ORBS probes continue...
I'm still seeing ORBS probe-messages... when I spoke to Alan last he told me ORBS would probably die as a result of the QSI takeover the the MIS user base. Now, these probe-messages are from one of the offshore probes, so I am left to wonder, migjt ORBS life on, are these remote probes still running waitning to be turned down? --cw --------- To unsubscribe from nznog, send email to majordomo(a)list.waikato.ac.nz where the body of your message reads: unsubscribe nznog
It's moved, apparently: http://www.idg.net.nz/webhome.nsf/UNID/F53BB733AAAB9A18CC256A69007C48A1!open... On Tue, 26 Jun 2001, (Chris Wedgwood) wrote:
I'm still seeing ORBS probe-messages... when I spoke to Alan last he told me ORBS would probably die as a result of the QSI takeover the the MIS user base.
Now, these probe-messages are from one of the offshore probes, so I am left to wonder, migjt ORBS life on, are these remote probes still running waitning to be turned down?
--cw
--------- To unsubscribe from nznog, send email to majordomo(a)list.waikato.ac.nz where the body of your message reads: unsubscribe nznog
--------- To unsubscribe from nznog, send email to majordomo(a)list.waikato.ac.nz where the body of your message reads: unsubscribe nznog
On Tue, 26 Jun 2001, Simon Blake wrote:
It's moved, apparently:
http://www.idg.net.nz/webhome.nsf/UNID/F53BB733AAAB9A18CC256A69007C48A1!open...
Paul Brislen, who wrote that piece, tells me that ORBS is making a hydra-esque come-back. There are about half a dozen happy relay-scanners now who think theirs is the god-given right to annoy sysadmins across the world. Wonderful. -- Regards, Juha PGP fingerprint: B7E1 CC52 5FCA 9756 B502 10C8 4CD8 B066 12F3 9544 --------- To unsubscribe from nznog, send email to majordomo(a)list.waikato.ac.nz where the body of your message reads: unsubscribe nznog
Just a heads-up for other ISPs... It seems that PCWorld have included on a CD distributed with the magazine, a piece of software called BounceSpamMail. The user drops the offending message into it and it forges a bounce from postmaster(a)your.domain. Does wonder for the REAL postmaster account when the spammer's dropbox is invalid. Already, one of our users has been slapped down, and pointed to our AUP. Any comments on this one Juha? :-) --------- To unsubscribe from nznog, send email to majordomo(a)list.waikato.ac.nz where the body of your message reads: unsubscribe nznog
On Fri, 6 Jul 2001, Gordon Smith wrote:
Just a heads-up for other ISPs...
It seems that PCWorld have included on a CD distributed with the magazine, a piece of software called BounceSpamMail. The user drops the offending message into it and it forges a bounce from postmaster(a)your.domain. Does wonder for the REAL postmaster account when the spammer's dropbox is invalid.
Already, one of our users has been slapped down, and pointed to our AUP.
Any comments on this one Juha? :-)
Yes... I'm not doing the CDs. Unfortunately. Sigh. Will forward your message to the appropriate quarters. -- Regards, Juha PGP fingerprint: B7E1 CC52 5FCA 9756 B502 10C8 4CD8 B066 12F3 9544 --------- To unsubscribe from nznog, send email to majordomo(a)list.waikato.ac.nz where the body of your message reads: unsubscribe nznog
On Fri, Jul 06, 2001 at 09:21:21AM +1200, Gordon Smith wrote:
Just a heads-up for other ISPs...
It seems that PCWorld have included on a CD distributed with the magazine, a piece of software called BounceSpamMail. The user drops the offending message into it and it forges a bounce from postmaster(a)your.domain. Does wonder for the REAL postmaster account when the spammer's dropbox is invalid.
Its only of very limited effectiveness. Very little spammers use bounces and any kind of feedback, in fact, mostly (90%) the fake from header and envelope and use an open-relay. For those that deliver things directly, you really want the 'no user' thing to appear in the SMTP conversation after the RCPT TO: --- I use a map like this: helenbostic(a)bigfoot.com 550 No such user zeus(a)eldorado.es 550 No such user shib.org 550 No such user mgrader(a)mail.com 550 No such user mailman(a)dailysluts.com 550 No such user mailman(a)dailyamateurs.com 550 No such user mailman(a)sexynineteen.com 550 No such user owner-idno-discuss(a)titan.actrix.gen.nz 550 Someone please get a clue newsletters.microsoft.com 550 Moronic software detected hepburn.hsx.com 550 No such user spy2(a)post.com 550 No such user .hsx.com 550 No such user goshopping.com 550 No such user listsrv.hsx.com 550 No such user (yeah, I know its not optimal, I was fiddling at one point) Which seems to have stopped the main offenders, especially those pesky spammers from microsoft :) --cw --------- To unsubscribe from nznog, send email to majordomo(a)list.waikato.ac.nz where the body of your message reads: unsubscribe nznog
Cheers Chris, I'm using qmail with the MAPS RBL patches - seems to stop quite a bit. I discovered this one when a user thought they were being clever, and his forged bounce was bounced back to me.... :-( Hopefully, not too many will use it, or I'll have to look at parsing addresses before accepting. Just when you think something is idiotproof, they bring out a better grade of idiot... Cheers, Gordon --------- To unsubscribe from nznog, send email to majordomo(a)list.waikato.ac.nz where the body of your message reads: unsubscribe nznog
On Fri, 6 Jul 2001, Gordon Smith wrote:
Hopefully, not too many will use it, or I'll have to look at parsing addresses before accepting. Just when you think something is idiotproof, they bring out a better grade of idiot...
Please note that "they" in this case doesn't = "Juha". Anyway, I'm the highest grade idiot there is... should get certified really. ;-) -- Regards, Juha PGP fingerprint: B7E1 CC52 5FCA 9756 B502 10C8 4CD8 B066 12F3 9544 --------- To unsubscribe from nznog, send email to majordomo(a)list.waikato.ac.nz where the body of your message reads: unsubscribe nznog
Courier is a drop in replacement for qmail, and does non-existent-address rejection before accept - it threw over 90,000 bounces on the floor for me a few weeks ago, when some spambag in the states sent out mail with <some-random-text>@katipo.co.nz in the From: line. Cheers Si On Fri, Jul 06, 2001 at 12:56:00PM +1200, Gordon Smith said:
Cheers Chris,
I'm using qmail with the MAPS RBL patches - seems to stop quite a bit. I discovered this one when a user thought they were being clever, and his forged bounce was bounced back to me.... :-(
Hopefully, not too many will use it, or I'll have to look at parsing addresses before accepting. Just when you think something is idiotproof, they bring out a better grade of idiot...
Cheers, Gordon
--------- To unsubscribe from nznog, send email to majordomo(a)list.waikato.ac.nz where the body of your message reads: unsubscribe nznog
To unsubscribe from nznog, send email to majordomo(a)list.waikato.ac.nz where the body of your message reads: unsubscribe nznog
On Fri, Jul 06, 2001 at 01:48:24PM +1200, Simon Blake wrote:
Courier is a drop in replacement for qmail, and does non-existent-address rejection before accept - it threw over 90,000 bounces on the floor for me a few weeks ago, when some spambag in the states sent out mail with <some-random-text>@katipo.co.nz in the From: line.
The must have also set the envelope to <some-random-text>@katipo.co.nz for you to get bounces (al la DSN). If you are being smurfed, you want to dump things during the SMTP conversation if possible. Its been a long time since I had to deal with that, at the time it was in the sendmail says and I just hacked S98 to to it (I think, this was years ago literally). These days, there are much nicer ways of doing this, sendmail has something (dunno what) and postfix has several effective mechanisms which I use (mostly because I host a number of domains, none of which have webmaster@ or other common names, so to avoid spam I only accept mail for a few specific addresses and drop the rest). --cw --------- To unsubscribe from nznog, send email to majordomo(a)list.waikato.ac.nz where the body of your message reads: unsubscribe nznog
participants (4)
-
cw@f00f.org -
Gordon Smith -
Juha Saarinen -
Simon Blake