You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@spamassassin.apache.org by Greg Troxel <gd...@ir.bbn.com> on 2010/01/04 16:21:02 UTC
an actual IPv6 spam
(I realize that 3.2.5 does not grok v6 headers, and I believe this is
fixed in 3.3, so this is more of an observation than a complaint.)
Yesterday I received spam over IPv6 (and also TLS). This is the first
one I've noticed, probably due to a compromised v6-capable machine, so I
thought it might be of interest to others:
http://www.lexort.com/spam/spam-ipv6-cn.txt
Re: an actual IPv6 spam
Posted by Steve Bertrand <st...@ibctech.ca>.
Steve Bertrand wrote:
> Greg Troxel wrote:
>
>> Has anyone else gotten v6 spam?
>
> When I first configured my personal mail servers with IPv6, I wrote a
> parser for my Simscan logs, so I could graph v6 email statistics. Since
> then (~June, 2008), I've received six blatant spam messages.
>
> Here is the text representation of these stats of one day last month
> where a v6 spam did come through:
I've had a couple of off-list enquiries, so I'll clarify:
Messages are counted at my primary MX. My secondary MX communicates via
IPv6 over the Internet to my primary. Messages sent from external
sources via IPv4 to my secondary which are subsequently sent to my
primary via IPv6 are NOT counted in the tally.
Only messages where the originating mail server was v6 enabled are counted.
...make sense? ;)
Steve
> Email by protocol stats for 2009/12/25
>
> Total Messages: 1666
> Spam: 1125
> Ham: 541
> Spam % of Total: 67.53 %
>
> Score Total: 23746.10
> Scored Positive: 1368
> Scored Negative: 298
> Score Avg: 14.25
>
> Messages via IPv6: 173
> Percent of total: 10.38 %
> SPAM via IPv6: 1
> Percent of Spam: 0.09 %
>
> Messages via IPv4: 1493
> Percent of Total: 89.62 %
> SPAM via IPv4: 1124
> Percent of Spam: 99.91 %
>
> MTA Connections: 3242
> Accepted: 3143
> Rejected: 99
> Rejected Percent 3.05
>
> ...unfortunately, I believe the actual message from this day has already
> been eradicated, but if there is interest, I'll start keeping them for
> comparison.
>
> Steve
Re: an actual IPv6 spam
Posted by Steve Bertrand <st...@ibctech.ca>.
Greg Troxel wrote:
> Has anyone else gotten v6 spam?
When I first configured my personal mail servers with IPv6, I wrote a
parser for my Simscan logs, so I could graph v6 email statistics. Since
then (~June, 2008), I've received six blatant spam messages.
Here is the text representation of these stats of one day last month
where a v6 spam did come through:
Email by protocol stats for 2009/12/25
Total Messages: 1666
Spam: 1125
Ham: 541
Spam % of Total: 67.53 %
Score Total: 23746.10
Scored Positive: 1368
Scored Negative: 298
Score Avg: 14.25
Messages via IPv6: 173
Percent of total: 10.38 %
SPAM via IPv6: 1
Percent of Spam: 0.09 %
Messages via IPv4: 1493
Percent of Total: 89.62 %
SPAM via IPv4: 1124
Percent of Spam: 99.91 %
MTA Connections: 3242
Accepted: 3143
Rejected: 99
Rejected Percent 3.05
...unfortunately, I believe the actual message from this day has already
been eradicated, but if there is interest, I'll start keeping them for
comparison.
Steve
Re: an actual IPv6 spam
Posted by Greg Troxel <gd...@ir.bbn.com>.
Benny Pedersen <me...@junc.org> writes:
> On Mon 04 Jan 2010 04:21:02 PM CET, Greg Troxel wrote
>> http://www.lexort.com/spam/spam-ipv6-cn.txt
>
> X-Greylist: Sender IP whitelisted, not delayed by
> milter-greylist-4.2.3 (fnord.ir.bbn.com [0.0.0.0]); Sun, 03 Jan 2010
> 22:17:05 -0500 (EST)
>
> you are on ipv4, any ip whitelisted or ?
I whitelist (for greylisting) all of 2001::/3, because I haven't been
getting over IPv6 the dialup/cable/dsl/etc. spam that greylisting stops.
That means that the mail I do get over IPv6 (IETF, NetBSD) isn't
subjected to greylisting, and for now that's a good tradeoff.
In this case, the offending box seems to be an actual mail server, so
the greylisting pass didn't hurt:
fnord gdt 31 ~ > telnet 2001:da8:b800:228:5054:abff:fe10:8e4c smtp
Trying 2001:da8:b800:228:5054:abff:fe10:8e4c...
Connected to cernet2.net.
Escape character is '^]'.
220 vilab.hit.edu.cn ESMTP Postfix (Ubuntu)
EHLO fnord.ir.bbn.com
250-vilab.hit.edu.cn
250-PIPELINING
250-SIZE 30720000
250-VRFY
250-ETRN
250-STARTTLS
250-AUTH LOGIN PLAIN
250-AUTH=LOGIN PLAIN
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN
quit
221 2.0.0 Bye
Connection closed by foreign host.
Has anyone else gotten v6 spam?
Re: an actual IPv6 spam
Posted by Benny Pedersen <me...@junc.org>.
On Mon 04 Jan 2010 04:21:02 PM CET, Greg Troxel wrote
> http://www.lexort.com/spam/spam-ipv6-cn.txt
X-Greylist: Sender IP whitelisted, not delayed by
milter-greylist-4.2.3 (fnord.ir.bbn.com [0.0.0.0]); Sun, 03 Jan 2010
22:17:05 -0500 (EST)
you are on ipv4, any ip whitelisted or ?
--
xpoint http://www.unicom.com/pw/reply-to-harmful.html