samba - May 2005 - Re: nazi spam in German over list address

On Sun, 2005-05-15 at 15:00 +0200, Lars Grobe wrote:
> Hi,
> 
> whoever is able to unsubscribe addresses from the list: I am currently
> getting lots of spam with nazi content over this mailing list. 
Unfortunately we are all to well aware of this problem, but as the long-
standing policy of samba.org lists is to allow public posting, we are
between a rock and a hard place.

This has certainly been one of the more egregious examples, and perhaps
the harder to filter, lacking the HTML and other tell-tail signs of our
regular pill-spam and loan-spam.  It certainly seems that we are not
alone: http://blog.outer-court.com/archive/2005-05-15-n27.html

I will remind all list participants of: http://samba.org/samba/ml-
etiquette.html

I'm sorry we can't do much more about this, 

Andrew Bartlett

-- 
Andrew Bartlett                                http://samba.org/~abartlet/
Authentication Developer, Samba Team           http://samba.org
Student Network Administrator, Hawker College  http://hawkerc.net
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url :
http://lists.samba.org/archive/samba/attachments/20050515/596ea8aa/attachment.bin

Hi,

On Sun, May 15, 2005 at 11:41:36PM +1000, Andrew Bartlett
wrote:
> On Sun, 2005-05-15 at 15:00 +0200, Lars Grobe wrote:
> 
> Unfortunately we are all to well aware of this problem, but as the long-
> standing policy of samba.org lists is to allow public posting, we are
> between a rock and a hard place.
> ...
> I'm sorry we can't do much more about this, 
What about ... changing this "long standing policy" ???

(I've already read the reson for the actual policy)

Jerome Alet
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url :
http://lists.samba.org/archive/samba/attachments/20050515/5bfc4106/attachment.bin

Andrew Bartlett wrote:
> On Sun, 2005-05-15 at 15:00 +0200, Lars Grobe wrote:
> 
>>Hi,
>>
>>whoever is able to unsubscribe addresses from the list: I am currently
>>getting lots of spam with nazi content over this mailing list. 
> 
> 
> Unfortunately we are all to well aware of this problem, but as the long-
> standing policy of samba.org lists is to allow public posting, we are
> between a rock and a hard place.
> 
> This has certainly been one of the more egregious examples, and perhaps
> the harder to filter, lacking the HTML and other tell-tail signs of our
> regular pill-spam and loan-spam.  It certainly seems that we are not
> alone: http://blog.outer-court.com/archive/2005-05-15-n27.html
> 
> I will remind all list participants of: http://samba.org/samba/ml-
> etiquette.html
> 
> I'm sorry we can't do much more about this, 
> 
> Andrew Bartlett
> 
> 
Basically if re-training your SPAM filter does not help and
one really wants to get rid of all those junk mails, installing
a challenge/response system like TMDA behind a statistical
filter (e.g. DSPAM) would be a possible solution ...

-- 
Mit freundlichen Gruessen / With kind regards
DAn.I.El S. Haischt

Want a complete signature??? Type at a shell prompt:
$ > finger -l haischt@daniel.stefan.haischt.name

Hey,
yesterday (on 05/15/2005 at 15:41) you noticed:

AB> I'm sorry we can't do much more about this, 

AFAI can see from the headers, samba.org uses Spamassassin.
There is already a cf-file available to filter this current
nazi-stuff.

I use it for a day now and it works well so far.
No solution for upcoming stuff, I know.

-- 
Regards,
Stefan

Daniel S. Haischt wrote:
>  
> Basically if re-training your SPAM filter does not help and
> one really wants to get rid of all those junk mails, installing
> a challenge/response system like TMDA behind a statistical
> filter (e.g. DSPAM) would be a possible solution ...
No.  All that a challenge response system would do is add a bunch of 
challenges to forged addresses to the mess that the worm is creating.

It is hard enough to filter out this worm from all the infected hosts, 
but realize that the list operators are also having to try and filter 
out all the things that are incorrectly auto-responding to the forged 
address.

Challenge response systems are a plague to mailing list operators and to 
any mail server operator who has had their domain forged by a virus or a 
spam run.

Many of the mail server operators that I know are now blocking on sight 
any user and/or network that is using any Challenge Response system that 
they receive a mis-directed challenge from.

My e-mail address is now under attack from mail servers that are not 
using SMTP rejects.

All challenge response would do is increase the amount of junk that is 
now coming in to it.

The same would happen to these lists.

Right now there should be filters in place that know about most of the 
subject that this particular worm uses.

-John