samba - Oct 2003 - [OT] SPAM

Tom Dickson (bombcar@bombcar.com) wrote:
>
>-----BEGIN PGP SIGNED MESSAGE-----
>Hash: SHA1
>
>Here is the issue, and why the Samba list is basically unable to do
>anything:
>
>If you send a message to the Samba list, it gets resent to everyone on
>the list. This message will contain a FROM: line, showing an email address.
Which should be <samba@lists.samba.org> like the other mailing lists do.
>
> Snip some good stuff.
Bob

--
Assured Computing
When you need to be sure.
bob@assuredcomp.com
www.assuredcomp.com
Voice - 541-868-0331
FAX - 541-463-1627
Eugene, Oregon

But there's no way for it to filter the data server-side, so my server
account still fills up, I still have to deal with the large transfers for each
mail, etc. That's not a solution, it's barely a fix.

Terry


-----Original Message-----
From: Tom Dickson <bombcar@bombcar.com>
Sent: Oct 15, 2003 6:27 AM
To: Samba Mailing List <samba@lists.samba.org>
Subject: Re: [OT] [Samba] SPAM

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Here is the issue, and why the Samba list is basically unable to do
anything:

If you send a message to the Samba list, it gets resent to everyone on
the list. This message will contain a FROM: line, showing an email address.

There are people on this list who have virus ridden machines. They get
your message, and the virus reads the FROM: line, and sends off a virus
to you.

The virus goes directly to you; not through the Samba list. The only
solution is to completely destroy the FROM and REPLY lines in all your
emails; an ugly solution.

If you really don't like the virus spam, may I recommend www.mozilla.com
? It's mail filtering works great for me, and all my little virus splats
go right into the junk folder.

If you really really insist on using Microsoft software and don't want
to ever see a virus spam, then post to the group from a one-time hotmail
account, and read the replies in the list archives.
(http://lists.samba.org) Note that the list archive very rarely has any
of this virus spam in it.

The only other solution is to LART every clueless user out there; but
this is unlikely to work: sysadmins have been trying for 20 years with
no results.

- -Tom

beers@xs4all.nl wrote:
|>>-----Original Message-----
|>>From: Ray Simard [mailto:ray.simard@sylvan-glade.com]
|>
|>>The most effective step to reduce this is to restrict posting to
|>>subscribed list members.
|
|
| This will stop spammers sending to list, but also will hurt people
| incidently asking questions, without being subscribed. Depending on
| policy. The occasional spam arriving via the list is neligable as compared
| to my daily dose of 300+ spams. It will hurt people using the archive as a
| means to see replies w/o being subscribed. Hurt much, effect little.
|
|
|>I've never seen a virus arrive *through* the list.  I think what people
|>are
|>complaining about is viruses being sent to them directly.
|
|
| yeah, the complaint is: when subscribing to SAMBA, the email adres used
| will get spam and virusses at once. Quite possibly by the publication of
| the list onto usenet with the real adres still visible. The spam is
| understandeble, the virusses also, since the introduction of spamming
| virusses.
|
| The resolution could be to block the email addy from the senders to the
| list, when forwarding, but this would hamper ligitimate usage, such as
| replying to sender. (perhaps the follow up discussion isnt SAMBA related)
|
| This is of course totally upto the VOLUNTEERS running this list, if you do
| not like it, feel free to start a SAMBASTOPSPAM list orso.
|
| Threatening to sue VOLUNTEERS over such a silly thing will get you the
| mocking of every Dutchmen I know, and leads me to believe the complainer
| was pissed, and should get sober, or the complainer is an American Layer.
| I hope the former, I think the latter. Or he plays one on the internet
| anyways.
|
| If the complainer was to post onto usenet, and subsequently would get a
| spammie, who would he then sue? Al Gore?
|
| Last but not least, can everybody on this list please reply to this spam
| discussion, my mailbox isnt yet full, and this list is like, low on
| traffic.
|
| Richard van Beers
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQE/jS8qRliD/69byygRAnpwAJ96NBKBCIlrmqPt8zoVtukOARfZzgCdG8LP
eY1c47W00UFD7U5JMWgMBmk=qe3J
-----END PGP SIGNATURE-----

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

I've been watching this thread with amusement. On one side, I see people
with calm collected reasoning explaining how email works, how lists
work, etc. and on the other side, I see rash, overzealous people who A.)
don't want to admit that they have been doing something that most
intelligent users know they shouldn't (use a critical email address for
list subscriptions) regardless of past success of failure (Russian
roulette is a fun game, until you win . . .), and B.) seem to want to
yell at someone other than themselves to vent their frustration at
winning the roulette game. I also run my own mail server with antiviral
filtering on it, and can look up the daily virus volume if anyone is
interested. I have a strong understanding of how these email worms
(technically, these are worms, not viruses) work and can pretty much
guarantee that the Swen worm (the one currently blasting email
addresses) does NOT read newsgroups looking for email addresses.
Outlook, however, will add email addresses from newsgroup postings to
the address book (depending on configuration). The worm will then post
itself to any news servers configured on the infected computer, email
itself to every email address it finds in the address book and inbox
(and probably other email folders) on the computer, and send itself to
any IRC contacts stored on the computer. If the worm finds Kazaa
installed, it will send itself out through Kazaa as well. It will also
search all mapped network drives for Windows Startup folders and drops a
copy of itself in any startup folders it finds. It will also try to
trick the user into supplying login information for the user's email
account. If it succeeds, it will scan the inbox for additional email
addresses and delete any copies of itself that it sent. This information
is not needed for propagation since the worm has its own SMTP engine
(mail server, for those who don't recognize the correct terms) and will
have already sent out at least one copy of itself to every email address
it found. Changes to the way this list is handled would reduce the
usability of this list. I, for one, would rather delete 
1000+ copies of a virus a day for a few months (the average life cycle
of these worms) than reduce the usability of such a useful list
(usefulness is subjective, if you consider the price too high, don't use
it) by any degree. Also, I have examined the headers of several of the
copies of the Swen worm and not one of them has originated from the IP's
of the samba.org servers. This, admittedly, is not a perfect test as
there have been far more copies than I have actually looked at, though
so far, all of the copies I have examined have come from dynamic IP
ranges (generally, dialup or home broadband), not through regular
servers. It would seem then, that the list itself is safe, and only by
damaging usability could we reduce (reduce, mind, not eliminate) this
temporary inconvenience. Sounds rather like cutting off my nose to spite
my face, not a course of action I would recommend. :) 

  Just my (rather stretched) two cents.
  Erik Soderquist


<snip>

Additional note: I like the idea of using a Hotmail account for lists,
the rampant propagation of email worms is the fault of poor design by
Microsoft, let Microsoft deal with the wasted bandwidth. I don't have to
view/download any emails I don't want to on hotmail. :)

  my two more cents?
  Erik Soderquist

Around 300 spam in less than one day.

Sure it's not the list fault, but come on.

I guess this is not the right place to complain about it. :)

Denis J.