Re: spamassassin and web based mail !

[Cigan Segun <ci...@yahoo.co.uk>]

Thank you everybody.
 
My office runs a cybercafe. Customers are only allowed to use web based mail like yahoo, hotmail, excite, etc and NOT outlook express or any other mail clients.
 
The problem: what can I do to check all their mails in order to stop the ones that are spams?
 
Thank you all, once again.
Cigan.
 
 
 

		
---------------------------------
 ALL-NEW Yahoo! Messenger - all new features - even more fun!  

Re: spamassassin and web based mail !

[Per Eric Rosén <pe...@rosnix.nu>]

On Sat, 13 Nov 2004, Cigan Segun wrote:

> My office runs a cybercafe. Customers are only allowed to use web based
> mail like yahoo, hotmail, excite, etc and NOT outlook express or any
> other mail clients.

> The problem: what can I do to check all their mails in order to stop the
> ones that are spams?

Well, there are at least two unusual things here:

1. Trying to use Spamassassin for blocking *outgoing* spam. Most sites use
   SA to block *incoming* spam. But SA could be used to block outgoing
   spam; perhaps someone is already doing that (with a customized
   selection of rules). Something easier would perhaps be to limit the
   number of reciepients of mail per hour for the users. All of this
   assumes you are in charge of the mail flow:

2. As you say, there is no mail traffic from your place. Just web
   requests. It would be a less simple task getting SA to intercept
   web postings. Maybe someone has done it, perhaps as part of a blog /
   guestbook anti-spam-measure (but then at the server side).

Maybe the "real" solution is for Yahoo, Hotmail (and other ad-based / free
mail providers) etc to implement anti-spam on outgoing mail. And besides,
this makes me ask: how many spammers are really just using a Hotmail
account and sending lots of messages? I thought most spammers used special
software, open relays etc; I think the free-mails already have some rough
antispam like message number limits. Also, sending from hotmail without
lots a work generates identical spam messages, which means they are
possible to catch with f.x. Razor. Sound like pretty lame spammers ... ?

perhaps not very helpful, but a starter at least ...
Per Eric
--
^): Per Eric Rosén http://rosnix.nu/~per/
/   per@rosnix.nu  GPG 7A7A BD68 ADC0 01E1 F560 79FD 33D1 1EC3 1EBB 7311

RE: spamassassin and web based mail !

[David B Funk <db...@engineering.uiowa.edu>]

On Sat, 13 Nov 2004, Peter P. Benac wrote:

> You could stand over their shoulders?
>
> I really doubt that any real spammer will use a cybercafé to send spam.
> These idiots use software that generate messages and send them thru any open
> relay they can find.  Just because the reply to address says hotmail.com or
> yahoo.com doesn't necessarily mean the message originated at Yahoo or
> Hotmail.

No, Cigan is right. A substantial number of the "419" scammer spams
come from criminals noodling away in cybercafes.( My hat's off to you,
Cigan, for being concerned about this problem.) This has become the
"cottage industry" of the criminal world.
There was a story in the Register (or some net-news site) about a
scammer being caught in the UK because his victim in the US had a
freind living in that UK city who was able to 'stake out' the cybercafe
and catch the crook in the act. ;)

This is a technically tough problem to solve. Your network does not
'see' any SMTP traffic, the traffic is just HTTP get/post operations,
so nothing for spamassassin to easily filter.

You would need to do something like set up a transparent HTTP proxy
(such as squid) so all web traffic (incoming and outgoing) would pass
thru it. Then you would need to configure it with a custom filter that
would look for 'POST' operations going to specfic destinations (Yahoo,
hotmail, etc) and then hand the data to a custom local program that
would synthesize a SMTP like message to pass to your spamassassin.
(not a trivial task but do-able).
However if the crooks were smart enough to encrypt their traffic
(use 'https://' rather than 'http:'') the proxy would only see the
encrypted traffic and not be able to "look inside" it to see what the
actuall message was. You could block traffic to the https port (443)
to prevent that but that would be a disservice to your customers who
wanted to do on-line shopping. ;(

keyboard loggers would be the hi-tech equivalent of looking over their
shoulders, but would not stop the act, just enable later aprehension.
(not to mention the considerable work of grubbing thru the keylogger
data to find the possible crook).

Good luck in this effort.

-- 
Dave Funk                                  University of Iowa
<dbfunk (at) engineering.uiowa.edu>        College of Engineering
319/335-5751   FAX: 319/384-0549           1256 Seamans Center
Sys_admin/Postmaster/cell_admin            Iowa City, IA 52242-1527
#include <std_disclaimer.h>
Better is not better, 'standard' is better. B{

RE: spamassassin and web based mail !

["Peter P. Benac" <pp...@emacolet.com>]

You could stand over their shoulders?  

I really doubt that any real spammer will use a cybercafé to send spam.
These idiots use software that generate messages and send them thru any open
relay they can find.  Just because the reply to address says hotmail.com or
yahoo.com doesn't necessarily mean the message originated at Yahoo or
Hotmail.

Short of standing over their shoulders you would need a customized version
of SurfControl or WebSense that did what SpamAssassin does on mail
originating or terminating on a mail sever.  In other words you'd have to
inspect every packet going out of your business and attempt to filter out
what might be a spam source.

All I can say is Good Luck with that.  Programs like SurfControl and
WebSense filter on source and destination IP addresses and hostnames. You
need something that goes deeper into a TCP/UDP packet.

Regards,
Pete
----
Peter P. Benac, CCNA
Celtic Spirit Network Solutions
Providing Network and Systems Project Management and Installation and Web
Hosting.
Phone: 919-618-2557
Web: http://www.emacolet.com
Need quick reliable Systems or Network Management advice visit
http://www.nmsusers.org

To have principles...
             First have courage.. With principles comes integrity!!!



-----Original Message-----
From: Cigan Segun [mailto:cigan_ng@yahoo.co.uk] 
Sent: Saturday, November 13, 2004 3:41 PM
To: users@spamassassin.apache.org
Subject: Re: spamassassin and web based mail !


Thank you everybody.

My office runs a cybercafe. Customers are only allowed to use web based mail
like yahoo, hotmail, excite, etc and NOT outlook express or any other mail
clients.

The problem: what can I do to check all their mails in order to stop the
ones that are spams?

Thank you all, once again.
Cigan.





ALL-NEW Yahoo! Messenger - all new features - even more fun!