How do we kill spam to BLOGS on localhost?

Michael Freeman admin at thenamegame.com
Sun Dec 19 18:16:59 GMT 2004 

Actually, as mentioned, messages are being run though mailscanner but they
are not being caught. I can clearly see this in the header of each message
getting stuck in the queue. Here is an example.

Header;

143P Received: from mailnull by server7 with local (Exim 4.43)
        id 1CfCOM-000755-RP
        for b2 at www.lapl.xxx; Fri, 17 Dec 2004 02:19:10 -0500
031  Auto_submitted: auto-generated
061F From: Mail Delivery System <Mailer-Daemon at server7>
020T To: b2 at www.lapl.xxx
047  Subject: Mail failure - no recipient addresses
050I Message-Id: <E1CfCOM-000755-RP at server7>
038  Date: Fri, 17 Dec 2004 02:19:10 -0500
084  X-EfastServers-MailScanner-Information: Please contact the ISP for more
information
046  X-EfastServers-MailScanner: Found to be clean
040  X-EfastServers-MailScanner-SpamScore: 1
021  X-MailScanner-From:
034  X-MailScanner-To: b2 at www.lapl.xxx

This bounce indicates that these messages are passing though MS but the
score is very low so its not being caught.

Also, most of these msgs are being sent to a blank TO:

See:

To:
Subject: comment on post #18 ""
From: b2 at www.lapl.xxx
X-Mailer: b2 0.6.1 - PHP/4.3.9
Message-Id: <E1CfCOM-000754-Qk at srv08.primenet.cc>
X-rewrote-sender: nobody at server7
Date: Fri, 17 Dec 2004 02:19:10 -0500

New comment on your post #18.

author : online poker (IP: 129.121.3.248 , wnt248.vip.osogrande.com)
e-mail : msjqjlsp at a5618a2e7109df6683f8b7cca9a835518.com
url    : http://www.sindyhalliday.com
comment:
'Creation science' has not entered the curriculum for a reason so simple and
so basic that we often forget to mention it: because it is false, and
because good teachers understand exactly why it is false. What could be more
destructive of that most fragile yet most precious commodity in our entire
intellectual heritage - good teaching - than a bill forcing honorable
teachers to sully their sacred trust by granting equal treatment to a
doctrine not only known to be false, but calculated to undermine any general
understanding of science as an enterprise? by <a
href="http://www.sindyhalliday.com" title="online poker">online poker</a>

Notice the To field is blank. Is there a rule that can be added that catches
messages to to a blank to?

Blog is b2b.



-----Original Message-----
From: MailScanner mailing list [mailto:MAILSCANNER at JISCMAIL.AC.UK] On Behalf
Of Michele Neylon :: Blacknight Solutions
Sent: Sunday, December 19, 2004 12:38 PM
To: MAILSCANNER at JISCMAIL.AC.UK
Subject: Re: How do we kill spam to BLOGS on localhost?

Michael Freeman wrote:
> We have a number of users using BLOGS on their sites. The problem
> being that these sites are being targeted by spam comments. The
> problem being, MS is not catching them because it refers to these
> sites as being local. What settings do we need to make to MS to make
> sure it scans spam to local sites. Noticed in Bayes that it reduced
> the score by up to -2.73 just because the site was local. How can we
> force MS to scan all spam to local sites from comment spammers?

You didn't mention which blog software they are using.

Blog spam is very annoying, but has nothing to do with MailScanner really,
as the comments are posted to the blog and the email is then generated
server-side.

It might help to have a look at some of my mutterings on this:

http://www.mneylon.com/blog/archives/2004/12/15/more-blog-spam-solutions/

http://www.mneylon.com/blog/archives/2004/12/01/blog-spam/

If the users are using Movable Type there is very little you can do about it
except suggesting that they move to Wordpress :)

HTH

Michele

Mr Michele Neylon
Blacknight Internet Solutions Ltd
Hosting, co-location & domains
http://www.blacknight.ie/
Tel. +353 59 9137101
http://www.blacknight.ie/specialoffers.html

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

More information about the MailScanner mailing list