Re: really 'evi'l ipfw rules
From:Date: 09/26/02
- Next message: Graham Stewart: "Re: really 'evi'l ipfw rules"
- Previous message: : "Re: WinMX.exe HOW?"
- In reply to: : "Re: really 'evi'l ipfw rules"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Thu, 26 Sep 2002 12:31:40 GMT
> 1. As has already been pointed out, what you are requesting above is
> not a firewall kind of thing.
>
True, but for several reasons the only way I've been able to successfully
block the occasional residual trash from hananet & kornet which (admittedly
rarely) gets past other filtering applications is by way of an ipfw deny
rule. I'm very annoyed with the utter ignorance / arrogance / incompetence
of korean spamlords & intend completely firewalling all of korea / china. .
> 2. 99.99% of spam has from, sender, and reply addresses that are
> totally bogus or are valid email addresses but not connected with the
> spammer in any way. Would you really want to dump your load in the
> mailbox of some innocent person?
>
Whilst I'm not any kind of expert in tracing SPAM senders, I always run the
few bits of spam I get these days through spamcop, which in most cases
confirms that the sender is who I thought. Its extremely rare to find
anything that didn't emanate from either kornet or hananet (or one of their
clients)
> 3. After all of these messages hit your ISP's SMTP server to go out,
> your ISP would have some very pointed things to say to you.
No problem there ..... brizzie.org is sitting on the floor about a meter
away from this keyboard & I've got a bunch of other machines I admin within
a few mouse clicks away.
>
> 4. All of those messages would be clogging up internet bandwidth,
> slowing people down.
>
Yes well ... what about all the korean spam ?? ..... are we all simply going
to stand by & meekly accept the daily avalanche of unitelligible cr*p from
scumbag asian spamlords ?? High time we went on the warpath & taught asian
spamlords to mind their manners. At least the caucasian spamlords I've
encountered have the decency to have working 'abuse' aliases & promptly
remove an address from their lists on request.
> 5. If your email got through to the spammer, you would be confirming
> your email address, thereby making your email address more valuable to
> spammers.
>
No doubt about that, however I think I have a few ways around that issue
> 6. Sending remove requests to spammers, regardless of their location,
> is just confirming your email address. Report the spam to the ISP
> that the spammer is using to connect to the internet and/or the ISP of
> the SMTP server being used, as is appropriate. (If there is a local
> connection to an SMTP server, there is no connecting ISP. If they are
> connecting directly to your ISP's server, there is no point
> complaining to your ISP, but in this case they will have a connecting
> ISP.)
>
Been there done that ...... have you ever got a reaction from any korean
spamlord / ISP / sysadmin / etc (other than an increased volume of their
sh*t !!!!) After countless attempts to get through their thick skulls I'm
firmly convinced that spamming is at least socially acceptable if not
actively encouraged in korea. As far as I can tell, KORNET is vaguely
comparable to Tel$tra in OZ, and I know from looooong experience what its
like trying to get any sense out of that mob of ignoramuses.
> 7. Using a firewall DENY rule only works if the spammer is connecting
> directly to your system to drop the mail in a local SMTP server. If
> you connect out to a server to pick up your mail a firewall rule won't
> work.
Which is exactly what is going on here ... actually its happening on the
local mailserver as well as one remote one that I have accounts on, but
similar firewall rules are installed on each one at the same time in case
the sender somehow knows about the different machines. This is quite
unlikely because they are on totally different networks ... one has ethernet
feed from the co-host & other has ADSL service from an unrelated provider. .
>
> 8. I use filter rules in my email software. When I get spam, I look
> up the valid IP address(es) in the headers at ARIN. If I find that
> the associated class A network belongs to APNIC, I add a filter rule
> to trash all messages with an IP address from that class A network
> anyplace in the headers. If I were to need to receive email from
> someone who uses APNIC connections and/or servers, I would create an
> appropriate filter rule and put it higher on the list.
>
Thats essentially what I'm doing with the two or three articles per day that
/etc/mail/access.db, dnsbl, procmail & spamassassin don't catch. When I
identify the sender IP range I block the whole lot in the hope that it makes
life
impossible for the poor little spambots. I have other nasties in place for
spambots that attempt to collect information from any site I control.
What I was looking for however was info on ways to do the asian style
martial arts trick on asian spamlords, ie use their strength against them. I
realize this isn't a trivial task ... few if any asian spammers have known
email accounts & those that are known are typically over quota. Poisoning
spambots is good sport but there has to be other equally rewarding games.
- Next message: Graham Stewart: "Re: really 'evi'l ipfw rules"
- Previous message: : "Re: WinMX.exe HOW?"
- In reply to: : "Re: really 'evi'l ipfw rules"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
