www-community mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Noel J. Bergman" <n...@devtech.com>
Subject RE: ASF use spamassassin?
Date Sat, 17 Apr 2004 15:54:43 GMT
> because of spam via address harvesting and spoofing.

Or just plain dictionary attacks.  As an experiment, create a hotmail
address, and never use.  See how long it is before it gets spam.

I keep a tail -f monitor on the logs for my mail server.  It just scrolls by
in a corner of the screen, but I recognize good and bad pattens, so if
something looks odd, I can check the logs for the details.  Mostly I'm after
anything that indicates a bug to fix, but I notice other patterns.

One pattern I have been noticing is that I see more dictionary attacks than
anything else.  One filters I want to write is to check all of the RCPT TO
commands for a message.  If a message has too high a ratio of bad recipients
to valid ones, that would be flagged as spam.  With 10-20 recipients in an
typical attack, and 1-2 good addresses, I consider that to be a fairly good
indicator.

I want to do is review my logs to see how often the same IP address spams
me.  If it turns out that spammers are stupid enough to use the same IP
often enough, I could cache IP addresses so that once an IP has been flagged
as spamming by my filters it is blocked for a period of time, and then
released.  An attempt at a self-maintaining block list.

> We need to focus on good filtering techniques and also try to
> minimise our exposure, e.g. removing author tags from javadoc;
> obfuscating web pages especially the who.html in each project.

And what makes you think that there aren't harvesters that scan CVS change
logs?

Hiding your e-mail address as if it were an unlisted phone number is just a
form of security through obscurity, and the wrong place to address the
problem.  It works better for spammers who hide their origins through
criminal activity, than recipients.

	--- Noel


---------------------------------------------------------------------
To unsubscribe, e-mail: community-unsubscribe@apache.org
For additional commands, e-mail: community-help@apache.org


Mime
View raw message