You are viewing a plain text version of this content. The canonical link for it is here.
Posted to server-dev@james.apache.org by Serge Knystautas <se...@lokitech.com> on 2002/01/01 00:10:30 UTC
Re: spam test
I know... I have a server that was accidentally open for a while, and a few
spammers found it. The server has been fixed to not relay for 3-4 months
now, and I still get a few megabytes/day of messages delivered by them to
that server. They keep changing IP addresses too, so my attempts to
explicitly block by IP address just wastes my time more than theirs.
Ideally I'd like James able to do two things: 1) notify the network owners
when there is a spammer and send the appropriate records and 2) identify
spammers with some semi-intelligent algorithms. Ok, the latter is probably
more science fiction or a great way to spend a vacation twiddling with mail
headers, but the former could be quite useful. Say on a weekly basis, the
James anti-spam reporter prepares a list of known spam mail, does a
traceroute or some network detection to see what network the message is
coming from, send the appropriate logs to abuse@thatnetwork.com, and
hopefully shut that person's account off. Admitedly this could be a great
source of unwanted email, but if the reports contained very helpful
information (exact times, IP addresses, durations, summary of what was sent)
and were not sent too regularly, it could help network admins shutdown holes
in their network.
Serge Knystautas
Loki Technologies - Unstoppable Websites
http://www.lokitech.com/
----- Original Message -----
From: "Keith Chew SL" <ke...@ihug.co.nz>
To: "James Developers List" <ja...@jakarta.apache.org>
Sent: Monday, December 31, 2001 6:18 PM
Subject: RE: spam test
> Hi Serge
>
> Thank you for your response. I have been using James on a live site for
> about 1 month now, and seemed to be getting spammed twice a day (it is
very
> interesting because before that month, there was never an email server
> running, ie it's a new site). They are from diffrent domains each time, so
I
> guess not dispatching the mail did work. I will continue monitoring the
> logs.
>
> PS: Wish there could be a way to stop the spammers from spamming!
>
> Keith
>
>
>
> > -----Original Message-----
> > From: Serge Knystautas [mailto:sergek@lokitech.com]
> > Sent: Tuesday, 1 January 2002 10:25 a.m.
> > To: James Developers List
> > Subject: Re: spam test
> >
> >
> > Perhaps they might get that impression, but I think that would be a bit
> > premature.
> >
> > We have talked some about allowing matchers to run in the SMTP handler
so
> > rather than waiting until the messages are accepted, support refusing
> > messages at that point. It would be nice to reuse the same API, but it
> > might just become an ugly hack down the line... so either support
matchers
> > or just allow some additional configurable restrictions. Either way
might
> > be useful.
> >
> > Serge Knystautas
> > Loki Technologies - Unstoppable Websites
> > http://www.lokitech.com/
> > ----- Original Message -----
> > From: "Keith Chew SL" <ke...@ihug.co.nz>
> > To: "James Developers List" <ja...@jakarta.apache.org>
> > Sent: Sunday, December 30, 2001 10:24 AM
> > Subject: RE: spam test
> >
> >
> > > Hi Serge
> > >
> > > Hmmm, would a spam program hunting for email servers get the wrong
> > > impression that the server is accepting relaying (since it's
> > accepting the
> > > mail), thus keeps trying to send via that server?
> > >
> > > On the other hand, if the request is rejected before accepting the
data
> > (in
> > > the doRCPT), then that would be a better prevention? Maybe it's also
> > > possible to add some hooks to the Smtp handler to handler custom
checks?
> > >
> > > Just some thoughts.
> > > Keith
> > >
> > >
> > >
> > > > -----Original Message-----
> > > > From: Serge Knystautas [mailto:sergek@lokitech.com]
> > > > Sent: Monday, 31 December 2001 2:51 a.m.
> > > > To: James Developers List
> > > > Subject: Re: spam test
> > > >
> > > >
> > > > Accepting an email is one thing and doesn't indicate failure...
> > delivering
> > > > it would be a failure. James is set to not relay messages
> > from a remote
> > > > network out of the box, so it would pass these tests.
> > > >
> > > > Serge Knystautas
> > > > Loki Technologies - Unstoppable Websites
> > > > http://www.lokitech.com/
> > > > ----- Original Message -----
> > > > From: "Keith Chew SL" <ke...@ihug.co.nz>
> > > > To: "James Developers List" <ja...@jakarta.apache.org>
> > > > Sent: Friday, December 28, 2001 11:55 PM
> > > > Subject: spam test
> > > >
> > > >
> > > > > Hi
> > > > >
> > > > > I went to http://www.mail-abuse.org/tsi/ar-test.html and tried the
> > spam
> > > > test
> > > > > on James.
> > > > >
> > > > > It failed the first test. How do I prevent spamming and pass all
the
> > > > tests?
> > > > >
> > > > > Can someone assist? Basically I want to disable all outbound mail
> > except
> > > > > from requests originating from the internal network.
> > > > >
> > > > > This is a snippet from the ant-relay test:
> > > > >
> > > > > Sat Dec 29 17:50:21 NZDT 2001 [INFO ] (smtpserver):
> > Connection from
> > > > > cygnus.mail-abuse.org (204.152.187.123)
> > > > > Sat Dec 29 17:50:22 NZDT 2001 [INFO ] (smtpserver): Command
> > received:
> > > > HELO
> > > > > cygnus.mail-abuse.org
> > > > > Sat Dec 29 17:50:22 NZDT 2001 [INFO ] (smtpserver): Command
> > received:
> > > > mail
> > > > > from: <sp...@mercury.e3solutions.net>
> > > > > Sat Dec 29 17:50:23 NZDT 2001 [INFO ] (smtpserver): Command
> > received:
> > > > rcpt
> > > > > to: <"nobody@mail-abuse.org">
> > > > > Sat Dec 29 17:50:23 NZDT 2001 [ERROR ] (smtpserver): Error
parsing
> > > > > recipient address: "nobody@mail-abuse.org": Out of d
> > > > > ata at position 24
> > > > > Sat Dec 29 17:50:23 NZDT 2001 [INFO ] (smtpserver): Command
> > received:
> > > > rset
> > > > > Sat Dec 29 17:50:23 NZDT 2001 [INFO ] (smtpserver): Command
> > received:
> > > > mail
> > > > > from: <no...@mail-abuse.org>
> > > > > Sat Dec 29 17:50:23 NZDT 2001 [INFO ] (smtpserver): Command
> > received:
> > > > rcpt
> > > > > to: <no...@mail-abuse.org>
> > > > > Sat Dec 29 17:50:23 NZDT 2001 [INFO ] (smtpserver): Command
> > received:
> > > > QUIT
> > > > >
> > > > > Basically James allowed a mail from nobody@mail-abuse.org to
> > > > > nobody@mail-abuse.org. How do I prevent this?
> > > > >
> > > > > Keith
> >
> >
> >
> > --
> > To unsubscribe, e-mail:
> <ma...@jakarta.apache.org>
> For additional commands, e-mail:
<ma...@jakarta.apache.org>
>
>
>
> --
> To unsubscribe, e-mail:
<ma...@jakarta.apache.org>
> For additional commands, e-mail:
<ma...@jakarta.apache.org>
>
>
--
To unsubscribe, e-mail: <ma...@jakarta.apache.org>
For additional commands, e-mail: <ma...@jakarta.apache.org>