Geeky Ramblings

Recently I noticed that there’s a lot of temporary files in the /tmp directory on my mail server … all the files have spamassassin in the file name. I figured that in some cases, SpamAssassin (or programs it calls) isn’t cleaning up properly.

I whipped up this script that will clean up any spamassassin files & directories that are older than a set number of minutes (60 in my case)…

#!/bin/sh

AGE=60

if [ "$1" == "--test" ]
then
        CMD="-exec echo"
        echo "$0: test mode"
else
        CMD="-exec"
fi

/usr/bin/find /tmp \
        -mmin +$AGE \
        -name spamassassin.ocr* \
        $CMD /bin/rm -f '{}' \;

/usr/bin/find /tmp \
        -maxdepth 1 \
        -mmin +$AGE \
        -type d \
        -name .spamassassin\* \
        $CMD /bin/rm -rf '{}' \;

If you run the script with a parameter of ‘–test’, it will just show the commands it would have executed.

I put the script in /etc/cron.hourly directory so it gets executed every hour.

Today … like most days … I received phishing spam … nothing new about that.

Just out of idle curiosity, I clicked on the link they indicated (a bogus E*Trade site) to see what it looked like … this is a screen shot of what I saw …

I have to tip my hat to Joshua Anderson, who runs afraid.org … his response to the phishing attempt was absolutely the best thing that could be done.

I wish other service providers responded in similar fashion.

[tags]phishing, spam, security, isp, tos[/tags]

For a while I’ve been using limited greylisting on my mail server with reasonably good success.

Last weekend I implemented site wide and I have to say the results are dramatic. The amount of spam (even low rated by spamassassin) has dropped off significantly.

Detailed information on greylisting can be found here, but in a nutshell:

Greylisting relies on the fact that spammers don’t use normal mail servers. Basically, the first time a mail server receives a mail delivery request, it responds with a soft failure … with a message indicating that greylisting is in effect and they should retry the delivery in certain amount of time (this is a human readable message, not machine readable). Since normal mail servers will accept this message and requeue the email for delivery, the email will then be delivered normally (probably on the next pass).

Spammers aren’t that persistent, so they just go on to their next target.

A good greylisting implementation retains the list of servers that have successfully delivered in a whitelist, so the next time they try to deliver there is no delay, the delay is only encountered once.

One downside of greylisting that I’ve found is that there is an increased chance of messages arriving out of order when a server tries it’s first message deliver. The reason is this … the first message delivery will be attempted and be rejected due to greylisting, if a different message delivery is attempted AFTER the greylisting delay has expired but BEFORE the first message is delivered, then the second message will be delivered and will be out of context.

I’ve got my mail server configured to greylist servers for only 2 minutes … so the next time the server tries to deliver, it’s almost certain to be successful.

I’m using milter-greylist with sendmail. It was easy to setup and works great.

[tags]spam, sendmail, greylisting, milter[/tags]

I’m wondering if anyone has actually gotten a satisfactory response from a major ISP after sending a report to their abuse department?

I’ve submitted a large number of abuse reports to SBC, Comcast, RoadRunner, etc … but have yet to get any satisfactory response at all. One report I submitted to SBC, via DSLReports SBC Direct forum got me some grief because they wanted me to Opt out first. My opinion, of course, was that I should never have been Opted In involuntarily in the first place.

A week or so ago I got an email from GoDaddy, my domain registrar, about a abuse report that was mistakenly reported against midrange.com … and they demanded a response within 24 hours … which I gave them (it was a total misunderstanding … someone was reporting spam against someone else hosted by GoDaddy … but the email they forwarded was misconstrued to be coming from midrange.com). Even though I responded well within the 24 hours they specified (I responded within 24 minutes), they did not respond back to me for more than a week. I had to send 3 requests for a response to get them to reply.

I guess the two questions I would like to see answered are …

1. Do ISP’s actually act on abuse reports?
2. If ISP’s do act on the abuse reports, do they respond to the reporter with a resolution?

My own experience is no to both.

[tags]Spam, email, ISP[/tags]

The federal government’s two-year-old anti-spam law is helping to cut back on unsolicited bulk e-mail, but more must be done to fight the problem. Those are the conclusions of a Federal Trade Commission report, released today, on how well the law is working.

- ABC News — Spam Slayer: FTC’s CAN-SPAM Report Card

Uh yeah … right.

I think the FTC needs to take a good long hard look at the internet again and rethink their statement.

CANSPAM did absolutely nothing … because the people sending spam are totally unconcerned about the laws of the U.S.

The spam my server receives has only INCREASED in the last year.

And, as long as the internet is unregulated, the spam will only continue to increase.

Please note: I am NOT advocating regulation of the internet.

If the government wants to put some legislation in place to help combat spam … put some penalties on running open relays, open proxies, and failure to implement anti-virus & anti-worm technologies on computers.

[tags]Spam, Government, FTC[/tags]

The first sign that a email message is spam: They assure you that it is not spam.

This is an official notification of the availability of a package deposited in your name and it is not a sales solicitation or SPAM.

ZDNet UK reported on Tuesday that spammers are latching on to the pope’s passing with a spam campaign pushing a bogus moneymaking scheme.

News.com: Spammers exploit pope’s death

And this surprises you?

I was wondering what took them so long.

According to the SpamHaus Project—a U.K.-based antispam compiler of blacklists that block 8 billion messages a day—a new piece of malicious software has been created that takes over a PC. This “zombie” computer is then used to send spam via the mail server of that PC’s Internet service provider. This means the junk mail appears to come from the ISP, making it very hard for an antispam blacklist to block it.

Zombie trick expected to send spam sky-high | CNET News.com

I was afraid something like this was going to happen.

Looks like authenticated mail relaying is going to be mandatory, even inside a network.

The only IP address that will be legitimate for unauthenticated relaying is 127.0.0.1 (localhost) and the mail servers own addresses.

This is a pretty cool idea … good idea to multi-task SpamAssassin.

IO ERROR � WordPress SpamAssassin Plugin

I’m going to have to give that a shot tonight.

Sigh

I’ve been getting hit with a lot of comment spam recently … pain in the a–.

I found a nifty plugin, however, that let’s me dump comment spam based on certian criteria. Pretty nice.

So far it has worked well … although I had some confusion when I was testing it … because I happened to get some new spam just before I implemented it. I thought the test spam had just been held for moderation instead of being dumped alltogether.

A bit of research, and another test, showed that the plugin was working fine.