[rt-users] GET PAID 13610

Bob Apthorpe arclight at jump.net
Tue May 14 21:37:51 EDT 2002


Hmm. I wonder if the tard responsible for this debris[1] or the 
differently-competent mail admins who own the offending open relay[2] realize 
how many abuse desks use RT for spammer tracking and whacking?...

Marginally topical point #1: Any thoughts on using Mail::Audit in rt-mailgate?

Marginally topical point #2: I've had pretty good results using SpamAssassin 
and Vipul's Razor to tag and bag spam. It's not quite as efficient as 
dropping connections but it manages to catch a lot with few false positives. 
It might be a reasonable defense to publically-exposed RT aliases; tag spam, 
send it to a holding queue (or simply pitch mail flagged by Razor), and 
periodically muck that queue out into appropriate queues.

-- Bob

[1] Injection point is (adsl-64-175-108-209.dsl.lsan03.pacbell.net 
[64.175.108.209]) by my reading of the headers.

[2] Open relay at ntserver.conseal.com [206.21.112.226]), listed by 
relays.osirusoft.com

On Tuesday 14 May 2002 08:47, some idiot wrote:
> SPAM: -------------------- Start SpamAssassin results
> ---------------------- SPAM: This mail is probably spam.  The original
> message has been altered SPAM: so you can recognise or block similar
> unwanted mail in future. SPAM: See http://spamassassin.org/tag/ for more
> details.
> SPAM:
> SPAM: Content analysis details:   (16.4 hits, 5 required)
> SPAM: Hit! (3.4 points)  Faked To "Undisclosed-Recipients"
> SPAM: Hit! (2.7 points)  Subject contains lots of white space
> SPAM: Hit! (2.1 points)  Invalid Date: header (timezone does not exist)
> SPAM: Hit! (0.6 points)  From: does not include a real name
> SPAM: Hit! (-0.5 points) BODY: Contains 'Dear Somebody'
> SPAM: Hit! (0.4 points)  BODY: Information on how to work at home (1)
> SPAM: Hit! (-1.1 points) BODY: No experience needed!
> SPAM: Hit! (0.1 points)  BODY: Uses words and phrases which indicate porn
> (10) SPAM: Hit! (2.0 points)  BODY: Information on how to work at home (2)
> SPAM: Hit! (-1.0 points) BODY: Gives information about an opportunity SPAM:
> Hit! (-0.8 points) BODY: Doesn't ask any questions
> SPAM: Hit! (1.9 points)  BODY: Contains word 'guarantee' in all-caps
> SPAM: Hit! (3.4 points)  BODY: Talk about a check or money order
> SPAM: Hit! (0.5 points)  BODY: A WHOLE LINE OF YELLING DETECTED
> SPAM: Hit! (0.6 points)  BODY: 2 WHOLE LINES OF YELLING DETECTED
> SPAM: Hit! (-1.5 points) BODY: 3 WHOLE LINES OF YELLING DETECTED
> SPAM: Hit! (-0.4 points) BODY: Contains a line >=199 characters long
> SPAM: Hit! (0.0 points)  BODY: Contains an ASCII-formatted form
> SPAM: Hit! (2.0 points)  Received via a relay in relays.osirusoft.com
> SPAM:                    [RBL check: found
> 226.112.21.206.relays.osirusoft.com.] SPAM: Hit! (2.0 points)  Subject
> contains a unique ID number
> SPAM:
> SPAM: -------------------- End of SpamAssassin results
> ---------------------
>
> Dear Prospective Independent Worker:
>
[blah, blah, blah]
>
> my initial goal is process (  ) 100   (  ) 250  (  ) 500  (  )
> 1000+envelopes per week.
>
> _______________________________________________
> rt-users mailing list
> rt-users at lists.fsck.com
> http://lists.fsck.com/mailman/listinfo/rt-users
>
> Have you read the FAQ? The RT FAQ Manager lives at http://fsck.com/rtfm




More information about the rt-users mailing list