More SPAM? - RESOLVED!!!
Mike Kercher
mike at CAMAROSS.NET
Wed Nov 12 14:50:19 GMT 2003
Osirusoft needs to come out since it's dead!
Mike
> -----Original Message-----
> From: MailScanner mailing list
> [mailto:MAILSCANNER at JISCMAIL.AC.UK] On Behalf Of Devon Harding - GTHLA
> Sent: Wednesday, November 12, 2003 8:46 AM
> To: MAILSCANNER at JISCMAIL.AC.UK
> Subject: Re: More SPAM? - RESOLVED!!!
>
> ORDB-RBL osirusoft.com spamhaus.org spamcop.net
>
> But osirusoft.com times out a lot, so I don't think it's up.
>
> -Devon
>
> -----Original Message-----
> From: Chris Trudeau [mailto:chris at TRUDEAU.ORG]
> Sent: Wednesday, November 12, 2003 9:42 AM
> To: MAILSCANNER at JISCMAIL.AC.UK
> Subject: Re: More SPAM? - RESOLVED!!!
>
> Just out of curiosity, which RBLs are you using and are using
> them within SpamAssassin OR within MailScanner?
>
> CT
>
> ----- Original Message -----
> From: "Devon Harding - GTHLA" <DHarding at GILATLA.COM>
> To: <MAILSCANNER at JISCMAIL.AC.UK>
> Sent: Wednesday, November 12, 2003 9:31 AM
> Subject: Re: More SPAM? - RESOLVED!!!
>
>
> Installed razor-agent-2.36 and whalla!!!
>
> Example daily result:
> No MailScanner/SpamAssassin: 67 SPAM Messages
> MS/SA (2 RBLs) 22 SPAM Messages
> MS/SA (4 RBLs) 17 SPAM Messages
> MS/SA (4 RBLs) + Razor-agent 2 SPAM Messages
>
> http://razor.sourceforge.net/
>
> I think razor-agent should be in the MailScanner installation guides,
> otherwise I would not have found out about it if I didn't
> subscribe to this
> mailing list.
>
> -Devon
>
>
> -----Original Message-----
> From: Denis Beauchemin [mailto:Denis.Beauchemin at USHERBROOKE.CA]
> Sent: Monday, November 10, 2003 2:51 PM
> To: MAILSCANNER at JISCMAIL.AC.UK
> Subject: Re: More SPAM?
>
> Hello everyone,
>
> David While has put my script on his website. It is complete with a
> discussion board.
>
> Great job David.
>
> It is at:
> http://www.while.homeunix.net/spamstorm
>
> Denis
>
> Le ven 07/11/2003 à 10:06, Denis Beauchemin a écrit :
> > Hi,
> >
> > We've had those compromised Windows also and it really put
> a high load
> > (and big backlog) on our MS servers.
> >
> > I wrote a Perl script that watches my maillog every 5
> minutes (root's
> > crontab) and if there are more than 80% of incoming mail from one IP
> > address it blocks it in ipchains/iptables, stops MS and sendmail,
> > removes all undelivered mail containing that IP address
> from the spool
> > directories, restarts MS (and sendmail) and sends an email to our
> > security group about it.
> >
> > It works fine on our RH 7.3 and 9 systems.
> >
> > If anyone is interested, I can post it.
> >
> > Denis
> > Le ven 07/11/2003 à 09:43, Jeff A. Earickson a écrit :
> > > Hi,
> > > I too have noticed a that a lot more spam is getting thru in the
> > > past month or two (my setup: RBL+, spamcop, spamhaus, local lists
> > > for sendmail RBL; SA 2.60 and razor within MS 4.24-5;
> more procmail
> > > rules downstream via junkfilter).
> > >
> > > One trend that I find alarming is spam trojans that get
> installed on
> > > Windoze desktop clients when people click on these "free"
> downloads
> > > from porn sites. We have had a half-dozen machines on campus this
> > > semester that have had trojans that spew spam to the
> world. The remote
> > > spammers connect to their trojans via irc or http, and
> then dump the
> > > stuff either directly back out or via our mail server.
> They can move a
> > > lot of email this way real quick, from lots of machines,
> and it is hard
> > > to stop. When we get a report from spamcop or other
> victims, we have to
> kill
> > > the port connection and block the MAC address in DHCP when we can
> > > find the machine. Laptops drive us nuts with this problem.
> > >
> > > Our Windoze guru carefully examined one student machine that we
> > > kept having problems with (XP, fully patched, NO password
> set, doh!).
> > > Two randomly named dlls kept appearing in the process
> list after bootup.
> > > These guys could not be shut down, unloaded, permissions changed,
> nothing;
> > > not even when booted in safe mode. We couldn't even ftp them off
> > > the box to examine them elsewhere (always "text busy"). If their
> > > registry keys were removed, they came right back.
> > >
> > > If we put this box on a network with a sniffer running,
> we would see
> > > a short (encrypted) http connection coming from someplace
> in Eastern
> > > Europe a few minutes later, followed shortly thereafter
> by connections
> > > from all over the planet, and then the thing would start
> spewing spam
> > > bigtime.
> > >
> > > This hack was a real professional piece of work. We
> wanted to poke
> > > more, but the student wanted his machine back. He had to
> reformat the
> > > hard drive and reinstall the OS before we let him back on
> the network.
> > >
> > > I think this is the direction spam is going -- lots of hijacked
> > > PC's, very distributed spam output. True criminal
> activity by pros.
> Ugh.
> > >
> > > --- Jeff Earickson
> > > Colby College
> > >
> > > On Fri, 7 Nov 2003, Devon Harding - GTHLA wrote:
> > >
> > > > Date: Fri, 7 Nov 2003 09:09:59 -0500
> > > > From: Devon Harding - GTHLA <DHarding at GILATLA.COM>
> > > > Reply-To: MailScanner mailing list <MAILSCANNER at JISCMAIL.AC.UK>
> > > > To: MAILSCANNER at JISCMAIL.AC.UK
> > > > Subject: Re: More SPAM?
> > > >
> > > > I thought I was the only one. The SPAM has increased
> drastically in
> > > > these last two months.
> > > >
> > > > Currently running MS 4.23-5 and SA 2.60
> > > >
> > > > What can be done to reduce incoming spam?
> > > >
> > > > -Devon
> > > >
> > > > -----Original Message-----
> > > > From: Errol Neal [mailto:sysadmins at ENHTECH.COM]
> > > > Sent: Thursday, November 06, 2003 10:13 AM
> > > > To: MAILSCANNER at JISCMAIL.AC.UK
> > > > Subject: More SPAM?
> > > >
> > > > Is it just me, or has anyone else been having more spam make it
> through
> > > > the
> > > > MailScanners recently?
> > > >
> > > >
> > > > Errol Neal
> > > >
> --
> Denis Beauchemin, analyste
> Université de Sherbrooke, S.T.I.
> T: 819.821.8000x2252 F: 819.821.8045
>
More information about the MailScanner
mailing list