Account # 555711L Spam

[Jeffrey Lee <je...@reflex8.com>]

Are they any rules to stop this type of spam? It is continually  
growing and doesnt ever let up.

Thanks,
Jeff

Re: Account # 555711L Spam

[Gene Heskett <ge...@verizon.net>]

On Sunday 24 July 2005 13:39, jdow wrote:
>From: "Gene Heskett" <ge...@verizon.net>
>
>> I wonder if perhaps earthlink is not the only ISP with that
>> problem. I have my vz prefs set to delete any detected spam as I
>> have now switched to a fetchmail based mail suck.
>>
>> Haveing a kmail problem the other day, I logged in via the webmail
>> at vz, and found 9 messages, all spam, sitting in the spam folder
>> there.
>>
>> So I checkmarked them to be deleted, and as I had the tech support
>> guy on my ear at the time, I noted that delete didn't, it just
>> moved the stuff to the trash folder.  That pulled my trigger and I
>> made it clear to the support drone that when I clicked on delete,
>> thats exactly what I intended to happen.  As vz is currently
>> setup, you then have to move to the trash folder, select them all
>> again, and click delete to be able to be truely rid of the wasted
>> space.
>
>That's web mail. I'm highly allergic to that "abortion". So I never
>use it. At one point, though, I had something even web mail could
>not repair. So the whole mail file at Earthlink had to be deleted.
>{^_^}

Chuckle, that makes 2 of us, Joanne.  Webmail, IMNSHO, is an invention 
by the marketing drones so they can feed you a bunch of commercials 
that apparently come with your mail & which OE will no doubt try to 
decode, thereby loading up your machine with yet another winderz 
viri.  I've opted out of that scene to the maximum available.

-- 
Cheers, Gene
"There are four boxes to be used in defense of liberty:
 soap, ballot, jury, and ammo. Please use in that order."
-Ed Howdershelt (Author)
99.35% setiathome rank, not too shabby for a WV hillbilly
Yahoo.com and AOL/TW attorneys please note, additions to the above
message by Gene Heskett are:
Copyright 2005 by Maurice Eugene Heskett, all rights reserved.

Re: Account # 555711L Spam

[Gene Heskett <ge...@verizon.net>]

On Sunday 24 July 2005 11:19, Loren Wilton wrote:
>> Haveing a kmail problem the other day, I logged in via the webmail
>> at vz, and found 9 messages, all spam, sitting in the spam folder
>> there.
>
>On Dirtlink (which seems from your description to be using the same
>near-useless webmail as vz) you have a few choices and a very few
> things that happen automatically:
>
>1    If you take the current default configuration, they will do a
> decent but not wonderful virus scan first.  They will automatically
> dump all pure virus messages with no sign that they did so.  If you
> want to know about these, you can turn on an incredibly innane
> option that will send you an email for each deleted virus email.

I haven't see such an option on vz's webmail screens.

>Any virus email that they can "partially clean" they dump into a
> holding tank and then send you an email per virus that they have
> "cleaned" this thing.  You CAN NOT turn off these stupid annoyance
> emails.  Fortunately these prnding virus bits are small and will be
> deleted in something like 7 days.

I've never to my knowledge received one of those.

>2    By default then then scan for spam.  I haven't had this turned
> on in a few months, but the last time I did it was really quite
> effective; and has been for about a year now.  Before that it was
> essentially useless, catching maybe 10% of the spam.
>
:)

>These spam mails go into the 'caught spam' folder, and DO NOT count
> against your mail quota.  They will be deleted after some not large
> number of days, 3-5 as I recall.

At vz, they do count against your total drive space used.  When I 
first signed up for DSL in april 2 years ago, I never looked at the 
webmail screens as I was fetching mail directly with kmail.  A month 
later the mail slowed to a trickle and then stopped.  This was back 
when you mailbox was a measly 10 megs, now its 30.  On calling tech 
support to see what the deal was, he had me log into the webmail and 
I had 10 megs worth of stuff sitting in the spam folder.

>3    You can move the spam into your real mail folder.  This
> re-mails it to you, but bypasses scanning.  The headers will be
> rather strange as a result of this forwarding.  Obviously this now
> counts against mail quota.
>
>4    You can delete the spam.  This doesn't 'delete', it works like
> a windows/mac machine and moves it to the 'deleted items' folder. 
> Now this deleted spam DOES count against your mail quota! 
> Fortunately the deleted items folder is really deleted after 7
> days, I think.  However, it is smart to click the 'empty trash'
> button that shows up here and there and jump through the assorted
> hoops necessary to get this crud really deleted.

It may be that they have a kill after "x" time setup, but its not 
mentioned.

>BTW, if you move something from deleted items back to inbox, it
> doesn't move it, it RE-SENDS it to you!  It will show up with new
> message numbers and get downloaded a second time by pop.
>
Oh cool, NOT!
>
>If you just accept the default configuration of virus and spam
> scanning and don't muck with the stuff, it is all reasonably
> transparent.  If you do like I do and disable one or both of these
> scans it is also reasonably transparent, but you get all the spams
> or virui, depending on your settings. (I leave the virus scan on
> and spam scan off.)

I have then both turned on, and set to delete.  But a lot of stuff 
gets thru anyway.  I haven't looked in the JunqueMail folder since 
about 5:30 this morning, 42 new messages, with about 38 labeled as 
spam by spamassassins spamd.  The other 4 fell thru my local sort 
filters and wind up being sorted to the JunqueMail folder too.  Once 
or twice a day I delete the ones labeled as spam, and feed the rest 
to the learn-spam tool.

>Normally your pop3 client will be set to delete the mail as soon as
> it is downloaded.  I tend to leave it there for about 5 days before
> deleting it with a handy little program I cobbled to do that, so I
> can get to webmail if I'm not at home, without having to turn off
> the home feed.
>
>OE will delete the mail from the feed for you, either immediately or
> after a period of time.  However, I have a double-level pop3 feed
> because SA sits in the middle on a linux box, so need to reach
> around this to delete the stuff from the main folder.  I have
> fetchmail set to not delete.  (I wish it had an option to delete
> after N days/hours, but it doesn't seem to.)
>
>        Loren

SA's not exactly in the middle here, its a slave to kmail's fetching 
by pipeing everything thru SA for suitable labelling before it hits 
my sort rules.  My firewall in only firewall, no mail proxies setup.

-- 
Cheers, Gene
"There are four boxes to be used in defense of liberty:
 soap, ballot, jury, and ammo. Please use in that order."
-Ed Howdershelt (Author)
99.35% setiathome rank, not too shabby for a WV hillbilly
Yahoo.com and AOL/TW attorneys please note, additions to the above
message by Gene Heskett are:
Copyright 2005 by Maurice Eugene Heskett, all rights reserved.

Re: Account # 555711L Spam

[Loren Wilton <lw...@earthlink.net>]

> Haveing a kmail problem the other day, I logged in via the webmail at
> vz, and found 9 messages, all spam, sitting in the spam folder there.

On Dirtlink (which seems from your description to be using the same
near-useless webmail as vz) you have a few choices and a very few things
that happen automatically:

1    If you take the current default configuration, they will do a decent
but not wonderful virus scan first.  They will automatically dump all pure
virus messages with no sign that they did so.  If you want to know about
these, you can turn on an incredibly innane option that will send you an
email for each deleted virus email.

Any virus email that they can "partially clean" they dump into a holding
tank and then send you an email per virus that they have "cleaned" this
thing.  You CAN NOT turn off these stupid annoyance emails.  Fortunately
these prnding virus bits are small and will be deleted in something like 7
days.

2    By default then then scan for spam.  I haven't had this turned on in a
few months, but the last time I did it was really quite effective; and has
been for about a year now.  Before that it was essentially useless, catching
maybe 10% of the spam.

These spam mails go into the 'caught spam' folder, and DO NOT count against
your mail quota.  They will be deleted after some not large number of days,
3-5 as I recall.

3    You can move the spam into your real mail folder.  This re-mails it to
you, but bypasses scanning.  The headers will be rather strange as a result
of this forwarding.  Obviously this now counts against mail quota.

4    You can delete the spam.  This doesn't 'delete', it works like a
windows/mac machine and moves it to the 'deleted items' folder.  Now this
deleted spam DOES count against your mail quota!  Fortunately the deleted
items folder is really deleted after 7 days, I think.  However, it is smart
to click the 'empty trash' button that shows up here and there and jump
through the assorted hoops necessary to get this crud really deleted.

BTW, if you move something from deleted items back to inbox, it doesn't move
it, it RE-SENDS it to you!  It will show up with new message numbers and get
downloaded a second time by pop.


If you just accept the default configuration of virus and spam scanning and
don't muck with the stuff, it is all reasonably transparent.  If you do like
I do and disable one or both of these scans it is also reasonably
transparent, but you get all the spams or virui, depending on your settings.
(I leave the virus scan on and spam scan off.)

Normally your pop3 client will be set to delete the mail as soon as it is
downloaded.  I tend to leave it there for about 5 days before deleting it
with a handy little program I cobbled to do that, so I can get to webmail if
I'm not at home, without having to turn off the home feed.

OE will delete the mail from the feed for you, either immediately or after a
period of time.  However, I have a double-level pop3 feed because SA sits in
the middle on a linux box, so need to reach around this to delete the stuff
from the main folder.  I have fetchmail set to not delete.  (I wish it had
an option to delete after N days/hours, but it doesn't seem to.)

        Loren

Re: Account # 555711L Spam

[jdow <jd...@earthlink.net>]

From: "Gene Heskett" <ge...@verizon.net>

> I wonder if perhaps earthlink is not the only ISP with that problem.  
> I have my vz prefs set to delete any detected spam as I have now 
> switched to a fetchmail based mail suck.
> 
> Haveing a kmail problem the other day, I logged in via the webmail at 
> vz, and found 9 messages, all spam, sitting in the spam folder there.
> 
> So I checkmarked them to be deleted, and as I had the tech support guy 
> on my ear at the time, I noted that delete didn't, it just moved the 
> stuff to the trash folder.  That pulled my trigger and I made it 
> clear to the support drone that when I clicked on delete, thats 
> exactly what I intended to happen.  As vz is currently setup, you 
> then have to move to the trash folder, select them all again, and 
> click delete to be able to be truely rid of the wasted space.

That's web mail. I'm highly allergic to that "abortion". So I never
use it. At one point, though, I had something even web mail could
not repair. So the whole mail file at Earthlink had to be deleted.
{^_^}

Re: Account # 555711L Spam

[Gene Heskett <ge...@verizon.net>]

On Saturday 23 July 2005 13:13, jdow wrote:
>From: "Jeffrey Lee" <je...@reflex8.com>
>
>> Are they any rules to stop this type of spam? It is continually
>> growing and doesnt ever let up.
>
>One thing I discovered is that these spams CAN upset the combination
>of fetchmail and the Earthlink pop3 server, NGPOPPER. (No Good
> POPper?)
>
>Until you manually telnet to the Earthlink server and delete the
> offending email you get mailboxes full of the message. Is this by
> any chance what you are seeing?
>
>And yes, there are rules that catch it. Every one has been marked
>spam here, quite handily.
>
>{^_^}

I wonder if perhaps earthlink is not the only ISP with that problem.  
I have my vz prefs set to delete any detected spam as I have now 
switched to a fetchmail based mail suck.

Haveing a kmail problem the other day, I logged in via the webmail at 
vz, and found 9 messages, all spam, sitting in the spam folder there.

So I checkmarked them to be deleted, and as I had the tech support guy 
on my ear at the time, I noted that delete didn't, it just moved the 
stuff to the trash folder.  That pulled my trigger and I made it 
clear to the support drone that when I clicked on delete, thats 
exactly what I intended to happen.  As vz is currently setup, you 
then have to move to the trash folder, select them all again, and 
click delete to be able to be truely rid of the wasted space.

-- 
Cheers, Gene
"There are four boxes to be used in defense of liberty:
 soap, ballot, jury, and ammo. Please use in that order."
-Ed Howdershelt (Author)
99.35% setiathome rank, not too shabby for a WV hillbilly
Yahoo.com and AOL/TW attorneys please note, additions to the above
message by Gene Heskett are:
Copyright 2005 by Maurice Eugene Heskett, all rights reserved.

Re: Account # 555711L Spam

[jdow <jd...@earthlink.net>]

From: "Jeffrey Lee" <je...@reflex8.com>


> Are they any rules to stop this type of spam? It is continually  
> growing and doesnt ever let up.

One thing I discovered is that these spams CAN upset the combination
of fetchmail and the Earthlink pop3 server, NGPOPPER. (No Good POPper?)

Until you manually telnet to the Earthlink server and delete the offending
email you get mailboxes full of the message. Is this by any chance what 
you are seeing?

And yes, there are rules that catch it. Every one has been marked
spam here, quite handily.

{^_^}

Re: Account # 555711L Spam

[Loren Wilton <lw...@earthlink.net>]

Hum.  I don't have any with that particular number, and the closest I found
in format was a mortgage spam that got 42 points and change.

        Loren

RE: Account # 555711L Spam

[Dave Duffner - PSCGi <we...@nwcweb.com>]

Jeffrey Lee wrote:
> Are they any rules to stop this type of spam? It is continually
> growing and doesnt ever let up.
> 
> Thanks,
> Jeff

	The Account #'s constantly change in batches, we tried
a few rulesets to nail them and they work for a small period
of time.  After that, more keep streaming in.

	Have found two things that seem to work effectively:

	#1 - Spamhaus.  We tweaked the MailScanner side of our
MS/SA package so that if a 'From' has 1 list hit it's Spam
and WAS delivered to the receipient as a UCE attachment.  We
then had 2 or more lists going straight to bogus spam.

	After awhile the UCE's were growing and rather pointless
as 99% were spam so we modified it a bit more like this:

	We use MailWatch, so now a 1-list hit is quarantined
for review.  A 2-list or more is also quarantined but flagged
as Hi-Score spam.  Why?  So that we can review them if they
look legit (we find 1-2 per 100 that are kosher) and also 
then SA-Learn them or review the content to write better SA
rulesets to catch the crud.  SA kicks in after MailScanner
in our config, so the less we have to make SA work - the better
the load average reduction.

	By adding Spamhaus's 'lite' list (forget which one, but
will look that up) it seems to catch a ton of these types of
mails that are getting reported by ISP/HSP's and therefore 
they're not being delivered.  Usually it's the only one that
appears in the Spam Test, otherwise if it's really bogus it
shows up with 2+ hits on UCEL1, CBL, DSBL, BLITZED, etc.

	Spamhaus also seems to catch most of the mail forged
with Cable & DSL providers so we can see if it's legit before
releasing it to the customer.  We simply created a release
message that has the original as an attachment and tells 
the customer 'This is blocked.  If it's kosher send us a 
reply stating so, if it's spam this is your only notice of
the block and it stays in place'.  That seems to work much
more effectively than trying to train monkeys to feed Bayes
or muck with their e-mails forwarding them somewhere as
most just are lucky to know how to READ their e-mails.

	#2 - Firewall.  We added an external PCI card based 
firewall to our setups that has it's own CPU and essentially
gives us a GUI version of IPTables.  Most of the crud you're
asking about tends to come from certain regions or IP ranges
and using MailWatch to trace those back we've been able to 
block just the SMTP traffic from those areas so we don't see
most of these.  I note that the 1.txt slew of spam crud has
also not appeared on our systems at this point primarily as
I think we're blocking the forged or legit sources with this
firewall.

	The firewall helps as it reduced the load averages on
the box by 50%+, the packets never make it to MS/SA so we
don't waste timecycles processing sludge.

	HTH!

      David J. Duffner
      President
      PSCGi
      Paradise Shore Communications Group
      www.pscginternet.com




I--I
Message scanned by MailScanner, and is believed to be clean.  
CONFIDENTIALITY NOTICE:  This transmission intended for the
specified destination and person.  If this is not you, this
e-mail must be deleted immediately.     www.pscginternet.com