* [OFFTOPIC] Spamcop @ 2002-09-12 20:10 Russell King 2002-09-12 20:41 ` Rik van Riel ` (2 more replies) 0 siblings, 3 replies; 15+ messages in thread From: Russell King @ 2002-09-12 20:10 UTC (permalink / raw) To: Linux Kernel List Hi, I'd like to bring to peoples attention the idiotic situation going on with the RBL list known as spamcop. spamcop have entered into their database the IP address for www.linux.org.uk, which is a machine containing many mailing lists and other facilities. www.linux.org.uk is NOT, repeat NOT an open relay, and as far as I'm aware has never performed any open relaying. However, the basis under which it has been listed is that spamcop received a mailman reponse to a message their tester sent to a valid mailing list address. The mailman response was: "Subject: Your message to Linux-arm awaits moderator approval" Obviously, it didn't relay the spam, nor the test message. If spamcop is accepting hosts with mailing lists that send responses back to the person sending the original mail, any mailing list is open to being listed in the spamcop database. My advice is: stay FAR away from spamcop. If you're using spamcop on your mail server, remove it now before they cut you off from all your mailing lists. Here's the URL explaining why www.linux.org.uk has been listed: http://spamcop.net/w3m?action=checkblock&ip=195.92.249.252 (Note: this does mean that some kernel people may not be able to post messages for a while. Hence the vague relevance of this message to lkml.) -- Russell King (rmk@arm.linux.org.uk) The developer of ARM Linux http://www.arm.linux.org.uk/personal/aboutme.html ^ permalink raw reply [flat|nested] 15+ messages in thread
* Re: [OFFTOPIC] Spamcop 2002-09-12 20:10 [OFFTOPIC] Spamcop Russell King @ 2002-09-12 20:41 ` Rik van Riel 2002-09-12 21:06 ` Gerhard Mack 2002-09-13 4:20 ` David Ford 2 siblings, 0 replies; 15+ messages in thread From: Rik van Riel @ 2002-09-12 20:41 UTC (permalink / raw) To: Russell King; +Cc: Linux Kernel List On Thu, 12 Sep 2002, Russell King wrote: > I'd like to bring to peoples attention the idiotic situation going on > with the RBL list known as spamcop. > However, the basis under which it has been listed is that spamcop > received a mailman reponse to a message their tester sent to a valid > mailing list address. The mailman response was: > > "Subject: Your message to Linux-arm awaits moderator approval" The same happened with NL.linux.org a while ago. The basic problem with spamcop is that it ISN'T driven by tests, but by complaints. It is an automatic system for handling spam complaints and will automagically list any system it gets too many complaints about. Regardless of whether the complaints are legitimate. > My advice is: stay FAR away from spamcop. If you're using spamcop > on your mail server, remove it now before they cut you off from all > your mailing lists. Spamcop is useful as part of a scoring system, but absolutely unsuitable for outright mail rejection. kind regards, Rik -- Bravely reimplemented by the knights who say "NIH". http://www.surriel.com/ http://distro.conectiva.com/ Spamtraps of the month: september@surriel.com trac@trac.org ^ permalink raw reply [flat|nested] 15+ messages in thread
* Re: [OFFTOPIC] Spamcop 2002-09-12 20:10 [OFFTOPIC] Spamcop Russell King 2002-09-12 20:41 ` Rik van Riel @ 2002-09-12 21:06 ` Gerhard Mack 2002-09-12 21:13 ` Larry McVoy 2002-09-13 4:20 ` David Ford 2 siblings, 1 reply; 15+ messages in thread From: Gerhard Mack @ 2002-09-12 21:06 UTC (permalink / raw) To: Russell King; +Cc: Linux Kernel List Check your logs .. it looks like maybe somone was sending spoofed requests? Either that or somone was a total dumbass. I wonder how hard it is to generate enough requests to get somone listed. Gerhard On Thu, 12 Sep 2002, Russell King wrote: > Date: Thu, 12 Sep 2002 21:10:56 +0100 > From: Russell King <rmk@arm.linux.org.uk> > To: Linux Kernel List <linux-kernel@vger.kernel.org> > Subject: [OFFTOPIC] Spamcop > > Hi, > > I'd like to bring to peoples attention the idiotic situation going on > with the RBL list known as spamcop. > > spamcop have entered into their database the IP address for > www.linux.org.uk, which is a machine containing many mailing lists > and other facilities. www.linux.org.uk is NOT, repeat NOT an open > relay, and as far as I'm aware has never performed any open relaying. > > However, the basis under which it has been listed is that spamcop > received a mailman reponse to a message their tester sent to a valid > mailing list address. The mailman response was: > > "Subject: Your message to Linux-arm awaits moderator approval" > > Obviously, it didn't relay the spam, nor the test message. > > > If spamcop is accepting hosts with mailing lists that send responses > back to the person sending the original mail, any mailing list is open > to being listed in the spamcop database. > > My advice is: stay FAR away from spamcop. If you're using spamcop > on your mail server, remove it now before they cut you off from all > your mailing lists. > > Here's the URL explaining why www.linux.org.uk has been listed: > > http://spamcop.net/w3m?action=checkblock&ip=195.92.249.252 > > (Note: this does mean that some kernel people may not be able to > post messages for a while. Hence the vague relevance of this > message to lkml.) > > -- Gerhard Mack gmack@innerfire.net <>< As a computer I find your faith in technology amusing. ^ permalink raw reply [flat|nested] 15+ messages in thread
* Re: [OFFTOPIC] Spamcop 2002-09-12 21:06 ` Gerhard Mack @ 2002-09-12 21:13 ` Larry McVoy 2002-09-12 21:30 ` Gerhard Mack ` (2 more replies) 0 siblings, 3 replies; 15+ messages in thread From: Larry McVoy @ 2002-09-12 21:13 UTC (permalink / raw) To: Gerhard Mack; +Cc: Russell King, Linux Kernel List On Thu, Sep 12, 2002 at 05:06:15PM -0400, Gerhard Mack wrote: > Check your logs .. it looks like maybe somone was sending spoofed > requests? Either that or somone was a total dumbass. > > I wonder how hard it is to generate enough requests to get somone listed. In the for what it is worth department, I got mail from "esr@thyrus.org" with a subject of "cool game" or something like that, and it was obviously forged. It's interesting that they are getting smart enough to make it look like it comes from someone that you've communicated with in the past. Sigh. -- --- Larry McVoy lm at bitmover.com http://www.bitmover.com/lm ^ permalink raw reply [flat|nested] 15+ messages in thread
* Re: [OFFTOPIC] Spamcop 2002-09-12 21:13 ` Larry McVoy @ 2002-09-12 21:30 ` Gerhard Mack 2002-09-12 21:31 ` Vojtech Pavlik 2002-09-12 23:47 ` David S. Miller 2 siblings, 0 replies; 15+ messages in thread From: Gerhard Mack @ 2002-09-12 21:30 UTC (permalink / raw) To: Larry McVoy; +Cc: Russell King, Linux Kernel List On Thu, 12 Sep 2002, Larry McVoy wrote: > Date: Thu, 12 Sep 2002 14:13:38 -0700 > From: Larry McVoy <lm@bitmover.com> > To: Gerhard Mack <gmack@innerfire.net> > Cc: Russell King <rmk@arm.linux.org.uk>, > Linux Kernel List <linux-kernel@vger.kernel.org> > Subject: Re: [OFFTOPIC] Spamcop > > On Thu, Sep 12, 2002 at 05:06:15PM -0400, Gerhard Mack wrote: > > Check your logs .. it looks like maybe somone was sending spoofed > > requests? Either that or somone was a total dumbass. > > > > I wonder how hard it is to generate enough requests to get somone listed. > > In the for what it is worth department, I got mail from "esr@thyrus.org" > with a subject of "cool game" or something like that, and it was obviously > forged. It's interesting that they are getting smart enough to make it look > like it comes from someone that you've communicated with in the past. Sigh. > Looking at it again it takes 3 requests in 48 hours.. a number that is stupidly low. And since the headders are munged there is no way to tell from the complaints if they are all the same recipiant or not. Gerhard -- Gerhard Mack gmack@innerfire.net <>< As a computer I find your faith in technology amusing. ^ permalink raw reply [flat|nested] 15+ messages in thread
* Re: [OFFTOPIC] Spamcop 2002-09-12 21:13 ` Larry McVoy 2002-09-12 21:30 ` Gerhard Mack @ 2002-09-12 21:31 ` Vojtech Pavlik 2002-09-12 22:09 ` Miquel van Smoorenburg 2002-09-12 23:47 ` David S. Miller 2 siblings, 1 reply; 15+ messages in thread From: Vojtech Pavlik @ 2002-09-12 21:31 UTC (permalink / raw) To: Larry McVoy, Gerhard Mack, Russell King, Linux Kernel List On Thu, Sep 12, 2002 at 02:13:38PM -0700, Larry McVoy wrote: > On Thu, Sep 12, 2002 at 05:06:15PM -0400, Gerhard Mack wrote: > > Check your logs .. it looks like maybe somone was sending spoofed > > requests? Either that or somone was a total dumbass. > > > > I wonder how hard it is to generate enough requests to get somone listed. > > In the for what it is worth department, I got mail from "esr@thyrus.org" > with a subject of "cool game" or something like that, and it was obviously > forged. It's interesting that they are getting smart enough to make it look > like it comes from someone that you've communicated with in the past. Sigh. That's an internet worm, called klez. I'm getting more than 10 of these daily. Each is a meg of data. And I'm also getting responses from various mailservers which received the worm with my From: address. It generates both From: and To: randomly based on the victims Outlook addressbook. -- Vojtech Pavlik SuSE Labs ^ permalink raw reply [flat|nested] 15+ messages in thread
* Re: [OFFTOPIC] Spamcop 2002-09-12 21:31 ` Vojtech Pavlik @ 2002-09-12 22:09 ` Miquel van Smoorenburg 0 siblings, 0 replies; 15+ messages in thread From: Miquel van Smoorenburg @ 2002-09-12 22:09 UTC (permalink / raw) To: linux-kernel In article <20020912233115.A24954@ucw.cz>, Vojtech Pavlik <vojtech@suse.cz> wrote: >That's an internet worm, called klez. I'm getting more than 10 of these daily. >Each is a meg of data. And I'm also getting responses from various >mailservers which received the worm with my From: address. It generates >both From: and To: randomly based on the victims Outlook addressbook. It's many months old and there are several versions around. A similar one is YAHA. And it doesn't just take the addresses from the Outlook addressbook - it scans the OE cache too, so if your address appears on a webpage (say a list archive) that an infected users visits your address is added to the list as well. The mindless jerks who wrote Outlook and the KLEZ and YAHA viruses will be the first against the wall when the revolution comes. Well, just after the mindless jerks of the Sirius Cybernetics Corporation, ofcourse. Mike. ^ permalink raw reply [flat|nested] 15+ messages in thread
* Re: [OFFTOPIC] Spamcop 2002-09-12 21:13 ` Larry McVoy 2002-09-12 21:30 ` Gerhard Mack 2002-09-12 21:31 ` Vojtech Pavlik @ 2002-09-12 23:47 ` David S. Miller 2002-09-13 0:52 ` Andries Brouwer 2 siblings, 1 reply; 15+ messages in thread From: David S. Miller @ 2002-09-12 23:47 UTC (permalink / raw) To: lm; +Cc: gmack, rmk, linux-kernel From: Larry McVoy <lm@bitmover.com> Date: Thu, 12 Sep 2002 14:13:38 -0700 In the for what it is worth department, I got mail from "esr@thyrus.org" with a subject of "cool game" or something like that, and it was obviously forged. It's interesting that they are getting smart enough to make it look like it comes from someone that you've communicated with in the past. Sigh. There is someone basically forging email from anyone prominent in the opensource community. I've even got these forges myself addressed as from myself which is even more amusing :-) So I think rather it is this clown instead of someone figuring out who you've had email with recently. ^ permalink raw reply [flat|nested] 15+ messages in thread
* Re: [OFFTOPIC] Spamcop 2002-09-12 23:47 ` David S. Miller @ 2002-09-13 0:52 ` Andries Brouwer 2002-09-13 8:18 ` bert hubert 2002-09-13 10:37 ` Thunder from the hill 0 siblings, 2 replies; 15+ messages in thread From: Andries Brouwer @ 2002-09-13 0:52 UTC (permalink / raw) To: David S. Miller; +Cc: lm, gmack, rmk, linux-kernel On Thu, Sep 12, 2002 at 04:47:54PM -0700, David S. Miller wrote: > There is someone basically forging email from anyone prominent > in the opensource community. I've even got these forges myself > addressed as from myself which is even more amusing :-) Yes, indeed. However, their address collection may be a bit out-of-date: Date: Thu, 2 May 2002 18:54:46 +0700 Message-Id: <200205021154.SAA08358@mail.bes.co.id> From: torvalds <torvalds@krauna.helsinki.fi> Subject: W32.Elkern removal tools ^ permalink raw reply [flat|nested] 15+ messages in thread
* Re: [OFFTOPIC] Spamcop 2002-09-13 0:52 ` Andries Brouwer @ 2002-09-13 8:18 ` bert hubert 2002-09-13 10:37 ` Thunder from the hill 1 sibling, 0 replies; 15+ messages in thread From: bert hubert @ 2002-09-13 8:18 UTC (permalink / raw) To: Andries Brouwer; +Cc: David S. Miller, lm, gmack, rmk, linux-kernel On Fri, Sep 13, 2002 at 02:52:45AM +0200, Andries Brouwer wrote: > On Thu, Sep 12, 2002 at 04:47:54PM -0700, David S. Miller wrote: > > > There is someone basically forging email from anyone prominent > > in the opensource community. I've even got these forges myself > > addressed as from myself which is even more amusing :-) > > Yes, indeed. However, their address collection may be a bit out-of-date: It is less smart than you may think - it sends email 'FROM' people 'TO' people who are listed next to eachother on webpages. See for example the authors list on http://lartc.org, we continually get virusses that appear to come from ourselves. Regards, bert -- http://www.PowerDNS.com Versatile DNS Software & Services http://www.tk the dot in .tk http://lartc.org Linux Advanced Routing & Traffic Control HOWTO ^ permalink raw reply [flat|nested] 15+ messages in thread
* Re: [OFFTOPIC] Spamcop 2002-09-13 0:52 ` Andries Brouwer 2002-09-13 8:18 ` bert hubert @ 2002-09-13 10:37 ` Thunder from the hill 2002-09-14 1:18 ` jw schultz 1 sibling, 1 reply; 15+ messages in thread From: Thunder from the hill @ 2002-09-13 10:37 UTC (permalink / raw) To: Andries Brouwer; +Cc: David S. Miller, lm, gmack, rmk, linux-kernel Hi, On Fri, 13 Sep 2002, Andries Brouwer wrote: > From: torvalds <torvalds@krauna.helsinki.fi> > Subject: W32.Elkern removal tools Linus sending Win32 virus removal tools? (Yes, I know, Linux removes all the Win32 viruses...) Naming himself "torvalds"??? Never. ;-) Those who really read the whole of the mails they get can indeed see the differences. For example, the sender server, or extra headers such as "Priority: I really don't care", or "X-Face: ;-)". Thunder -- --./../...-/. -.--/---/..-/.-./..././.-../..-. .---/..-/.../- .- --/../-./..-/-/./--..-- ../.----./.-../.-.. --./../...-/. -.--/---/..- .- -/---/--/---/.-./.-./---/.--/.-.-.- --./.-/-.../.-./.././.-../.-.-.- ^ permalink raw reply [flat|nested] 15+ messages in thread
* Re: [OFFTOPIC] Spamcop 2002-09-13 10:37 ` Thunder from the hill @ 2002-09-14 1:18 ` jw schultz 0 siblings, 0 replies; 15+ messages in thread From: jw schultz @ 2002-09-14 1:18 UTC (permalink / raw) To: linux-kernel On Fri, Sep 13, 2002 at 04:37:42AM -0600, Thunder from the hill wrote: > Hi, > > On Fri, 13 Sep 2002, Andries Brouwer wrote: > > From: torvalds <torvalds@krauna.helsinki.fi> > > Subject: W32.Elkern removal tools > > Linus sending Win32 virus removal tools? (Yes, I know, Linux removes all > the Win32 viruses...) Naming himself "torvalds"??? Never. ;-) Linus did send a Win32 virus removal tool a while back. It is called Linux. I'm very grateful to him and all who have contributed to removing the Win32 virus. -- ________________________________________________________________ J.W. Schultz Pegasystems Technologies email address: jw@pegasys.ws Remember Cernan and Schmitt ^ permalink raw reply [flat|nested] 15+ messages in thread
* Re: [OFFTOPIC] Spamcop 2002-09-12 20:10 [OFFTOPIC] Spamcop Russell King 2002-09-12 20:41 ` Rik van Riel 2002-09-12 21:06 ` Gerhard Mack @ 2002-09-13 4:20 ` David Ford 2002-09-13 6:53 ` Kai Henningsen 2 siblings, 1 reply; 15+ messages in thread From: David Ford @ 2002-09-13 4:20 UTC (permalink / raw) To: Russell King; +Cc: Linux Kernel List Hrmm... Actually the URL indicates that your IP is not and should not be listed as a spammer now: Metric ------------------------------------------------------------------------ Qty ------------------------------------------------------------------------ Most Recent ------------------------------------------------------------------------ Oldest ------------------------------------------------------------------------ Sample traffic: 116 8.22 hours ago Thu Sep 12 19:46:12 2002 GMT Thu Sep 12 15:46:12 2002 -0400 6.84 days ago Fri Sep 6 07:43:01 2002 GMT Fri Sep 6 03:43:01 2002 -0400 Trap recipients: None recorded Spam reports: 1 12.12 hours ago Thu Sep 12 15:52:19 2002 GMT Thu Sep 12 11:52:19 2002 -0400 12.12 hours ago Thu Sep 12 15:52:19 2002 GMT Thu Sep 12 11:52:19 2002 -0400 Relaying reports: None recorded Relay closed: None recorded 195.92.249.252 not listed in bl.spamcop.net. 195.92.249.252 *is not* and *should not be* listed. Recent spam increases spam score from 1.00 to 2.00 - spam report ratio (0.017) falls under threshold (0.020) It was listed and promptly delisted three hours later. No anti-spam measure is perfect, all have flaws and all are an inconvenience to some portion of users and admins. SpamCop is quite decent about fixing incorrect listings. Some people argue for proactive listing, some people demand 3 sets of proof before listing. Anti-spam measures are gonna make admins happy and annoyed depending on what side of the fence they are on when it hits. If it's affecting you negatively, it's an "idiotic measure", if it's affecting someone else instead, it's a "proactive and great idea". Some measures need evolving and tuning, caching, etc. I.e. my smtp call back mechanism that annoyed vger admins. Yes I need to cache data but as to the veracity of it being idiotic...doubtful. I measure greater than ~70% dead on accuracy in tagging spam which makes it pretty darn useful for my users with -only- smtp callback. It has false negatives but it hasn't yet had a false positive. Everyone gets irate when they are incorrectly blacklisted. Even more irate when major mail distributers agree with the BL site policies. In time tho things will get smoothed out. I/we mail admins feel the pain. Grit your teeth and bear it when these things happen. No person or method is perfect :) David Russell King wrote: >Hi, > >I'd like to bring to peoples attention the idiotic situation going on >with the RBL list known as spamcop. > >spamcop have entered into their database the IP address for >www.linux.org.uk, which is a machine containing many mailing lists >and other facilities. www.linux.org.uk is NOT, repeat NOT an open >relay, and as far as I'm aware has never performed any open relaying. > >However, the basis under which it has been listed is that spamcop >received a mailman reponse to a message their tester sent to a valid >mailing list address. The mailman response was: > >"Subject: Your message to Linux-arm awaits moderator approval" > >Obviously, it didn't relay the spam, nor the test message. > > >If spamcop is accepting hosts with mailing lists that send responses >back to the person sending the original mail, any mailing list is open >to being listed in the spamcop database. > >My advice is: stay FAR away from spamcop. If you're using spamcop >on your mail server, remove it now before they cut you off from all >your mailing lists. > >Here's the URL explaining why www.linux.org.uk has been listed: > > http://spamcop.net/w3m?action=checkblock&ip=195.92.249.252 > >(Note: this does mean that some kernel people may not be able to >post messages for a while. Hence the vague relevance of this >message to lkml.) > > > -- I may have the information you need and I may choose only HTML. It's up to you. Disclaimer: I am not responsible for any email that you send me nor am I bound to any obligation to deal with any received email in any given fashion. If you send me spam or a virus, I may in whole or part send you 50,000 return copies of it. I may also publically announce any and all emails and post them to message boards, news sites, and even parody sites. I may also mark them up, cut and paste, print, and staple them to telephone poles for the enjoyment of people without internet access. This is not a confidential medium and your assumption that your email can or will be handled confidentially is akin to baring your backside, burying your head in the ground, and thinking nobody can see you butt nekkid and in plain view for miles away. Don't be a cluebert, buy one from K-mart today. ^ permalink raw reply [flat|nested] 15+ messages in thread
* Re: [OFFTOPIC] Spamcop 2002-09-13 4:20 ` David Ford @ 2002-09-13 6:53 ` Kai Henningsen 2002-09-13 14:38 ` Gerhard Mack 0 siblings, 1 reply; 15+ messages in thread From: Kai Henningsen @ 2002-09-13 6:53 UTC (permalink / raw) To: linux-kernel david+cert@blue-labs.org (David Ford) wrote on 13.09.02 in <3D8167A0.1080009@blue-labs.org>: > It was listed and promptly delisted three hours later. No anti-spam > measure is perfect, all have flaws ... and this one appears to have a terminal flaw. Using complaints without verification to automatically list someone is a bad idea for *exactly* the same reason that running an open relay is a bad idea - you are at the mercy of good behaviour of third parties, and if they don't innocents elsewhere suffer. Or in other words, spamcop seems to be part of the problem, not part of the solution. MfG Kai ^ permalink raw reply [flat|nested] 15+ messages in thread
* Re: [OFFTOPIC] Spamcop 2002-09-13 6:53 ` Kai Henningsen @ 2002-09-13 14:38 ` Gerhard Mack 0 siblings, 0 replies; 15+ messages in thread From: Gerhard Mack @ 2002-09-13 14:38 UTC (permalink / raw) To: Kai Henningsen; +Cc: linux-kernel On 13 Sep 2002, Kai Henningsen wrote: > david+cert@blue-labs.org (David Ford) wrote on 13.09.02 in <3D8167A0.1080009@blue-labs.org>: > > > It was listed and promptly delisted three hours later. No anti-spam > > measure is perfect, all have flaws > > ... and this one appears to have a terminal flaw. Using complaints without > verification to automatically list someone is a bad idea for *exactly* the > same reason that running an open relay is a bad idea - you are at the > mercy of good behaviour of third parties, and if they don't innocents > elsewhere suffer. > > Or in other words, spamcop seems to be part of the problem, not part of > the solution. It is.. the definition of spam sent to spamcop is often "mail I don't want" That listing is even more pointless than the ones we get from customers who forgot they signed up for things and then complain there first instead of using our list removal system. Worse yet because spamcop munges the headders we can't actually remove the complaining user. Gerhard -- Gerhard Mack gmack@innerfire.net <>< As a computer I find your faith in technology amusing. ^ permalink raw reply [flat|nested] 15+ messages in thread
end of thread, other threads:[~2002-09-14 1:15 UTC | newest] Thread overview: 15+ messages (download: mbox.gz / follow: Atom feed) -- links below jump to the message on this page -- 2002-09-12 20:10 [OFFTOPIC] Spamcop Russell King 2002-09-12 20:41 ` Rik van Riel 2002-09-12 21:06 ` Gerhard Mack 2002-09-12 21:13 ` Larry McVoy 2002-09-12 21:30 ` Gerhard Mack 2002-09-12 21:31 ` Vojtech Pavlik 2002-09-12 22:09 ` Miquel van Smoorenburg 2002-09-12 23:47 ` David S. Miller 2002-09-13 0:52 ` Andries Brouwer 2002-09-13 8:18 ` bert hubert 2002-09-13 10:37 ` Thunder from the hill 2002-09-14 1:18 ` jw schultz 2002-09-13 4:20 ` David Ford 2002-09-13 6:53 ` Kai Henningsen 2002-09-13 14:38 ` Gerhard Mack
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox; as well as URLs for NNTP newsgroup(s).