June 2004 - Smartlist - lists.rwth-aachen.de

Re: faked from addresses getting through to my lists
by Terry Todd 15 Jun '04

15 Jun '04

On Tue, Jun 15, 2004 at 11:42:57AM -0400, Charlie Summers wrote: > At 10:43 AM -0400 6/15/04, Terry Todd is rumored to have typed: > > > What I'm wonndering is if anyone has done anything to beef up the > > dist file or accept file format so it checks for more than just > > the email address of the subscriber. > > You just answered your own question. The stock SmartList contains only > email addresses within the dist file (although it allows for some additional > information, that information is not captured by the stock SmartList), so you > can NOT check for "more." Feel free to code the additiona, but you'll quickly > realize you have yet another problem... > > > a dist file entry something like this > > > > "Senders Name" <email(a)mydomain.com> 192.168.1.1 (comment) > > Which would be impossible to mail _to,_ which is the central purpose of > the dist list (have a ball rewriting choplist to deal with stripping out the > email address from that line). Also makes no sense at all, since most people > on the Net use dynamically-allocated IPs instead of fixed IPs, so your idea > of tagging everyone to an IP (even a C or B block) is futile. You'd be > rejecting valid submissions routinely, ticking off your subscribers. > > > I had been thinking of using SmartList as a spam filter OK forget I ever suggested using smartlist as a spam filter. I've tried many many other spam filtering solutions. None of them work 100%. So I wrote my own that is essentially the same thing as what I suggested here. It is a whitelist of only those I accept email from. It works. The original problem is spam got through to a smartlist mailing list by header information being faked. How can that be prevented? What do others using smartlist do to prevent this from happening? Terry Todd > > SmartList is not designed to be a spam filter. It is a mailing list > distribution package. If you want a spam filter...use a spam filter. To > protect SmartList, pipe the mail from rc.local.s00 to whatever spam filter > you choose. > > If you run your own mail server, there are hundreds of solutions (RBLs, > content filters [yuck], massive blocking of dynamic IPs in the access > database, etc., etc). If you are on a shared server and don't control your > own mail server, use one (or more) of the many procmail/perl solutions out > there. Why would you attempt to rewrite mailing list distribution software to > a spam filter, when you could do what you suggest above with a single recipe* > in your personal .procmailrc file anyway? It's like using your email client > as a word processor to write a novel; you might get it to work, but it'll > cause you no end of unnecessary grief when OpenOffice is available to make it > more efficient. Right tool for the right job. > > Charlie > > > > > * A recipe like... > > :0 # Yeah, no escapes, I know, I'm in a hurry > * ^From.*tlt(a)badger.tltodd.com > * !^Received*192.168.1.1 > /path/to/home/possible_spam.txt > > > > _______________________________________________ > Smartlist mailing list > Smartlist(a)lists.RWTH-Aachen.DE > http://MailMan.RWTH-Aachen.DE/mailman/listinfo/smartlist

5 5

Re: faked from addresses getting through to my lists
by Terry Todd 15 Jun '04

15 Jun '04

Charlie, Yes, they are discussion lists. What I'm wonndering is if anyone has done anything to beef up the dist file or accept file format so it checks for more than just the email address of the subscriber. a dist file entry something like this "Senders Name" <email(a)mydomain.com> 192.168.1.1 (comment) so it checks for not only email address but senders name and IP address as well. With those 3 checks in place it would be pretty darn hard for a spammer to fake it I would think. BTW - the spams I got had also forged the Message-ID: header field. I had been thinking of using SmartList as a spam filter with me being the only recipient in the dist file and all of those on my whitelist being in the accept file. Terry Todd On Tue, Jun 15, 2004 at 09:40:29AM -0400, Charlie Summers wrote: > At 6:35 AM -0400 6/15/04, Terry Todd is rumored to have typed: > > > Is there a way to only allow mail from me to get through only if > > it originates from my localhost? > > Sure. Write a trivial procmail recipe in rc.local.s00 that does the work > checking for specific data in the Received: ehader fields (setting the > variable in rc.custom, of course, so the rc.local.s00 file is invoked). > Although someone determined can presumably forge that, too, it'll drop the > auto-generated spam and such. (The nice thing about SmartList is that you > have the source code, and can add to or modify it in any way you wish.) > > You didn't make it clear whether this is a discussion list or a one-way > "broadcast" list. If it's a broadcast list, you should have already set the > list to "moderate" which would have avoided the problem in the first place. > If it's a discussion list, you will eventually receive viruses or spam forged > from _other_ legitimate (subscribed) addresses, which removes this from being > a SmartList problem and makes it a spam problem. We _all_ have that problem... > > Charlie > > > > _______________________________________________ > Smartlist mailing list > Smartlist(a)lists.RWTH-Aachen.DE > http://MailMan.RWTH-Aachen.DE/mailman/listinfo/smartlist

3 2

faked from addresses getting through to my lists
by Terry Todd 15 Jun '04

15 Jun '04

I've been using SmartList to run my mailing lists since 1997. I've never had a problem with this until just a few days ago. Recently spam is getting through to one of the lists I maintain by faking the From: header to be from me. They use my email address but the name on the From: line is not me. Is there a way to only allow mail from me to get through only if it originates from my localhost? TIA

1 0

moderated approval
by Tom Westheimer 09 Jun '04

09 Jun '04

the manual says: one of the moderators should then resend the mail to the list after adding an "Approved: his_own_address" field to the header (and possible editing the contents of the mail). My question is how does one add "approved tom(a)westheimer.net" to the header? Does this really mean the first line of the body or what? TIA Tom

1 0