You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@spamassassin.apache.org by Marc Perkel <ma...@perkel.com> on 2008/01/10 17:34:37 UTC
What MTAs to spammers (not) use?
Just a thought. I'm wondering if there are any clues the th received
lines that indicate the MTA that might be used for spam detection, or
rather ham detection. Do spammers ever use Exim, Qmail, Postfix?
Re: What MTAs to spammers (not) use?
Posted by Michelle Konzack <li...@freenet.de>.
Am 2008-01-16 20:16:34, schrieb Matus UHLAR - fantomas:
> so why are you asking procmail question in SA list? :)
[X] I have not read the thread and jumped only in.
Thanks, Greetings and nice Day
Michelle Konzack
--
Linux-User #280138 with the Linux Counter, http://counter.li.org/
##################### Debian GNU/Linux Consultant #####################
Michelle Konzack Apt. 917 ICQ #328449886
50, rue de Soultz MSN LinuxMichi
0033/6/61925193 67100 Strasbourg/France IRC #Debian (irc.icq.com)
Re: What MTAs to spammers (not) use?
Posted by Matus UHLAR - fantomas <uh...@fantomas.sk>.
> Am 2008-01-16 14:47:33, schrieb Matus UHLAR - fantomas:
> > why do you (not) use SpamAssassin at all?
On 16.01.08 20:08, Michelle Konzack wrote:
> Because it eat too much memory and procmail is arround 100 times faster?
so why are you asking procmail question in SA list? :)
Well, many MTA's are being faked by spammers, SA has checks for that which
are much more effective than this simple checks :)
> And since I have to call fetchmail too, spamassassin is integrated in
> the procmailrc
so you call SA even :)
--
Matus UHLAR - fantomas, uhlar@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Atheism is a non-prophet organization.
Re: What MTAs to spammers (not) use?
Posted by Michelle Konzack <li...@freenet.de>.
Am 2008-01-16 14:47:33, schrieb Matus UHLAR - fantomas:
> why do you (not) use SpamAssassin at all?
Because it eat too much memory and procmail is arround 100 times faster?
And since I have to call fetchmail too, spamassassin is integrated in
the procmailrc
Thanks, Greetings and nice Day
Michelle Konzack
--
Linux-User #280138 with the Linux Counter, http://counter.li.org/
##################### Debian GNU/Linux Consultant #####################
Michelle Konzack Apt. 917 ICQ #328449886
50, rue de Soultz MSN LinuxMichi
0033/6/61925193 67100 Strasbourg/France IRC #Debian (irc.icq.com)
Re: What MTAs to spammers (not) use?
Posted by Matus UHLAR - fantomas <uh...@fantomas.sk>.
> Am 2008-01-10 08:34:37, schrieb Marc Perkel:
> > Just a thought. I'm wondering if there are any clues the th received
> > lines that indicate the MTA that might be used for spam detection, or
> > rather ham detection. Do spammers ever use Exim, Qmail, Postfix?
On 12.01.08 13:28, Michelle Konzack wrote:
> In my procmailrc I have simple rules like:
> :0
> * ...<some_whitelist_stuff>...
> * ^Envelope-To:.*xxxxxxxxxxxxxxxxxxx@freenet\.de
> {
> :0
> * ^X-Mailer:.*Outlook
> .ATTENTION.Outlook/
>
> :0
> * ^X-Mailer:.*The Bat
> .ATTENTION.The_Bat/
> }
why do you (not) use SpamAssassin at all?
--
Matus UHLAR - fantomas, uhlar@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Nothing is fool-proof to a talented fool.
Re: What MTAs to spammers (not) use?
Posted by Michelle Konzack <li...@freenet.de>.
Am 2008-01-10 08:34:37, schrieb Marc Perkel:
> Just a thought. I'm wondering if there are any clues the th received
> lines that indicate the MTA that might be used for spam detection, or
> rather ham detection. Do spammers ever use Exim, Qmail, Postfix?
------------------------- END OF REPLIED MESSAGE -------------------------
In my procmailrc I have simple rules like:
----8<------------------------------------------------------------------
:0
* ...<some_whitelist_stuff>...
* ^Envelope-To:.*xxxxxxxxxxxxxxxxxxx@freenet\.de
{
:0
* ^X-Mailer:.*Outlook
.ATTENTION.Outlook/
:0
* ^X-Mailer:.*The Bat
.ATTENTION.The_Bat/
}
----8<------------------------------------------------------------------
and it catch per day over 18.000 messages on ONE singel E-Mail
(which get currently per day arround 48.000 spams daily)
This is several times faster then spamassassin.
Thanks, Greetings and nice Day
Michelle Konzack
--
Linux-User #280138 with the Linux Counter, http://counter.li.org/
##################### Debian GNU/Linux Consultant #####################
Michelle Konzack Apt. 917 ICQ #328449886
50, rue de Soultz MSN LinuxMichi
0033/6/61925193 67100 Strasbourg/France IRC #Debian (irc.icq.com)
Re: What MTAs to spammers (not) use?
Posted by Edward Francis Klimowicz <ed...@voicenet.com>.
Yes, spammers use every MTA available. As well as webmail services, SMTP
capable scripts, and hijacked accounts using legitimate mail servers. It's
likely impossible to get a statistically significant correlation between an
MTA and spamminess of the mail the comes through it. When you add to that the
relative ease with which an admin can control service banners or other
identifiers, it is not possible to 100% confirm guilt or innocence of a sender
based only on the MTA they're using.
Personally, I've seen a stronger link between the actual client a mailer uses
and their spamminess, rather than the MTA.
Now, there are some highly significant signs in received headers that can help
nail down a likely guilty sender, but it's difficult to make a conclusive call
on those signs alone.
That is, at least in my experience.
Marc Perkel wrote:
> Just a thought. I'm wondering if there are any clues the th received
> lines that indicate the MTA that might be used for spam detection, or
> rather ham detection. Do spammers ever use Exim, Qmail, Postfix?
Re: What MTAs to spammers (not) use?
Posted by Mike Jackson <mj...@barking-dog.net>.
> Just a thought. I'm wondering if there are any clues the th received
> lines that indicate the MTA that might be used for spam detection, or
> rather ham detection. Do spammers ever use Exim, Qmail, Postfix?
Yes, when they compromise someone's SMTP authentication and send with
whatever they're using. At my job, I see that most often on Plesk
servers (which use Qmail), but it happens on Postfix or Sendmail as well.