Results 1 to 18 of 18

Thread: Junk Email

  1. #1
    Join Date
    Jun 2006
    Posts
    1,767

    Junk Email

    Right I have a problem with Junk Email. It's all pretty much the same stuff and I think it's from the same people as they're advertising the same sex drugs and shares etc. They always use forged headers with different server names and IPs, different subjects and senders.

    SpamAssasin marks about half of them, but I use Outlook 2003 so that doesn't really solve it. I still end up with 20 nuisance letters, usually with attachments. I am root on the server where the email is held.

    Sample email with all headers:
    Code:
    X-Priority: 3 (Normal)
    Message-ID: <876216968.81176780016784@thebat.net>
    To: james@jamestodd.me.uk
    Subject: Get rid of the pounds you hate
    MIME-Version: 1.0
    Content-Type: multipart/alternative;
      boundary="----------ADA67821E4444B"
    X-Spam: Not detected
    X-Antivirus: avast! (VPS 0640-2, 04/10/2006), Inbound message
    X-Antivirus-Status: Clean
    
    ------------ADA67821E4444B
    Content-Type: text/plain; charset=Windows-1252
    Content-Transfer-Encoding: quoted-printable
    
    Anatrim -- The newest and most exciting fat loss product available - As=20=
    scen on Oprah
    Do you remember all the times when you said to yourself you would do
    anything to get rid of this quickly growing pounds of fat? Fortunately,=20=
    now no major
    sacrifice is necessary. With Anatrim, the ground-breaking pound-melting
    blend, you can get a healthier lifestyle and become really thinner.=20=
    Have
    a look at what people say!"I hate to admit it but I was a junk food=20=
    addict. I ate all this trash
    and just could not stop. This misery stopped when I started taking
    Anatrim! God, my appetite decreased, mood improved and I lost 20 pounds
    in 2.5 months. I can tell you now I'm a happier person!"Lusia R.,=20=
    Chicago"I had weight problems since a boy. You can't imagine how I hated=20=
    being
    mocked at school. I hated the weight and I hated myself. After trying
    this and that I found out about Anatrim. This stuff literally pulled me
    out of this nightmare! Thanks and thanks and thanks to you,=20=
    guys."Charley Mock, Las Vegas"You know what? Anatrim saved my marriage!=20=
    I got into this circle,
    depression - eating more - more depression. My wife was about to leave
    the overweight psycho I was turning in. One of my friends pointed to
    your site, and I ordered my pack of Anatrim right away. The results=20=
    were
    great, my appetite became normal, I was in a good mood oftener, and of
    course I went some belt holes back. And you know, the sex became
    fantastic, too!"Frank
    There are loads of testimonials happy people leave after trying=20=
    Anatrim.
    Why don't you join the thousands of joyful beautiful people and try this=20=
    all-natural,
    appetite-suppressing energy boosting product now!
    Find out more about this awesome product now!Remove you=20=
    e-mailt>t>t>t>t>t>t>t>t>t>t>t>t>t>t>t>t>t>t>t>t>t>t>t>t>t>t>t>t>
    ------------ADA67821E4444B
    Content-Type: text/html; charset=Windows-1252
    Content-Transfer-Encoding: quoted-printable
    
    <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
    <HTML><HEAD><TITLE>Get more energy and get rid of fat</TITLE>
    </HEAD>
    <BODY>
    
    <font size=3D"4">
    <center>
    <b>
    <a href=3D"http://www.agafes.com/d/">Anatrim -- The newest and most=20=
    exciting fat loss product available - As scen on Oprah</a>
    </center>
    </font>
    <br>
    <br>
    Do you remember all the times when you said to yourself you would do
    anything to get rid of this quickly growing pounds of fat? Fortunately,=20=
    now no major
    sacrifice is necessary. With Anatrim, the ground-breaking pound-melting
    blend, you can get a healthier lifestyle and become really thinner.=20=
    Have
    a look at what people say!<br>
    <br>
    <i>"I hate to admit it but I was a junk food addict. I ate all this=20=
    trash
    and just could not stop. This misery stopped when I started taking
    Anatrim! God, my appetite decreased, mood improved and I lost 20 pounds
    in 2.5 months. I can tell you now I'm a happier person!"</i>
    <p align=3Dright>Lusia R., Chicago</p>
    <i>"I had weight problems since a boy. You can't imagine how I hated=20=
    being
    mocked at school. I hated the weight and I hated myself. After trying
    this and that I found out about Anatrim. This stuff literally pulled me
    out of this nightmare! Thanks and thanks and thanks to you, guys."</i>
    <p align=3Dright>Charley Mock, Las Vegas</p>
    <i>"You know what? Anatrim saved my marriage! I got into this circle,
    depression - eating more - more depression. My wife was about to leave
    the overweight psycho I was turning in. One of my friends pointed to
    your site, and I ordered my pack of Anatrim right away. The results=20=
    were
    great, my appetite became normal, I was in a good mood oftener, and of
    course I went some belt holes back. And you know, the sex became
    fantastic, too!"</i>
    <p align=3Dright>Frank</p>
    There are loads of testimonials happy people leave after trying=20=
    Anatrim.
    Why don't you join the thousands of joyful beautiful people and try this=20=
    all-natural,
    appetite-suppressing energy boosting product now!
    <br>
    <br>
    <font size=3D"4">
    <center>
    <a href=3D"http://www.agafes.com/d/">Find out more about this awesome=20=
    product now!</a>
    </center>
    </font>
    </b>
    <br>
    <br>
    <br>
    <br>
    <br>
    <font size=3D"2">
    <a href=3D"http://www.agafes.com/d/u.php">Remove you e-mail</a>
    </font>
    
    </BODY></HTML>
    ------------ADA67821E4444B--
    Is there seriously anything which can be done? It is important that all normal email (which is teh vast majority) arrives intact.

  2. #2
    Join Date
    Jun 2006
    Location
    United Kingdom
    Posts
    152
    You could sign up for a filtering service of some sort, third party.

    Or inforce some RBL lists upon your server.
    Chris Imrie
    Freelance Consultant

  3. #3
    Join Date
    Jun 2006
    Posts
    1,767
    The solution needs to be free, easy to implement, and if possible only concerning this 1 account on a shared server.

  4. #4
    Join Date
    Jun 2006
    Location
    United Kingdom
    Posts
    152
    I don't think this is the suitable area for such a discussion.

    But if you have root ownership over the server, a global RBL policy wouldn't be a bad choice.

    Stops a lot of SPAM dead in it's tracks.
    Chris Imrie
    Freelance Consultant

  5. #5
    Join Date
    Jun 2004
    Location
    Boise, ID U.S.A.
    Posts
    3,499
    Is that your real address in the headers? Eventually even these forums will be searched by spambots, leading to the address being harvested for more spam lists.
    Do you have your email set to display complete headers? I don't see any DNS numbers. You need those to send a complaint to the abuse department or to make use of a service like Spamcop to do that for you.

    Traceroute on agafes.com shows DNS number of 210.115.43.43
    APNIC whois on 210.115.43.43 shows that the netblock is registered in Korea.
    KRNIC whois shows 210.115.43.43 is registered with Kangwon National University
    The contact address to forward your complaint to is
    ksyoon@kangwon.ac.kr
    If when Kangwon pulls the plug, this will only be a temporary inconvenience to the spamvertised site, which will quickly find a new host.

    http://whois.domaintools.com/agafes.com shows that their registrar is http://www.namefix.com. Their contact address is abuse@uia.net

  6. #6
    Join Date
    Jun 2006
    Posts
    1,767
    That is my real address in the header. I'm showing you the headers that Outlook Express showed, I have access to the full headers if needs be.

    Spamcop uses an email account on their server which doesn't help much. The domain, IP etc are all forged, or at least they change between each email and as many as 20 times a day.

    Is there any serious way to protect against forged headers? Many of the headers are even forged to look like Hotmail or Yahoo addresses and obviously an address like this in real would be very impractical for sending bulk email.

    About the global RBL thing, could you explain more?

  7. #7
    Join Date
    Jun 2004
    Location
    Boise, ID U.S.A.
    Posts
    3,499
    There is usually a DNS number in the complete headers that can't be forged. They can forge additional DNS numbers. These are usually lower down than the real DNS numbers. Do ARIN whois on the DNS number in the headers to find out the ISP that owns the netblock from which the spam was sent.

  8. #8
    Join Date
    Jun 2006
    Location
    United Kingdom
    Posts
    152
    Basically all a RBL list does is terminate IP's that are listed on SPAM BlackLists, as soon as a mailserver connects from a blacklisted IP, Exim will terminate the connection and reject the email.

    It does require root access to the server, i use RBL's on a private server of mine to eliminate SPAM.

    If you require a How-To, just give me a shout.
    Chris Imrie
    Freelance Consultant

  9. #9
    Join Date
    Jul 2005
    Location
    Buffalo, NY
    Posts
    2,638
    If you don't mind changing MX records, use Google Hosted email. They've got some awesome spam filters, especially if the account receiving spam doesn't need to use the current MX records, or you don't mind using POP.

    https://www.google.com/a/

  10. #10
    Join Date
    May 2001
    Location
    Dayton, Ohio
    Posts
    4,977
    Quote Originally Posted by RazorBlue - Chris
    Basically all a RBL list does is terminate IP's that are listed on SPAM BlackLists, as soon as a mailserver connects from a blacklisted IP, Exim will terminate the connection and reject the email.

    It does require root access to the server, i use RBL's on a private server of mine to eliminate SPAM.

    If you require a How-To, just give me a shout.
    Between RBLs, SURBLS, Razor2 and Pyzor, I have cut down the amount of spam to almost none. We still have one or two per day slip through the cracks but that’s reasonable. Of course without these, I was getting 250ish spam a day.

    -Mat

  11. #11
    Join Date
    Jun 2006
    Posts
    1,767
    Chris, thanks for this I might do this and if I do I will be sure to give you a shout . Is it possible for these IPs to be forged? And if so will this become useless?

    Steve, nice idea but I have a lot of email I'd rather not lose. If there was a way to move email betweek the 2 accounts this would interest me.

    Mat, that's complicated stuff. Thanks for the suggestions which seem to be pretty heavy duty. I am trying to protect just 1 account against ~20 spams per day so this might not be geared to be individual needs.

  12. #12
    Join Date
    May 2001
    Location
    Dayton, Ohio
    Posts
    4,977
    Quote Originally Posted by VT6
    Mat, that's complicated stuff. Thanks for the suggestions which seem to be pretty heavy duty. I am trying to protect just 1 account against ~20 spams per day so this might not be geared to be individual needs.

    Enabling some of these checks in SpamAssassin are just changing one or two lines in /etc/mail/spamassassin/local.cnf
    http://www.yrex.com/spam/spamconfig.php
    -Mat

  13. #13
    Join Date
    Aug 2001
    Posts
    5,065
    I use McAfee's anti-virus along with it's anti-spam feature... it works REALLY great. I love it. It has cut down my spam 99%...

  14. #14
    Join Date
    Jan 2004
    Location
    North Yorkshire, UK
    Posts
    4,164
    We use Postini > www.postini.com

    Far better than anyone else out there, I haven't got a single spam for at least 7 days now, occasionally I get 1.

    Dan
    █ Dan Kitchen | Technical Director | Razorblue
    █ ddi: (+44) (0)1748 900 680 | e: dkitchen@razorblue.com
    █ UK Intensive Managed Hosting, Clusters and Colocation.
    █ HP Servers, Cisco/Juniper Powered BGP Network (AS15692).

  15. #15
    How much are u guys paying for each account and which reseller are u going thru?




    Quote Originally Posted by RazorBlue - Dan
    We use Postini > www.postini.com

    Far better than anyone else out there, I haven't got a single spam for at least 7 days now, occasionally I get 1.

    Dan

  16. #16
    Join Date
    Aug 2002
    Location
    DC
    Posts
    3,643
    Do you have to use Outlook 2003? I found that Thunderbird's spam filter system learns pretty quickly from the end-user tagging a message. I can understand if you want to stick with Outlook, though, since it's got the calendar, alerts, tasks, etc...

    Matt

  17. #17
    Join Date
    Jun 2006
    Posts
    1,767
    I don't use any of the extras in Outlook. I just noticed Thunderbird jacking up my server's load.

    This thread is quite old and since then I bought some email hosting from 1and1. Like most people here I've had some bad experienced with 1and1, though I remember their email services being good and so far I'm pleased. The 1and1 spam filter is catching a lot more than Spamassassin did although there were a few false positives I have tweaked it slightly to give almost perfect results.

    The other advantage of getting email hosting from a company like 1and1 is it only costs &#163;10 for the year and I know the company won't go bankrupt. As my sites tend to move from server to server (which isn't really a problem), it would be better to keep my email in 1 place. Using their MX entries solves that problem too.

    Finally, their webmail interface is ok, better than Horde imho. Not that I really use it, but it's just nicer

    Also with using 1and1's email cluster server load isn't important any more (their problem now ) so I might go back to Thunderbird.

  18. #18
    Join Date
    Jan 2004
    Location
    North Yorkshire, UK
    Posts
    4,164
    Quote Originally Posted by smartcap
    How much are u guys paying for each account and which reseller are u going thru?
    We aren't using a reseller we're a direct customer of Postini (we have a fairly large commit as it's used for clients too, so prices aren't too bad).

    Dan
    █ Dan Kitchen | Technical Director | Razorblue
    █ ddi: (+44) (0)1748 900 680 | e: dkitchen@razorblue.com
    █ UK Intensive Managed Hosting, Clusters and Colocation.
    █ HP Servers, Cisco/Juniper Powered BGP Network (AS15692).

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •