[clug] Re: Killing SPAMER/lurker - been there, want to do that...

E. kane at areujoking.com
Fri Apr 21 08:33:18 GMT 2006 

Or do a dirty, look up the MX record of the petsupermarket domain and do
some blockage.
Cheers,
E. 

> -----Original Message-----
> From: linux-bounces+kane=areujoking.com at lists.samba.org 
> [mailto:linux-bounces+kane=areujoking.com at lists.samba.org] On 
> Behalf Of Kim Holburn
> Sent: Friday, 21 April 2006 12:15 PM
> To: paulway at mabula.net
> Cc: CLUG List
> Subject: Re: [clug] Re: Killing SPAMER/lurker - been there, 
> want to do that...
> 
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> Hi Paul,
> 
> After a couple of false starts I sent an individual email to 
> everyone on the list (including digest readers which I see in 
> hindsight was unnecessesary (sorry guys)) with their 
> individual email address in the subject line.  This worked, 
> bingo I got the spammer's address.
> 
> Yes, I talked to someone who administers the debian lists and 
> he recognised the name petsupermarket straight away.  Their 
> problem ie their membership numbers are much larger than ours 
> though.  Your solutions 2 and 3 were nice but I went for the 
> blanket approach which was much less work for me and more 
> hassle for everyone else (sorry).
> 
> The address was removed yesterday although may have been 
> added back (I guess this post will test that!!!) maybe we 
> should keep logs of member lists so we can narrow this down 
> if it happens again!!!
> 
> The address was found on other samba lists which have also 
> suffered from this problem.
> 
> Kim
> 
> On 2006 Apr 21, at 11:23 AM, Paul Wayper wrote:
> 
> > -----BEGIN PGP SIGNED MESSAGE-----
> > Hash: SHA1
> >
> > steve jenkin wrote:
> >> Could we collectively apply ourselves to solving this 
> problem - for 
> >> these guys and for any future spamers?
> 
> Yes
> 
> > I hate to say this, but I posted a/my solution to this to 
> Tim Potter 
> > and another guy who runs the Debian development lists (who have the 
> > same problem) a while back now.  It was:
> >
> > 1) petsupermarket is not on the list; so mail to the list must be 
> > forwarded to it by another address.  It's reasonable to 
> assume that no 
> > person that has posted to the list (excluding spammers) is 
> doing this 
> > forwarding.
> >
> > 2) So I went through the entire logs of the list and 
> collected every 
> > address that had sent at least two messages to the list.  I then 
> > removed duplicates (and any obvious spammer addresses) from 
> this list.  
> > This gives us a list of 'known good' addresses, which I 
> forwarded to 
> > Tim.
> >
> > 3) Only they have access to the full subscriber list.  Subtract the 
> > known good list from the address list and you have the people who 
> > haven't posted at least twice to the list - a list of 
> addresses that 
> > are potentially forwarding mail to petsupermarket.
> >
> > 4) The mail people get back from petsupermarket includes 
> the subject 
> > line of the message you sent.  Therefore, all you have to 
> do is send 
> > each of the suspect addresses an email with an individual 
> subject line 
> > - e.g. a unique identifier like a 32-bit number.  Store identifiers 
> > keyed to email addresses in a separate file, and when you get your 
> > bounce, the subject line will tell you which email address it was 
> > forwarded from.  I also supplied Tim et al with a program that I'd 
> > tested that would do just this.
> >
> > 5) I'm quite willing to do step 4 myself from my own 
> account, but I do 
> > not have the one thing that I need to do this all myself: 
> the list of 
> > subscribers.
> >  If someone trusts me enough to forward me this, I will do 
> the whole 
> > thing myself and report back to everyone.
> >
> > I'm a little disappointed that (what I see as) the solution to this 
> > problem has been in the hands of the people who can actually do 
> > something about it, and nothing has actually been done.  I've also 
> > made the offer in item 5 before, too.
> 
> The list of subscribers is available to all list members.  I 
> just did it as a list member and because I hate spammers... 
> mumble mumble mumble....
> 
> Maybe the list admins have lots of other things to do and let 
> the situation stand but I didn't like it.  Sometimes we all 
> may have to work together to act in these things, not wait 
> for someone else to do it!!!!
> 
> 
> > Have fun,
> >
> > Paul
> > -----BEGIN PGP SIGNATURE-----
> > Version: GnuPG v1.4.2.2 (GNU/Linux)
> > Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org
> >
> > iD8DBQFESDQmu7W0U8VsXYIRAsW/AKDCkiwn5tpCuW1+PRzSOOQ+CrNtIwCfaFdK
> > xy3Wv2VyvoJrvnHidIzFub0=
> > =kfJI
> > -----END PGP SIGNATURE-----
> > --
> > linux mailing list
> > linux at lists.samba.org
> > https://lists.samba.org/mailman/listinfo/linux
> 
> - --
> Kim Holburn
> Security Manager, National ICT Australia Ltd.
> Ph: +61 2 61258620 M: +61 417820641  F: +61 2 6230 6121 
> mailto:kim.holburn at nicta.com.au  aim://kimholburn 
> skype://kholburn - PGP Public Key on request Cacert Root 
> Cert: http://www.cacert.org/cacert.crt Aust. Spam Act: To 
> stop receiving mail from me: reply and let me know.
> 
> Use ISO 8601 dates [YYYY-MM-DD] 
> http://www.saqqara.demon.co.uk/ datefmt.htm Democracy imposed 
> from without is the severest form of tyranny.
>                            -- Lloyd Biggle, Jr. Analog, Apr 1961
> 
> 
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.3 (Darwin)
> 
> iD8DBQFESEBF38zqvCNRL3YRAvr6AKCwk5WgOyhI+PDowWWKxUtrATXJqgCgxfJ1
> /LlRJFNeWRmJt3g5h8JafjE=
> =tTw8
> -----END PGP SIGNATURE-----
> -- 
> linux mailing list
> linux at lists.samba.org
> https://lists.samba.org/mailman/listinfo/linux
>

More information about the linux mailing list