[clug] Re: Killing SPAMER/lurker - been there, want to do that...

Kim Holburn kim.holburn at nicta.com.au
Fri Apr 21 02:15:28 GMT 2006

Hash: SHA1

Hi Paul,

After a couple of false starts I sent an individual email to everyone  
on the list (including digest readers which I see in hindsight was  
unnecessesary (sorry guys)) with their individual email address in  
the subject line.  This worked, bingo I got the spammer's address.

Yes, I talked to someone who administers the debian lists and he  
recognised the name petsupermarket straight away.  Their problem ie  
their membership numbers are much larger than ours though.  Your  
solutions 2 and 3 were nice but I went for the blanket approach which  
was much less work for me and more hassle for everyone else (sorry).

The address was removed yesterday although may have been added back  
(I guess this post will test that!!!) maybe we should keep logs of  
member lists so we can narrow this down if it happens again!!!

The address was found on other samba lists which have also suffered  
from this problem.


On 2006 Apr 21, at 11:23 AM, Paul Wayper wrote:

> Hash: SHA1
> steve jenkin wrote:
>> Could we collectively apply ourselves to solving this problem - for
>> these guys and for any future spamers?


> I hate to say this, but I posted a/my solution to this to Tim  
> Potter and
> another guy who runs the Debian development lists (who have the  
> same problem)
> a while back now.  It was:
> 1) petsupermarket is not on the list; so mail to the list must be  
> forwarded to
> it by another address.  It's reasonable to assume that no person  
> that has
> posted to the list (excluding spammers) is doing this forwarding.
> 2) So I went through the entire logs of the list and collected  
> every address
> that had sent at least two messages to the list.  I then removed  
> duplicates
> (and any obvious spammer addresses) from this list.  This gives us  
> a list of
> 'known good' addresses, which I forwarded to Tim.
> 3) Only they have access to the full subscriber list.  Subtract the  
> known good
> list from the address list and you have the people who haven't  
> posted at least
> twice to the list - a list of addresses that are potentially  
> forwarding mail
> to petsupermarket.
> 4) The mail people get back from petsupermarket includes the  
> subject line of
> the message you sent.  Therefore, all you have to do is send each  
> of the
> suspect addresses an email with an individual subject line - e.g. a  
> unique
> identifier like a 32-bit number.  Store identifiers keyed to email  
> addresses
> in a separate file, and when you get your bounce, the subject line  
> will tell
> you which email address it was forwarded from.  I also supplied Tim  
> et al with
> a program that I'd tested that would do just this.
> 5) I'm quite willing to do step 4 myself from my own account, but I  
> do not
> have the one thing that I need to do this all myself: the list of  
> subscribers.
>  If someone trusts me enough to forward me this, I will do the  
> whole thing
> myself and report back to everyone.
> I'm a little disappointed that (what I see as) the solution to this  
> problem
> has been in the hands of the people who can actually do something  
> about it,
> and nothing has actually been done.  I've also made the offer in  
> item 5
> before, too.

The list of subscribers is available to all list members.  I just did  
it as a list member and because I hate spammers... mumble mumble  

Maybe the list admins have lots of other things to do and let the  
situation stand but I didn't like it.  Sometimes we all may have to  
work together to act in these things, not wait for someone else to do  

> Have fun,
> Paul
> Version: GnuPG v1.4.2.2 (GNU/Linux)
> Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org
> xy3Wv2VyvoJrvnHidIzFub0=
> =kfJI
> -- 
> linux mailing list
> linux at lists.samba.org
> https://lists.samba.org/mailman/listinfo/linux

- --
Kim Holburn
Security Manager, National ICT Australia Ltd.
Ph: +61 2 61258620 M: +61 417820641  F: +61 2 6230 6121
mailto:kim.holburn at nicta.com.au  aim://kimholburn
skype://kholburn - PGP Public Key on request
Cacert Root Cert: http://www.cacert.org/cacert.crt
Aust. Spam Act: To stop receiving mail from me: reply and let me know.

Use ISO 8601 dates [YYYY-MM-DD] http://www.saqqara.demon.co.uk/ 
Democracy imposed from without is the severest form of tyranny.
                           -- Lloyd Biggle, Jr. Analog, Apr 1961

Version: GnuPG v1.4.3 (Darwin)


More information about the linux mailing list