[Mimedefang] How to kill this spam?
John Mason Jr.
John.Mason.Jr at Autostradeint.com
Tue Nov 11 01:10:20 EST 2003
> -----Original Message-----
> From: mimedefang-bounces at lists.roaringpenguin.com
> [mailto:mimedefang-bounces at lists.roaringpenguin.com] On
> Behalf Of Ashley M. Kirchner
> Sent: Tuesday, November 11, 2003 12:03 AM
> To: mimedefang at lists.roaringpenguin.com
> Subject: [Mimedefang] How to kill this spam?
>
>
>
> Ok, I've been getting this crap for a while now and I
> can't figure
> out how to kill it. It's always the same construct of
> message body, and
> I can't just kill it by content-type... Is there anyway to
> just bounce
> this crap?
>
> I extracted it from my mailbox and posted it here:
> http://37th.yeehaw.net/spam.txt
>
Can you add a rule to check for "=?" starting the subject line?
Also from http://abuse.easynet.nl/dynablocker.html
The DynaBlocker is at dynablock.easynet.nl and uses 127.0.0.2 A records.
Its purpose is to block SMTP connections from dynamic dial-up IP ranges
and from residential Cable/DSL connections. See here for more
information.
The IP ranges (/24 ranges) that are in our DynaBlock zonefile are based
on a number of criteria and principles:
1. we probe the PTR records for IPs
20/40/60/80/100/120/140/160/180/200/220/240 in each /24
2. all twelve PTR records must have one of the following terms: tnt
(uunet uses these) dial dyn slip ppp ipt (aol uses these) modem dip pool
nas cvx (Nortel dial-up Access Switches) and others
3. the results are written to a temporary file, which is inspected
visually
4. any entry within a /24 that appears to be indicative of a fixed IP
number will be excepted with a void CNAME record. If there are too many
static records within a /24, it will be removed.
5. entries not found by 1. and 2. may be added later, triggered by spam
evidence, using different types of probes
6. dynablock hits (found by scanning our maillogs every hour) are
inspected visually; when doubt arises about a /24 being listed, it will
be delisted
7. we will list dynamic IP pools without any distinction between DSL,
dial-ups, DHCP etcetera, especially when a lot of abusive behavior
originates there, or when a lot of open proxies are present in such a
network.
8. We will also list 'truly dynamic and/or domestic' DSL/Cable ranges
where IP addresses change around fast or where no legitimate mailservers
are found.
The only contact address for any blacklist issue is
abuse at abuse.nl.easynet.net.
John Mason
More information about the MIMEDefang
mailing list