (theoretically) be
"verified" before they could send their spam.
A limitation of 50 outbound emails per day or even 100 outbound emails per
day per account would also be useful, combined with an ASCII CAPTCHA on
newuser *AND* the delay for access to outbound mail.
If a spammer wants to manually create 100 accounts, wait a week for each,
then send out 100 emails per day - each.... that'd be an awful lot of
work to send 10,000 messages per day. Easier to hack into someone's
unsecure version of Wordpress.
If, on top of the last step, you do some mail logging that reports how
many emails each user sends - per day - over a certain threshhold.. you
could eliminate those user accounts pretty easily.
|
keesan
|
|
response 31 of 149:
|
Jan 5 20:27 UTC 2006 |
Could grex automatically delete large mail lists, perhaps anything with more
than 100 @ signs in it?
|
steve
|
|
response 32 of 149:
|
Jan 6 00:14 UTC 2006 |
That doesn't solve the problem. Spammers typically send out N emails
with one person in each email. Some don't of course, but the recent
barrage of emails from AOL and .ro idiots does this, so that isn't a
solution.
|
tod
|
|
response 33 of 149:
|
Jan 6 00:29 UTC 2006 |
Romania is a country, not an ISP. Can you be a little more specific with
domain suffixes when you sling insults?
|
bhoward
|
|
response 34 of 149:
|
Jan 6 01:38 UTC 2006 |
First, correcting an editing error by rewording slightly what I
said in #25:
Each time a mail is sent, you hash on the senders login, retrieve
a record containing a message count and a date stamp. If the time
stamp in the record is <= 24 hours old, just increment the message
count for the sender and refuse to accept the message for processing
if the message count is over the 24 message limit. If the time
stamp in the record is more than 24 hours old, the message count
is reset to 1 and the date stamp is set to the current time.
Re#29 No, because the message count is a max of how many messages
they are allowed to send in a 24 hour period. If the next message
sent pushes them over the max message count, that is only a problem
if it has been less than 24 hours since the timestamp of the first
message.
The idea is that the first message starts a 24 hour count down.
That count should be reset once 24 hours has past but we don't
actually need to check until the next time they send a message.
|
eprom
|
|
response 35 of 149:
|
Jan 6 05:36 UTC 2006 |
I agree with a week long waiting period
|
bhoward
|
|
response 36 of 149:
|
Jan 6 06:23 UTC 2006 |
Typed-in twice, and still dropping words.
"...if the message count is over the 24 message limit"
should have read:
"...if the message count is over the 24 hour message limit"
|
naftee
|
|
response 37 of 149:
|
Jan 7 05:45 UTC 2006 |
El Senor Bruce da howard.
|
bhoward
|
|
response 38 of 149:
|
Jan 8 02:33 UTC 2006 |
(somehow it seems like there ought to be a sudden snap
of castanets when he says that...)
|
mcnally
|
|
response 39 of 149:
|
Jan 8 03:20 UTC 2006 |
Or a flourish of mariachi guitar..
|
aruba
|
|
response 40 of 149:
|
Jan 8 04:11 UTC 2006 |
Ole!
|
naftee
|
|
response 41 of 149:
|
Jan 8 04:36 UTC 2006 |
everybody dance !
|
aruba
|
|
response 42 of 149:
|
Jan 8 18:57 UTC 2006 |
Comcast is now blocking mail from Grex, which means I can't remind certain
members to renew their memberships.
|
keesan
|
|
response 43 of 149:
|
Jan 8 23:38 UTC 2006 |
Are we still on the RBL list?
Can we try not letting new users send outgoing mail for the first week, and
if that does not work, then try other things?
|
bhoward
|
|
response 44 of 149:
|
Jan 9 07:09 UTC 2006 |
We could declare a emergency moratorium on mail privileges for new
users but allow existing users to keep their mail privileges until
outbound mail limits can be implemented. Any spammers with existing
accounts would either lie low or quickly be identified and locked.
This might allow us a respite to get off the blacklists and focus
on fixing mail.
|
keesan
|
|
response 45 of 149:
|
Jan 9 14:23 UTC 2006 |
Is there a new spammer this week? Comcast at least lets you know why they
bounced your mail (RBL). Would it be fair to allow unlimited outbound mail
to members but only maybe 100K per day for others? Or would spammers find
some way to sign up for 1000 new addresses?
|
ric
|
|
response 46 of 149:
|
Jan 9 17:21 UTC 2006 |
You'd be surprised at how many spam messages you could fit into 100k.
|
ric
|
|
response 47 of 149:
|
Jan 9 17:26 UTC 2006 |
Oh, one thing you'll want to remember is that people could write a spam script
in perl, and execute it from the web, so the email would be generated by the
"nobody" "apache" or "httpd" user - depending on how apache is configured
here.
Ah, I see it's "www"
|
aruba
|
|
response 48 of 149:
|
Jan 10 02:41 UTC 2006 |
How could you execute a spam script from the web?
|
cross
|
|
response 49 of 149:
|
Jan 10 04:42 UTC 2006 |
Via a CGI script. Fortunately, I think grex is configured NOT to allow
normal users to execute CGI scripts out of their personal web directories.
|
albaugh
|
|
response 50 of 149:
|
Jan 10 17:13 UTC 2006 |
Is it not also possible, perhaps probable, that SPAM is being sent with a
spoofed from address of @cyberspace.org, and that is accounting for the
blacklisting? Or is the blacklisting smart enough to know where the mail
actually originated from?
|
krj
|
|
response 51 of 149:
|
Jan 10 17:36 UTC 2006 |
Nobody intelligent acts on the basis of a From: line in spam;
such lines are all presumed to be forged. Mail recipient
programs know the IP address they are receiving the mail from.
|
krj
|
|
response 52 of 149:
|
Jan 10 17:40 UTC 2006 |
If bhoward's proposal in resp:44 can be quickly implemented (with
user groups?), it should be done to buy staff time to work on a better
fix.
|