You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@spamassassin.apache.org by Marc Perkel <ma...@perkel.com> on 2008/01/10 17:34:37 UTC

What MTAs to spammers (not) use?

Just a thought. I'm wondering if there are any clues the th received 
lines that indicate the MTA that might be used for spam detection, or 
rather ham detection. Do spammers ever use Exim, Qmail, Postfix?

Re: What MTAs to spammers (not) use?

Posted by Michelle Konzack <li...@freenet.de>.

Am 2008-01-16 20:16:34, schrieb Matus UHLAR - fantomas:
> so why are you asking procmail question in SA list? :)

 [X] I have not read the thread and jumped only in.

Thanks, Greetings and nice Day
    Michelle Konzack


-- 
Linux-User #280138 with the Linux Counter, http://counter.li.org/
##################### Debian GNU/Linux Consultant #####################
Michelle Konzack   Apt. 917                  ICQ #328449886
                   50, rue de Soultz         MSN LinuxMichi
0033/6/61925193    67100 Strasbourg/France   IRC #Debian (irc.icq.com)

Re: What MTAs to spammers (not) use?

Posted by Matus UHLAR - fantomas <uh...@fantomas.sk>.

> Am 2008-01-16 14:47:33, schrieb Matus UHLAR - fantomas:
> > why do you (not) use SpamAssassin at all?

On 16.01.08 20:08, Michelle Konzack wrote:
> Because it eat too much memory and procmail is arround 100 times faster?

so why are you asking procmail question in SA list? :)

Well, many MTA's are being faked by spammers, SA has checks for that which
are much more effective than this simple checks :)

> And since I have to call fetchmail too, spamassassin is integrated in
> the procmailrc

so you call SA even :) 
-- 
Matus UHLAR - fantomas, uhlar@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Atheism is a non-prophet organization.

Re: What MTAs to spammers (not) use?

Posted by Michelle Konzack <li...@freenet.de>.

Am 2008-01-16 14:47:33, schrieb Matus UHLAR - fantomas:
> why do you (not) use SpamAssassin at all?

Because it eat too much memory and procmail is arround 100 times faster?

And since I have to call fetchmail too, spamassassin is integrated in
the procmailrc

Thanks, Greetings and nice Day
    Michelle Konzack


-- 
Linux-User #280138 with the Linux Counter, http://counter.li.org/
##################### Debian GNU/Linux Consultant #####################
Michelle Konzack   Apt. 917                  ICQ #328449886
                   50, rue de Soultz         MSN LinuxMichi
0033/6/61925193    67100 Strasbourg/France   IRC #Debian (irc.icq.com)

Re: What MTAs to spammers (not) use?

Posted by Matus UHLAR - fantomas <uh...@fantomas.sk>.

> Am 2008-01-10 08:34:37, schrieb Marc Perkel:
> > Just a thought. I'm wondering if there are any clues the th received 
> > lines that indicate the MTA that might be used for spam detection, or 
> > rather ham detection. Do spammers ever use Exim, Qmail, Postfix?

On 12.01.08 13:28, Michelle Konzack wrote:
> In my procmailrc I have simple rules like:

> :0
> * ...<some_whitelist_stuff>...
> * ^Envelope-To:.*xxxxxxxxxxxxxxxxxxx@freenet\.de
> {
>   :0
>   * ^X-Mailer:.*Outlook
>   .ATTENTION.Outlook/
>   
>   :0
>   * ^X-Mailer:.*The Bat
>   .ATTENTION.The_Bat/
> }

why do you (not) use SpamAssassin at all?

-- 
Matus UHLAR - fantomas, uhlar@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Nothing is fool-proof to a talented fool.

Re: What MTAs to spammers (not) use?

Posted by Michelle Konzack <li...@freenet.de>.

Am 2008-01-10 08:34:37, schrieb Marc Perkel:
> Just a thought. I'm wondering if there are any clues the th received 
> lines that indicate the MTA that might be used for spam detection, or 
> rather ham detection. Do spammers ever use Exim, Qmail, Postfix?
------------------------- END OF REPLIED MESSAGE -------------------------

In my procmailrc I have simple rules like:

----8<------------------------------------------------------------------
:0
* ...<some_whitelist_stuff>...
* ^Envelope-To:.*xxxxxxxxxxxxxxxxxxx@freenet\.de
{
  :0
  * ^X-Mailer:.*Outlook
  .ATTENTION.Outlook/
  
  :0
  * ^X-Mailer:.*The Bat
  .ATTENTION.The_Bat/
}
----8<------------------------------------------------------------------

and it catch per day over 18.000 messages on ONE singel E-Mail
(which get currently per day arround 48.000 spams daily)

This is several times faster then spamassassin.

Thanks, Greetings and nice Day
    Michelle Konzack


-- 
Linux-User #280138 with the Linux Counter, http://counter.li.org/
##################### Debian GNU/Linux Consultant #####################
Michelle Konzack   Apt. 917                  ICQ #328449886
                   50, rue de Soultz         MSN LinuxMichi
0033/6/61925193    67100 Strasbourg/France   IRC #Debian (irc.icq.com)

Re: What MTAs to spammers (not) use?

Posted by Edward Francis Klimowicz <ed...@voicenet.com>.

Yes, spammers use every MTA available.  As well as webmail services, SMTP 
capable scripts, and hijacked accounts using legitimate mail servers.  It's 
likely impossible to get a statistically significant correlation between an 
MTA and spamminess of the mail the comes through it.  When you add to that the 
relative ease with which an admin can control service banners or other 
identifiers, it is not possible to 100% confirm guilt or innocence of a sender 
based only on the MTA they're using.

Personally, I've seen a stronger link between the actual client a mailer uses 
and their spamminess, rather than the MTA.

Now, there are some highly significant signs in received headers that can help 
nail down a likely guilty sender, but it's difficult to make a conclusive call 
on those signs alone.

That is, at least in my experience.

Marc Perkel wrote:
> Just a thought. I'm wondering if there are any clues the th received 
> lines that indicate the MTA that might be used for spam detection, or 
> rather ham detection. Do spammers ever use Exim, Qmail, Postfix?

Re: What MTAs to spammers (not) use?

Posted by Mike Jackson <mj...@barking-dog.net>.

> Just a thought. I'm wondering if there are any clues the th received 
> lines that indicate the MTA that might be used for spam detection, or 
> rather ham detection. Do spammers ever use Exim, Qmail, Postfix?

Yes, when they compromise someone's SMTP authentication and send with 
whatever they're using. At my job, I see that most often on Plesk 
servers (which use Qmail), but it happens on Postfix or Sendmail as well.