RE: [nznog] "Captain Bob" and "^god"
----Original Message---- From: Juha Saarinen [mailto:juha(a)saarinen.org] Sent: Friday, 21 March 2003 10:36 AM To: Simon Lyall; nznog(a)list.waikato.ac.nz Subject: Re: [nznog] "Captain Bob" and "^god" [snip]
"The overheads are minimal. Captain Bob pays about $300 a month to maintain his server. He runs a Jetstart account ($65) to connect to his server which in turn connects to a high-capacity pipe out to the web."
Out to the Web? Not to mail servers?
A lot of SPAM is now going through misconfigured proxy servers using the CONNECT method. Apparently open mail relays don't cut it any more. -- Andrew This email with any attachments is confidential and may be subject to legal privilege. If it is not intended for you please reply immediately, destroy it and do not copy, disclose or use it in any way.
A lot of SPAM is now going through misconfigured proxy servers using the CONNECT method. Apparently open mail relays don't cut it any more.
Yes, we've just started using proxies.blackholes.wirehub.net after
looking at why we were swamped by spam again.
On the plus side it means that they must be running out of relays,
so we've got the little so and so's on the run.
jfp.
------------------------------------------------------------------------
Jean-Francois Pirus
A lot of SPAM is now going through misconfigured proxy servers using the CONNECT method. Apparently open mail relays don't cut it any more.
This is a primary reason why not many people use RBL's anymore except
for the handy dialups.mail-abuse.org. It's much more accurate to use
the likes of SpamAssasin at receipt time than simply reject receipts
based on RBL's.
Although that's probably not what the journalist meant. He probably
actually meant "the web" because in luddite consciousness the internet
is simply whatever is in that fancy looking "IE" window of theirs.
--
James Tyson
James Tyson wrote:
This is a primary reason why not many people use RBL's anymore except for the handy dialups.mail-abuse.org. It's much more accurate to use the likes of SpamAssasin at receipt time than simply reject receipts based on RBL's.
I have to disagree there -- somewhat. Had a single false positive here (a Korean manufacturer got caught up in my wholesale block of .kr) but otherwise, I'm a happy DNSBL camper. It's undoubtedly different for ISPs who probably can't say goodbye to all email from .ng for example. IDG's running SpamAssassin in tag-mode currently, and that seems to produce a lot of false positives. It's mostly due to PR agencies having a penchant for WRITING THINGS IN ALL CAPS etc. I'm sure you can tweak that out, but even so, SpamAssassin means you have to receive the message first, before filtering. Seems less wasteful to just drop'em early on in the connection. Correct me if I'm wrong here.
Although that's probably not what the journalist meant. He probably actually meant "the web" because in luddite consciousness the internet is simply whatever is in that fancy looking "IE" window of theirs.
;-) -- Juha
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
"The overheads are minimal. Captain Bob pays about $300 a month to maintain his server. He runs a Jetstart account ($65) to connect to his server which in turn connects to a high-capacity pipe out to the web."
Out to the Web? Not to mail servers?
A lot of SPAM is now going through misconfigured proxy servers using the CONNECT method. Apparently open mail relays don't cut it any more.
Undernet has a proxy scanner they've used for a long long time to scan for open proxies and preventing them to connect to their network to remove abusers. It has been highly effective and scans for HTTP, SOCKS4, SOCKS5 and Wingate proxies on a range of (configurable) ports. The scanner is fast (it has been clocked at over 100,000 scans an hour), and robust (The first thing that happens when you put a proxy scanner on an irc network is everyone attempts to DDoS the proxy scanner...) Information about it can be found here: http://pxys.sourceforge.net/doc/ I'm thinking about hacking this into libwrap (the tcp wrappers library) so that any wrapped daemon (such as a smtp server that supports tcp wrappers) would be able to deny access to anyone running an open proxy. Would people be interested in this? or would I be wasting my time? - -- Love the sea? I dote upon it -- from the beach. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) Comment: Only when you are sure they have you, can you stop being paranoid iD8DBQE+fG2BcAgRpy8z8UQRAoFqAKC+eBhdGI5L82V6rPRGJRtUE24LVgCfbFD9 3bKk/6oht9Ll5E1XJdEM2ko= =QEfZ -----END PGP SIGNATURE-----
participants (5)
-
James Tyson -
jfp -
Juha Saarinen -
perry@deeper.co.nz -
Stephen Andrew