www-community mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Antonio Gallardo" <agalla...@agssa.net>
Subject RE: ASF use spamassassin?
Date Sat, 17 Apr 2004 16:13:56 GMT
Noel J. Bergman dijo:
>> because of spam via address harvesting and spoofing.
> Or just plain dictionary attacks.  As an experiment, create a hotmail
> address, and never use.  See how long it is before it gets spam.
> I keep a tail -f monitor on the logs for my mail server.  It just scrolls
> by
> in a corner of the screen, but I recognize good and bad pattens, so if
> something looks odd, I can check the logs for the details.  Mostly I'm
> after
> anything that indicates a bug to fix, but I notice other patterns.
> One pattern I have been noticing is that I see more dictionary attacks
> than
> anything else.  One filters I want to write is to check all of the RCPT TO
> commands for a message.  If a message has too high a ratio of bad
> recipients
> to valid ones, that would be flagged as spam.  With 10-20 recipients in an
> typical attack, and 1-2 good addresses, I consider that to be a fairly
> good
> indicator.
> I want to do is review my logs to see how often the same IP address spams
> me.  If it turns out that spammers are stupid enough to use the same IP
> often enough, I could cache IP addresses so that once an IP has been
> flagged
> as spamming by my filters it is blocked for a period of time, and then
> released.  An attempt at a self-maintaining block list.

Good idea! The lasts days, I saw recently this kind of attacks too. They
uses from 3 to 20 diferent account guess.

>> We need to focus on good filtering techniques and also try to
>> minimise our exposure, e.g. removing author tags from javadoc;
>> obfuscating web pages especially the who.html in each project.
> And what makes you think that there aren't harvesters that scan CVS change
> logs?


Of course they are! But I think that out there are diferent "level" of
spammers from the most experienced that uses the most sofisticated to the
newbies that only try to find the classics regexp containing @ and dots.

I also think the most sophisticated are mainly well know and they are
listed in many blacklists. The newbies or new starters are the worse,
because they started just yesterday and they need time to go on a
blacklist. Here is where I see the utility of a tool like SA.

> Hiding your e-mail address as if it were an unlisted phone number is just
> a
> form of security through obscurity, and the wrong place to address the
> problem.  It works better for spammers who hide their origins through
> criminal activity, than recipients.

I agree. I think we really need good anti-spam tool rather than hidding
our identities.

I just hope soon the spam problem will find a final solution.

Best Regards,

Antonio Gallardo

To unsubscribe, e-mail: community-unsubscribe@apache.org
For additional commands, e-mail: community-help@apache.org

View raw message