Debora is a huge spammers!!!!

Randal, Phil prandal at herefordshire.gov.uk
Mon Nov 13 18:34:45 GMT 2006


grep -c "from=<deborah" maillog*
maillog:22
maillog.1:2421
maillog.2:2153
maillog.3:14
maillog.4:37

grep pattern constructed that way to eliminate the bounces and
repeatedly retried bounces.

However, MailWatch tells me that, thanks to successful greylisting,
since October 9th only 1149 deb's have made it to MailScanner, 144 of
whom where hammy (out of a total 873543 emails).

Cheers,

Phil
--
Phil Randal
Network Engineer
Herefordshire Council
Hereford, UK  

> -----Original Message-----
> From: mailscanner-bounces at lists.mailscanner.info 
> [mailto:mailscanner-bounces at lists.mailscanner.info] On Behalf 
> Of Rob Poe
> Sent: 13 November 2006 17:43
> To: MailScanner discussion; Martin Hepworth
> Subject: Re: Debora is a huge spammers!!!!
> 
> grep -c debora maillog*
> maillog:1364
> maillog.1:4611
> maillog.2:732
> maillog.3:4
> maillog.4:3
> 
> 
> 
> >>> Martin Hepworth <martinh at solidstatelogic.com> 11/13/2006 
> 3:05 AM >>>
> Michael S. wrote:
> > The huge increase in stock spam that everyone is seeing is 
> coming from 
> > the username that is consistently the same. Has anyone noticed?
> > 
> > These are different variations of the username@
> > 
> >  
> > 
> > deborahpessanha at bridportleisure.com 
> > <mailto:deborahpessanha at bridportleisure.com>
> > 
> > deborasalsano at brokermart.com <mailto:deborasalsano at brokermart.com>
> > 
> > deborahvw at brooksmetals.com <mailto:deborahvw at brooksmetals.com>
> > 
> >  
> > 
> > Etc. Notice the first 6 characters of every username being Debora?
> > 
> >  
> > 
> >  
> > 
> > Is there an exim rule that one can implement in exim.conf 
> for example 
> > that rejects all mail arriving from Debora??????@fakedomain.com 
> > <mailto:Debora??????@fakedomain.com>?
> > 
> >  
> > 
> > Id rather do this at SMTP time instead of allows MS to kill 
> it off as 
> > there are thousands and the less MS has to work the better.
> > 
> >  
> > 
> > Thanks
> > 
> Michael
> 
> trapping them nicely here without fuzzyocr or imageinfo..
> 
> 5.40	BAYES_99	Bayesian spam probability is 99 to 100%
> 4.00	DCC_CHECK	Listed in DCC 
> (http://rhyolite.com/anti-spam/dcc/)
> 0.77	DIGEST_MULTIPLE	Message hits more than one network digest check
> 1.25	HOST_EQ_IT	
> 0.50	RAZOR2_CF_RANGE_51_100	Razor2 gives confidence level above 50%
> 1.50	RAZOR2_CF_RANGE_E4_51_100	Razor2 gives engine 4 
> confidence level 
> above 50%
> 0.50	RAZOR2_CHECK	Listed in Razor2 (http://razor.sf.net/)
> 0.79	SARE_LWSHORTT	
> 1.66	SARE_MLB_Stock1	
> 1.66	SARE_MLB_Stock2	
> 1.66	SARE_MLB_Stock5	Mentions stock symbol, tickers, or OTC.
> 
> the SARE stocks rules is very useful here...
> -- 
> Martin Hepworth
> Senior Systems Administrator
> Solid State Logic
> Tel: +44 (0)1865 842300
> 
> **********************************************************************
> 
> This email and any files transmitted with it are confidential and
> intended solely for the use of the individual or entity to whom they
> are addressed. If you have received this email in error please notify
> the system manager.
> 
> This footnote confirms that this email message has been swept
> for the presence of computer viruses and is believed to be clean.	
> 
> **********************************************************************
> 
> -- 
> MailScanner mailing list
> mailscanner at lists.mailscanner.info 
> http://lists.mailscanner.info/mailman/listinfo/mailscanner 
> 
> Before posting, read http://wiki.mailscanner.info/posting 
> 
> Support MailScanner development - buy the book off the website! 
> 
> -- 
> MailScanner mailing list
> mailscanner at lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
> 
> Before posting, read http://wiki.mailscanner.info/posting
> 
> Support MailScanner development - buy the book off the website! 
> 


More information about the MailScanner mailing list