I have a sort of VERY SIMPLE solution to the symptom...I thought some of
you might benefit from it.
Well, over the last few weeks (or is it months) my lists have been getting
nailed with the same crap I am sure you all see. Damn, I have mailboxes
that nobody ever mails to that that only appear on some hidden web page
some where, and I have gotten about 17 in one of them just this week.
DAMN! I think slow death by connection to a few over powered tokenring
(IBM Type 1? the fat ones) cables may be in order for these people...
Anyway, here are some "clues" you can add to your $taboo stuff in
majordomo.cf. I keep them in $global_taboo_headers myself, and they have
been working wonders.
If anyone wants I can keep the entries up on my ftp server and will update
them as new attacks come in. I also try to keep up on what those
anti-spammer "coalitions" are doing...
These are very handy if you don't want to mess with your sendmail rules,
and also if you would actually like to have some control for things (which
I find that the sendmail rules don't give you much of, ie: all or nothing).
Plus with these, you can get your list out of the ubiquitous databases if
the spammers allow it [you get to see the messages]).
BTW, the effect these have is to bounce the mail to the -approval mailbox,
so you can approve them if they are real. Also, if these match domains
that you don't want them to, you can edit those lines out or just edit them
to define them better. I make some BIG assumptions in some of them (like
*market*, how many domains that are "real" ones have that in them, and it's
a GREAT "catch-all"...hee hee)
So here you go, have fun!
Additions to $global_taboo_headers:
/^from:.*moneyworld.com*/i
/^from:.*interramp.com*/i
/^from:.*dm1.com*/i
/^from:.*zygon.com*/i
/^from:.*zygn.com*/i
/^from:.*stockpick.com*/i
/^from:.*netamerica1.com*/i
/^from:.*selfhelpnet.com*/i
/^from:.*helpnet.net*/i
/^from:.*buytime.com*/i
/^from:.*jackpots.com*/i
/^from:.*cyberpromo.com*/i
/^from:.*californiakid.com*/i
/^from:.*lsat.com*/i
/^from:.*megd.com*/i
/^from:.*pwrnet.com*/i
/^from:.*bulk-e-mail.com*/i
/^from:.*bigprofits.com*/i
/^from:.*bbbiiizzz.com*/i
/^from:.*owlsnest.com*/i
/^from:.*natureplus.com*/i
/^from:.*globalfn.com*/i
/^from:.*emailtoyou.com*/i
/^from:.*email2you.com*/i
/^from:.*internetmedia.com*/i
/^from:.*highfiber.com*/i
/^from:.*olworld.com*/i
/^from:.*1stworldwidemall.com*/i
/^from:.*allvip.com*/i
/^from:.*econopromo.com*/i
/^from:.*cartelwealth.com*/i
/^from:.*bigfoot.com*/i
/^from:.*bestofhawaii.com*/i
/^from:.*interpac.net*/i
/^from:.*prowebsite.com*/i
/^from:.*binet.lv*/i
/^from:.*emapnet.com*/i
/^from:.*sallynet.com*/i
/^from:.*@*glenfinnan.com/i
/^from:.*@*flashflood.com/i
/^from:.*@*iemmc*/i
/^from:.*@*mapsexpress.com/i
/^from:.*@*popcornmarketing.com/i
/^from:.*@*llv.com/i
/^from:.*@*public.com/i
/^from:.*@*1stworldwidemedia.com/i
/^from:.*market*/i
/^from:.*gr8fx.com*/i
/^from:.*freeyellow.com*/i
/^received:\s*needmore*/i
/^received:\s*foundmoney*/i
/^received:\s*response.com*/i
/^received:\s*clubnet.net*/i
/^received:\s*flashflood.com*/i
/^received:\s*iemmc*/i
/^received:\s*mail-response.com*/i
/^received:\s*mapsexpress.com*/i
/^received:\s*ssdnet*/i
/^received:\s*public.com*/i
/^received:\s*llv.com*/i
/^received:\s*1stworldwidemedia*/i
/^received:\s*globaltech2000*/i
/^received:\s*moneyworld.com*/i
/^received:\s*interramp.com*/i
/^received:\s*dm1.com*/i
/^received:\s*zygon.com*/i
/^received:\s*zygn.com*/i
/^received:\s*stockpick.com*/i
/^received:\s*netamerica1.com*/i
/^received:\s*selfhelpnet.com*/i
/^received:\s*helpnet.net*/i
/^received:\s*buytime.com*/i
/^received:\s*jackpots.com*/i
/^received:\s*cyberpromo.com*/i
/^received:\s*californiakid.com*/i
/^received:\s*lsat.com*/i
/^received:\s*megd.com*/i
/^received:\s*pwrnet.com*/i
/^received:\s*bulk-e-mail.com*/i
/^received:\s*bigprofits.com*/i
/^received:\s*bbbiiizzz.com*/i
/^received:\s*owlsnest.com*/i
/^received:\s*natureplus.com*/i
/^received:\s*globalfn.com*/i
/^received:\s*emailtoyou.com*/i
/^received:\s*email2you.com*/i
/^received:\s*internetmedia.com*/i
/^received:\s*highfiber.com*/i
/^received:\s*olworld.com*/i
/^received:\s*1stworldwidemall.com*/i
/^received:\s*allvip.com*/i
/^received:\s*econopromo.com*/i
/^received:\s*cartelwealth.com*/i
/^received:\s*bigfoot.com*/i
/^received:\s*bestofhawaii.com*/i
/^received:\s*interpac.net*/i
/^received:\s*prowebsite.com*/i
/^received:\s*binet.lv*/i
/^received:\s*emapnet.com*/i
/^received:\s*sallynet.com*/i
/^received:\s*gr8fx.com*/i
/^received:\s*freeyellow.com*/i
Oh, these also help with my general "rule" of not including attachments or
that "crap" html that the Microslop users "accidentally" put
(duplicatively) in every darn message. These work in $global_taboo_body .
/begin 600 WINMAIL.DAT/
/Content-Type: application/
/Content-Transfer-Encoding: base64/
Case doesn't seems to change in these, since MS's standard might actually
be one for them (ha ha ha :)..
Cheers!
-Brian
Follow-Ups:
|
|
