[clug] Re: Killing SPAMER/lurker - been there, want to do that...
E.
kane at areujoking.com
Fri Apr 21 08:33:18 GMT 2006
Or do a dirty, look up the MX record of the petsupermarket domain and do
some blockage.
Cheers,
E.
> -----Original Message-----
> From: linux-bounces+kane=areujoking.com at lists.samba.org
> [mailto:linux-bounces+kane=areujoking.com at lists.samba.org] On
> Behalf Of Kim Holburn
> Sent: Friday, 21 April 2006 12:15 PM
> To: paulway at mabula.net
> Cc: CLUG List
> Subject: Re: [clug] Re: Killing SPAMER/lurker - been there,
> want to do that...
>
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Hi Paul,
>
> After a couple of false starts I sent an individual email to
> everyone on the list (including digest readers which I see in
> hindsight was unnecessesary (sorry guys)) with their
> individual email address in the subject line. This worked,
> bingo I got the spammer's address.
>
> Yes, I talked to someone who administers the debian lists and
> he recognised the name petsupermarket straight away. Their
> problem ie their membership numbers are much larger than ours
> though. Your solutions 2 and 3 were nice but I went for the
> blanket approach which was much less work for me and more
> hassle for everyone else (sorry).
>
> The address was removed yesterday although may have been
> added back (I guess this post will test that!!!) maybe we
> should keep logs of member lists so we can narrow this down
> if it happens again!!!
>
> The address was found on other samba lists which have also
> suffered from this problem.
>
> Kim
>
> On 2006 Apr 21, at 11:23 AM, Paul Wayper wrote:
>
> > -----BEGIN PGP SIGNED MESSAGE-----
> > Hash: SHA1
> >
> > steve jenkin wrote:
> >> Could we collectively apply ourselves to solving this
> problem - for
> >> these guys and for any future spamers?
>
> Yes
>
> > I hate to say this, but I posted a/my solution to this to
> Tim Potter
> > and another guy who runs the Debian development lists (who have the
> > same problem) a while back now. It was:
> >
> > 1) petsupermarket is not on the list; so mail to the list must be
> > forwarded to it by another address. It's reasonable to
> assume that no
> > person that has posted to the list (excluding spammers) is
> doing this
> > forwarding.
> >
> > 2) So I went through the entire logs of the list and
> collected every
> > address that had sent at least two messages to the list. I then
> > removed duplicates (and any obvious spammer addresses) from
> this list.
> > This gives us a list of 'known good' addresses, which I
> forwarded to
> > Tim.
> >
> > 3) Only they have access to the full subscriber list. Subtract the
> > known good list from the address list and you have the people who
> > haven't posted at least twice to the list - a list of
> addresses that
> > are potentially forwarding mail to petsupermarket.
> >
> > 4) The mail people get back from petsupermarket includes
> the subject
> > line of the message you sent. Therefore, all you have to
> do is send
> > each of the suspect addresses an email with an individual
> subject line
> > - e.g. a unique identifier like a 32-bit number. Store identifiers
> > keyed to email addresses in a separate file, and when you get your
> > bounce, the subject line will tell you which email address it was
> > forwarded from. I also supplied Tim et al with a program that I'd
> > tested that would do just this.
> >
> > 5) I'm quite willing to do step 4 myself from my own
> account, but I do
> > not have the one thing that I need to do this all myself:
> the list of
> > subscribers.
> > If someone trusts me enough to forward me this, I will do
> the whole
> > thing myself and report back to everyone.
> >
> > I'm a little disappointed that (what I see as) the solution to this
> > problem has been in the hands of the people who can actually do
> > something about it, and nothing has actually been done. I've also
> > made the offer in item 5 before, too.
>
> The list of subscribers is available to all list members. I
> just did it as a list member and because I hate spammers...
> mumble mumble mumble....
>
> Maybe the list admins have lots of other things to do and let
> the situation stand but I didn't like it. Sometimes we all
> may have to work together to act in these things, not wait
> for someone else to do it!!!!
>
>
> > Have fun,
> >
> > Paul
> > -----BEGIN PGP SIGNATURE-----
> > Version: GnuPG v1.4.2.2 (GNU/Linux)
> > Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org
> >
> > iD8DBQFESDQmu7W0U8VsXYIRAsW/AKDCkiwn5tpCuW1+PRzSOOQ+CrNtIwCfaFdK
> > xy3Wv2VyvoJrvnHidIzFub0=
> > =kfJI
> > -----END PGP SIGNATURE-----
> > --
> > linux mailing list
> > linux at lists.samba.org
> > https://lists.samba.org/mailman/listinfo/linux
>
> - --
> Kim Holburn
> Security Manager, National ICT Australia Ltd.
> Ph: +61 2 61258620 M: +61 417820641 F: +61 2 6230 6121
> mailto:kim.holburn at nicta.com.au aim://kimholburn
> skype://kholburn - PGP Public Key on request Cacert Root
> Cert: http://www.cacert.org/cacert.crt Aust. Spam Act: To
> stop receiving mail from me: reply and let me know.
>
> Use ISO 8601 dates [YYYY-MM-DD]
> http://www.saqqara.demon.co.uk/ datefmt.htm Democracy imposed
> from without is the severest form of tyranny.
> -- Lloyd Biggle, Jr. Analog, Apr 1961
>
>
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.3 (Darwin)
>
> iD8DBQFESEBF38zqvCNRL3YRAvr6AKCwk5WgOyhI+PDowWWKxUtrATXJqgCgxfJ1
> /LlRJFNeWRmJt3g5h8JafjE=
> =tTw8
> -----END PGP SIGNATURE-----
> --
> linux mailing list
> linux at lists.samba.org
> https://lists.samba.org/mailman/listinfo/linux
>
More information about the linux
mailing list