Subject: Re: Mass-Mailings Delivered to NetBSD.ORG--STOP THE(MY) MADNESS
To: None <current-users@NetBSD.ORG>
From: Jeff Thieleke <thieleke@ix.netcom.com>
List: current-users
Date: 11/26/1997 22:02:17 
> I agree and sympathize (and I am the unofficial NetBSD "spam czar",
> hence this reply), but doing so is not as simple as it may appear.
> 
> >I'm advocating that you ban the mail servers which originate these
> >messages from posting into the current-users..  or at least the domains of
> >the original senders, and the mail servers which allow anonymous postings.
> 
> Unfortunately this is not always possible.  For instance, one recent
> example (Subject: Here it is....) was received from a mailserver in
> the ix.netcom.com domain.  When I complained to Netcom about it, I got
> back the following:
> 

Why not do more filtering than simply blacklisting domains?  For example, the
spam in question could have easily been caught by any one of the following
easy procmail header recipies:

--------------------------------------------------------------------------------
Date: Sun, 23 Nov 97 13:10:09 EST
To: 853229101035868390@ix.netcom.com
Subject: Here it is....
Message-ID: <4596899-219449969>
Reply-To: esoftware@hotmail.com
Comments: Authenticated sender is <esoftware@hotmail.com>
--------------------------------------------------------------------------------


1. * ^Comments: Authenticated sender
   * !^X-Mailer: Pegasus Mail

2. * ^Received:.*-0(6|7)00 \(EST\)

3. * ^X-UIDL:
   {
      :0a:
      * !^X-UIDL: [0-9a-f][0-9a-f][0-9a-f][0-9a-f][0-9a-f][0-9a-f][0-9a-f][0-9a-f]\
                  [0-9a-f][0-9a-f][0-9a-f][0-9a-f][0-9a-f][0-9a-f][0-9a-f][0-9a-f]\
                  [0-9a-f][0-9a-f][0-9a-f][0-9a-f][0-9a-f][0-9a-f][0-9a-f][0-9a-f]\
                  [0-9a-f][0-9a-f][0-9a-f][0-9a-f][0-9a-f][0-9a-f][0-9a-f][0-9a-f]
      { insert bad thing here }  

      :0a:
      * ^X-UIDL: [0-9][0-9][0-9][0-9][0-9][0-9][0-9][0-9]\
                 [0-9][0-9][0-9][0-9][0-9][0-9][0-9][0-9]\
                 [0-9][0-9][0-9][0-9][0-9][0-9][0-9][0-9]\
                 [0-9][0-9][0-9][0-9][0-9][0-9][0-9][0-9]
      { insert bad thing here }
   }



I'm not advocating doing aggressive filtering on the poor overworked NetBSD 
mail server, but doing simple header checks like those above will do 
wonders at cutting down on our mailing list spam.

Or better yet, get procmail into the package system, and add some example
procmailrc to share/examples!



Jeff Thieleke