From Nobody at spamcop.net Tue May 3 10:46:26 2005 From: Nobody at spamcop.net (CFA) Date: Tue May 3 11:50:08 2005 Subject: [SpamCop-Geeks] Re: Recommendations for web page forms References: Message-ID: "Miss Betsy" wrote in message news:d4hgn7$rqd$1@news.spamcop.net... >I have a friend who wants to establish a web site that would > connect various people who are interested in a particular subject, > but doesn't know about using secure forms or ways to prevent > spiders from collecting email addresses. > > Are there any particular programs that are recommended by this > group for web forms or ways to encode mailto addresses? > > Miss Betsy > > > I have had a personal web site for several years, and so far none of my contact addresses have been found by spiders. My web host doesn't support CGI, so I've had to make do with the basics. Here's what I do: I use Photoshop to make a simple graphic of my e-mail address. This is displayed on the web page, so anyone who visits the page can see my address. Then I use a link encoding program to JavaScript encode the address. This goes in the head of the web page. A link to the address is in the body of the page. So in the head of the web page you have: and in the body of the page you have: This link displays the graphic of your e-mail address and refers to your encoded address in the head of the page. If someone visiting your web page has JavaScript turned off, he won't be able to click on your graphic to send you e-mail, but at least he can still see your e-mail address in the graphic. The web site where I got the free link encoder no longer exists, but if you'll write to me, I'll send it to you. eo2n3ji02@sneakemail.com (And when this address starts getting spam, I will delete it, so it won't last forever.) I hope I explained this so that you can understand. I'm not very good with the terminology. I just know that this system works for me. So far. I also add one more level of protection by using the free e-mail forwarding service provided by my web host. I create an e-mail address to display on the web page, make a graphic of it, and encode it like I described. Mail sent to that address @mywebsitedomainname is forwarded to my real e-mail address. If that address ever starts getting spam, I will change it and make a new graphic. But so far it's still clean. CFA From nospam at dev.null Wed May 4 04:29:14 2005 From: nospam at dev.null (Anty Spam) Date: Tue May 3 21:25:03 2005 Subject: [SpamCop-Geeks] Re: Epson C82 printers References: Message-ID: "Ilgaz" wrote in message news:d43q5h$p5p$1@news.spamcop.net... > On 2005-04-19 17:05:04 +0300, "Frog Prince" said: > ...snip.... > > > > Looking at a Canon iP5000 (~$150 net) as it uses a *lot* less ink. A quick > > check of the prices suggest that Canon replacement parts may be much less > > expensive than Epson. > > I got i250 here, using on OS X, its a $50 printer. Excellent results > but can'T say same for ink, well ink carts are really small. > > Ilgaz > Got i320. Beautiful after a Lexmark. Small carts don't worry too much, buy them as 3 to 4 black and 3 to 4 clour at a time at the price. Never measured real pages per tank, but suits me better than the Lexmark that dried up the whole time making it unaffordable. Cheers E From jr70 at blackhole.invalid Wed May 4 09:16:19 2005 From: jr70 at blackhole.invalid (John Richards) Date: Wed May 4 11:20:03 2005 Subject: [SpamCop-Geeks] Re: Avoiding sending MIME from Microsoft Windows XP References: Message-ID: "Larry Kilgallen" wrote in message news:oak44ABPjeNZ@eisner.encompasserve.org... > > My correspondent says he sends email with something called "Explorer". No such animal. Why don't you look in the headers of one of his messages to see what he really is using? There should be a line that starts out with "X-Mailer:". -- John Richards From asterix at no_where.net Wed May 4 23:59:31 2005 From: asterix at no_where.net (Asterix) Date: Wed May 4 17:00:03 2005 Subject: [SpamCop-Geeks] Re: Avoiding sending MIME from Microsoft Windows XP References: Message-ID: <1gw27th.13cvuj91epblbjN%asterix@no_where.net> Larry Kilgallen wrote: > > It should have been obvious from my question that I have no interest > in using Microsoft Windows. However, I have no desire to antagonize > a customer who pays me money to do work that does not involve the use > of Microsoft Windows. He uses Microsoft Windows to send me orders > and the like, and I am not about to jeopardize that relationship. Of course - want my .sig ? -- I recommend Macs to my friends, and Windows machines to those whom I don't mind billing by the hour From BNRAGMAOKKXT at spammotel.com Wed May 4 22:13:38 2005 From: BNRAGMAOKKXT at spammotel.com (Canopus) Date: Wed May 4 17:15:06 2005 Subject: [SpamCop-Geeks] Re: Avoiding sending MIME from Microsoft Windows XP References: Message-ID: Anthony Edwards on 30/04/2005 wrote: > but modern Linux distributions such as Ubuntu (the easiest Linux to > install, ever) and SuSE (a close second) will run on pretty much any > hardware that will run Windows. A slight divergence from the thread, but, OK, Linux should work on my hardware, but, how easy is it to get peripherals such as printers and scanners working with it? Do Epsom Printers and HP Scanners have Linux compatible drivers? What about all the software that I've *bought* which I really don't want to ditch such as Paint Shop Pro that I use often and has taken me some years to learn? I'd really love to switch to an OS which I could use efficiently instead of Windows which seems to take up more time fixing than using. Rob From Kilgallen at SpamCop.net Wed May 4 17:30:34 2005 From: Kilgallen at SpamCop.net (Larry Kilgallen) Date: Wed May 4 17:35:02 2005 Subject: [SpamCop-Geeks] Re: Avoiding sending MIME from Microsoft Windows XP References: <1gw27th.13cvuj91epblbjN%asterix@no_where.net> Message-ID: In article <1gw27th.13cvuj91epblbjN%asterix@no_where.net>, asterix@no_where.net (Asterix) writes: > Larry Kilgallen wrote: > >> >> It should have been obvious from my question that I have no interest >> in using Microsoft Windows. However, I have no desire to antagonize >> a customer who pays me money to do work that does not involve the use >> of Microsoft Windows. He uses Microsoft Windows to send me orders >> and the like, and I am not about to jeopardize that relationship. > > Of course - want my .sig ? > > -- > I recommend Macs to my friends, and Windows machines > to those whom I don't mind billing by the hour No, I really would rather do other things for a living. But if you are a Macintosh person, why is it a "."sig ? :-) From nobody at nowhere.invalid Thu May 5 00:31:30 2005 From: nobody at nowhere.invalid (Steven Maesslein) Date: Wed May 4 17:35:02 2005 Subject: [SpamCop-Geeks] Re: Avoiding sending MIME from Microsoft Windows XP References: Message-ID: On Wed, 4 May 2005 21:13:38 +0000 (UTC), Canopus coughed into spamcop.geeks and left this in : > A slight divergence from the thread, but, OK, Linux should work on my > hardware, but, how easy is it to get peripherals such as printers and > scanners working with it? Do Epsom Printers and HP Scanners have Linux > compatible drivers? Find out for yourself. http://www.linuxprinting.org http://www.sane-project.org > What about all the software that I've *bought* which I really don't > want to ditch such as Paint Shop Pro that I use often and has taken me > some years to learn? Heh - nobody forced you to pay for commercial software when there are perfectly good open source and free (as in speech and beer) solutions such as the GIMP (http://www.gimp.org) for which there happens to be a Windows version... > I'd really love to switch to an OS which I could use efficiently > instead of Windows which seems to take up more time fixing than using. Take the jump. I did so about 5 years ago and haven't looked back since. Start with something like Knoppix, which you can try as a live-CD before installing it so as to get the hang of things. http://www.knopper.net/knoppix/index-en.html -- Steve A clear conscience is usually the sign of a bad memory. From nobody at devnull.spamcop.net Wed May 4 19:03:10 2005 From: nobody at devnull.spamcop.net (Miss Betsy) Date: Wed May 4 19:00:02 2005 Subject: [SpamCop-Geeks] Re: Recommendations for web page forms References: Message-ID: "CFA" wrote in message news:d586cd$pjc$1@news.spamcop.net... > "Miss Betsy" wrote in message > news:d4hgn7$rqd$1@news.spamcop.net... > >I have a friend who wants to establish a web site that would > > connect various people who are interested in a particular subject, > > but doesn't know about using secure forms or ways to prevent > > spiders from collecting email addresses. > > > > Are there any particular programs that are recommended by this > > group for web forms or ways to encode mailto addresses? > > > > Miss Betsy > > > > > > > > I have had a personal web site for several years, and so far none of my > contact addresses have been found by spiders. My web host doesn't support > CGI, so I've had to make do with the basics. Here's what I do: > > I use Photoshop to make a simple graphic of my e-mail address. This is > displayed on the web page, so anyone who visits the page can see my address. > Then I use a link encoding program to JavaScript encode the address. This > goes in the head of the web page. A link to the address is in the body of > the page. > > So in the head of the web page you have: > > > > and in the body of the page you have: > > > > This link displays the graphic of your e-mail address and refers to your > encoded address in the head of the page. > > If someone visiting your web page has JavaScript turned off, he won't be > able to click on your graphic to send you e-mail, but at least he can still > see your e-mail address in the graphic. > > The web site where I got the free link encoder no longer exists, but if > you'll write to me, I'll send it to you. > > eo2n3ji02@sneakemail.com > > (And when this address starts getting spam, I will delete it, so it won't > last forever.) > > I hope I explained this so that you can understand. I'm not very good with > the terminology. I just know that this system works for me. So far. > > I also add one more level of protection by using the free e-mail forwarding > service provided by my web host. I create an e-mail address to display on > the web page, make a graphic of it, and encode it like I described. Mail > sent to that address @mywebsitedomainname is forwarded to my real e-mail > address. If that address ever starts getting spam, I will change it and > make a new graphic. But so far it's still clean. > > CFA Since I know almost nothing about making web pages, I have little idea of why your idea works. However, I will pass it on. I think I understand the concept. Thanks Miss Betsy From zitt at _no_spam_bigfoot.com Thu May 5 01:06:05 2005 From: zitt at _no_spam_bigfoot.com (John Zitterkopf) Date: Thu May 5 03:10:07 2005 Subject: [SpamCop-Geeks] Procmail recipe no longer working... Any ideas? Message-ID: I've been getting SPAM to a local address not published on the internet. Header with my email and server changed to myemail@mylocalserver.com to avoid more spam at this local server. Return-Path: X-Original-To: myemail@mylocalserver.com Delivered-To: myemail@mylocalserver.com Received: from 200-233-183-078-xd-dynamic.ctbcnetsuper.com.br (200-233-183-078-xd-dynamic.ctbcnetsuper.com.br [200.233.183.78]) by mylocalserver.com (Postfix) with SMTP id 216AFEDEC4 for ; Wed, 4 May 2005 18:21:02 -0700 (PDT) Received: from 129.231.214.4 by 200.233.183.78; Wed, 04 May 2005 23:20:00 -0300 Message-ID: From: "Hal Weaver" Reply-To: "Hal Weaver" To: x Subject: We can sheep you disccounted errection mads feast Date: Thu, 05 May 2005 07:18:00 +0500 X-Mailer: AOL 93.0 for Windows US sub 637 MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="--JLCAYZJNA02756EASLR" X-Priority: 3 X-MSMail-Priority: Normal X-IP:198.98.52.149 Status: RO I've been trying to trap these types of spammers using a procmail reciepe that I thought I had working previously. But for some reason it no longer works... Can't figure out why... The idea is that if I get email directly on this server without it going through spamcop; I resend it for "filtering" by spamcop. #forward any mail which hasn't been though spamcop to spamcop for filtering :0 H * -2^0 * 1^0 ^Delivered-To:.*myemail@mylocalserver\.com * 1^0 !^Delivered-To:.*spamcop-net-zitt@spamcop\.net # Avoid email loops * 1^0 !^X-Loop:.*myemail@mylocalserver\.com { :0 { RULE="no Spamcop filtered mail" } :0c: #Preserve a copy of the email noSpamcop.mail :0fwh #Adjust some headers before forwarding | formail -A"X-Loop: myemail@mylocalserver\.com" \ -A"X-From-Origin: ${FROM_}" \ -i"Subject: $SUBJ_ (fwd)" \ -A"X-Rule: $RULE" :0: ! zitt@spamcop.net } Anyone have any ideas what may be going wrong now? Why isn't it working? John -- EE's do it 'til it Hz 8-) ~~~~~~~~~~~~~~~~~~John D. Zitterkopf~~~~~~~~~~~~~~ zitt@zittware.com http://www.zittware.com _____________________________________________________________________ Under US Code Title 47, Sec.227(b)(1)(C), Sec.227(a)(2)(B)These email address may not be added to any commercial mail list with out my permission. Violation of my privacy with advertising or SPAM will result in a suit for a MINIMUM of $500 damages/incident, $1500 for repeats. From nobody at nowhere.invalid Thu May 5 12:25:03 2005 From: nobody at nowhere.invalid (Steven Maesslein) Date: Thu May 5 05:30:03 2005 Subject: [SpamCop-Geeks] Re: Procmail recipe no longer working... Any ideas? References: Message-ID: On Thu, 5 May 2005 00:06:05 -0700, John Zitterkopf coughed into spamcop.geeks and left this in : > I've been trying to trap these types of spammers using a procmail reciepe > that I thought I had working previously. But for some reason it no longer > works... What about it no longer works? It doesn't forward to spamcop any more or it forwards everything? It forwards the wrong stuff? One thing that might be a problem, however, is your formail command. The expressions used aren't regexes so there's no need to escape the period as in: | formail -A"X-Loop: myemail@mylocalserver\.com" \ This is sufficient: | formail -A"X-Loop: myemail@mylocalserver.com" \ On a side note, why don't you get SpamCop to pop your mail from your local account and you pop it, filtered, from SpamCop? -- Steve "I don't understand that attitude. Don't we want email that has dancing bears, cute little videos, musical tunes, animated waving hands, sixty fonts, and looks like it's been done with crayolas? Good grief, man, think like a three year old!" -- Norm Reitzel discussing HTML email From nobody at devnull.spamcop.net Thu May 5 11:18:02 2005 From: nobody at devnull.spamcop.net (Pop) Date: Thu May 5 10:20:05 2005 Subject: [SpamCop-Geeks] Re: Avoiding sending MIME from Microsoft Windows XP References: Message-ID: ... > Start with something like Knoppix, which you can try as a live-CD before > installing it so as to get the hang of things. > > http://www.knopper.net/knoppix/index-en.html Knoppix is a great way to go. You can also pick up Open Office Suite, the replacement for MS Office, which actually is pretty good. Open Office also will work on windows if you want to feel it out - and it's free - and seems pretty well behaved, though under windows I can get it to screw up. I hear it's much better on Knoppix. Lots of other free stuff too, being open source. I tried to make the switch myself, but it turned out I used too many of the Office features that Knoppix just doesn't implement or implements in ways that won't match with my needs. I also hit a wall trying to find drivers for my soft modem, but if I really wanted KX, I'd buy an external. I'm a fairly intense user, so it just wasn't going to work for me, but if your users are only using the "normal" 25% of Office abilities and such, it would be a great replacement! PSP I never did find a replacement for, and am still looking. Gimp et al could do the things, but I never found an all in one so I only had one app for it all. PSP does about everything I need. There were video codec problems, too, so at that point I decided I'd hit the point of diminishing returns and figured I'd wait a year or so and see what's up again at that time. For "normal" users though, it's a GREAT way to go! Beware, in the beginning, there ARE lots of maintenance issues to work out, but once you get it going, it's pretty stable. My son in Ct relies 100% on Linux. To really make it dance though, you have to get techie with it; it's not a pure "user's" tool. AFAIK there is NO turn-key Linux in the fashion of windows; after all, it is written and supported by volunteers and their organization, albeit they are very dedicated. I'll probaby get flamed for this, but, there are indications of some standards wars breaking out too. I wouldn't back burner it, but I'd wait a year at least to see what's up. Pop From m at remove.this.part.rtij.nl Thu May 5 15:40:53 2005 From: m at remove.this.part.rtij.nl (Martijn Lievaart) Date: Thu May 5 12:00:08 2005 Subject: [SpamCop-Geeks] Re: Avoiding sending MIME from Microsoft Windows XP References: Message-ID: On Wed, 04 May 2005 23:31:30 +0200, Steven Maesslein wrote: > Take the jump. I did so about 5 years ago and haven't looked back since. Go for it. > Start with something like Knoppix, which you can try as a live-CD before > installing it so as to get the hang of things. > > http://www.knopper.net/knoppix/index-en.html I advice ubuntu (www.ubuntulinux.org), but either of those have live CD's to get you started. M4 -- Ah, the beauty of OSS. Hundreds of volunteers worldwide volunteering their time inventing and implementing new, exciting ways for software to suck. -- Toni Lassila in the Monastry From jr70 at blackhole.invalid Thu May 5 10:26:21 2005 From: jr70 at blackhole.invalid (John Richards) Date: Thu May 5 12:30:19 2005 Subject: [SpamCop-Geeks] Re: Avoiding sending MIME from Microsoft Windows XP References: Message-ID: "Pop" wrote in message news:d5d9um$d74$1@news.spamcop.net... > ... > I tried to make the switch myself, but it turned out I used too many of the > Office features that Knoppix just doesn't implement or implements in ways > that won't match with my needs. > I also hit a wall trying to find drivers for my soft modem, but if I > really wanted KX, I'd buy an external. I'm a fairly intense user, so it I tried various Linux distros, and inevitably, either my modem, or my printer, or my video card (or all three) weren't supported. So, I gave up and went back to Windows XP. > just wasn't going to work for me, but if your users are only using the > "normal" 25% of Office abilities and such, it would be a great replacement! > PSP I never did find a replacement for, and am still looking. Gimp et al > could do the things, but I never found an all in one so I only had one app > for it all. PSP does about everything I need. > There were video codec problems, too, so at that point I decided I'd hit > the point of diminishing returns and figured I'd wait a year or so and see > what's up again at that time. > For "normal" users though, it's a GREAT way to go! Beware, in the > beginning, there ARE lots of maintenance issues to work out, but once you > get it going, it's pretty stable. My son in Ct relies 100% on Linux. To > really make it dance though, you have to get techie with it; it's not a pure > "user's" tool. AFAIK there is NO turn-key Linux in the fashion of windows; > after all, it is written and supported by volunteers and their organization, > albeit they are very dedicated. > I'll probaby get flamed for this, but, there are indications of some > standards wars breaking out too. I wouldn't back burner it, but I'd wait a > year at least to see what's up. I totally agree. One needs to be a techie in order to make it work. That limits it to a very small segment of the user population. Bill Gates has nothing to worry about (yet). -- John Richards From BNRAGMAOKKXT at spammotel.com Thu May 5 19:41:48 2005 From: BNRAGMAOKKXT at spammotel.com (Canopus) Date: Thu May 5 14:45:04 2005 Subject: [SpamCop-Geeks] Re: Avoiding sending MIME from Microsoft Windows XP References: Message-ID: Steven Maesslein on 04/05/2005 wrote: > On Wed, 4 May 2005 21:13:38 +0000 (UTC), Canopus coughed into > spamcop.geeks and left this in : > > > A slight divergence from the thread, but, OK, Linux should work on > > my hardware, but, how easy is it to get peripherals such as > > printers and scanners working with it? Do Epsom Printers and HP > > Scanners have Linux compatible drivers? > > Find out for yourself. > > http://www.linuxprinting.org > http://www.sane-project.org > > > What about all the software that I've bought which I really don't > > want to ditch such as Paint Shop Pro that I use often and has taken > > me some years to learn? > > Heh - nobody forced you to pay for commercial software when there are > perfectly good open source and free (as in speech and beer) solutions > such as the GIMP (http://www.gimp.org) for which there happens to be > a Windows version... > > > I'd really love to switch to an OS which I could use efficiently > > instead of Windows which seems to take up more time fixing than > > using. > > Take the jump. I did so about 5 years ago and haven't looked back > since. > > Start with something like Knoppix, which you can try as a live-CD > before installing it so as to get the hang of things. > > http://www.knopper.net/knoppix/index-en.html I've tried out the Knoppix dispro, I liked it although running something like that after it's loaded into RAM only gives you an idea of the system, I kept running out of memory if I tried to do anything which needed a fair amount of RAM. Looks like my Epsom Printer is OK for drivers, seems to be possible issues with my scanner, but, it could work. Not sure about my ADSL USB modem, camera and mini disc player, will have to look into those. I suppose I could make room on my second HD which I use for backups and create a primary partition on it to try out Linux. Rob From BNRAGMAOKKXT at spammotel.com Thu May 5 19:47:25 2005 From: BNRAGMAOKKXT at spammotel.com (Canopus) Date: Thu May 5 14:50:02 2005 Subject: [SpamCop-Geeks] Re: Avoiding sending MIME from Microsoft Windows XP References: Message-ID: Pop on 05/05/2005 wrote: > Knoppix is a great way to go. You can also pick up Open Office > Suite, the replacement for MS Office, which actually is pretty good. > Open Office also will work on windows if you want to feel it out - > and it's free - and seems pretty well behaved, though under windows I > can get it to screw up. I hear it's much better on Knoppix. Lots of > other free stuff too, being open source. > > I tried to make the switch myself, but it turned out I used too many > of the Office features that Knoppix just doesn't implement or > implements in ways that won't match with my needs. > I also hit a wall trying to find drivers for my soft modem, but if > I really wanted KX, I'd buy an external. I'm a fairly intense user, > so it just wasn't going to work for me, but if your users are only > using the "normal" 25% of Office abilities and such, it would be a > great replacement! PSP I never did find a replacement for, and am > still looking. Gimp et al could do the things, but I never found an > all in one so I only had one app for it all. PSP does about > everything I need. I've used Open Office in the past and now have Star Office and of course it can also be installed as a Linux utility. Sadly the Gimp doesn't come anywhere near PSP9 so if I switched to Linux it would have to twin boot with Windows if only for PSP9. Rob From BNRAGMAOKKXT at spammotel.com Thu May 5 19:49:09 2005 From: BNRAGMAOKKXT at spammotel.com (Canopus) Date: Thu May 5 14:50:04 2005 Subject: [SpamCop-Geeks] Re: Avoiding sending MIME from Microsoft Windows XP References: Message-ID: John Richards on 05/05/2005 wrote: > "Pop" wrote in message > news:d5d9um$d74$1@news.spamcop.net... > > ... > > I tried to make the switch myself, but it turned out I used too > > many of the Office features that Knoppix just doesn't implement or > > implements in ways that won't match with my needs. > > I also hit a wall trying to find drivers for my soft modem, but > > if I really wanted KX, I'd buy an external. I'm a fairly intense > > user, so it > > I tried various Linux distros, and inevitably, either my modem, or my > printer, or my video card (or all three) weren't supported. So, I > gave up and went back to Windows XP. > > > > just wasn't going to work for me, but if your users are only using > > the "normal" 25% of Office abilities and such, it would be a great > > replacement! PSP I never did find a replacement for, and am > > still looking. Gimp et al could do the things, but I never found > > an all in one so I only had one app for it all. PSP does about > > everything I need. There were video codec problems, too, so at > > that point I decided I'd hit the point of diminishing returns and > > figured I'd wait a year or so and see what's up again at that time. > > For "normal" users though, it's a GREAT way to go! Beware, in > > the beginning, there ARE lots of maintenance issues to work out, > > but once you get it going, it's pretty stable. My son in Ct relies > > 100% on Linux. To really make it dance though, you have to get > > techie with it; it's not a pure "user's" tool. AFAIK there is NO > > turn-key Linux in the fashion of windows; after all, it is written > > and supported by volunteers and their organization, albeit they are > > very dedicated. I'll probaby get flamed for this, but, there are > > indications of some standards wars breaking out too. I wouldn't > > back burner it, but I'd wait a year at least to see what's up. > > I totally agree. One needs to be a techie in order to make it work. > That limits it to a very small segment of the user population. > Bill Gates has nothing to worry about (yet). It's sounding more and more like a twin boot with Windows job to get the best of both worlds. Rob From MikeE at ster.invalid Thu May 5 15:29:03 2005 From: MikeE at ster.invalid (Mike Easter) Date: Thu May 5 17:30:04 2005 Subject: [SpamCop-Geeks] Re: Avoiding sending MIME from Microsoft Windows XP References: Message-ID: Canopus wrote: > Sadly the Gimp doesn't come anywhere near PSP9 so if I switched to > Linux it would have to twin boot with Windows if only for PSP9. Wine. http://appdb.winehq.org/ The top-10 Gold List - Applications which install and run virtually flawless on a out-of-the-box Wine installation make it to the Gold list: -- Paint Shop Pro -- Mike Easter kibitzer, not SC admin From anthony.edwards at uk.easynet.net Thu May 5 23:05:34 2005 From: anthony.edwards at uk.easynet.net (Anthony Edwards) Date: Thu May 5 18:10:07 2005 Subject: [SpamCop-Geeks] Re: Avoiding sending MIME from Microsoft Windows XP References: Message-ID: On Thu, 5 May 2005 18:49:09 +0000 (UTC), Canopus wrote: > It's sounding more and more like a twin boot with Windows job to get > the best of both worlds. That's how most of us who have migrated from Windows to Linux started out. In my case, I removed Windows altogether from my machines after around three months, but it is nice to have the dual boot option for as long as one wants or needs it. Some Linux distributions are easier than others to install on machines with Windows already installed in a dual boot configuration, SuSE (now owned by Novell) being particularly simple in this regard. Just boot from installation media and follow the prompts (but, as best practice, back up existing data first). If you want to see if your existing hardware is supported, download the Live CD and boot from that. See " SUSE LINUX Professional 9.3 Live version" at: http://www.novell.com/products/linuxprofessional/downloads/suse_linux/index.html -- Anthony Edwards * anthony.edwards@uk.easynet.net Abuse Team Manager * Tel: 0800 053 0588 Easynet Ltd * DDI: 0161 227 0707 http://www.uk.easynet.net * Fax: 0845 333 4503 From BNRAGMAOKKXT at spammotel.com Thu May 5 23:10:17 2005 From: BNRAGMAOKKXT at spammotel.com (Canopus) Date: Thu May 5 18:15:02 2005 Subject: [SpamCop-Geeks] Re: Avoiding sending MIME from Microsoft Windows XP References: Message-ID: Mike Easter on 05/05/2005 wrote: > Canopus wrote: > > Sadly the Gimp doesn't come anywhere near PSP9 so if I switched to > > Linux it would have to twin boot with Windows if only for PSP9. > > Wine. http://appdb.winehq.org/ The top-10 Gold List - Applications > which install and run virtually flawless on a out-of-the-box Wine > installation make it to the Gold list: -- Paint Shop Pro Interesting, but, unfortunately although it is top of the Gold List it is only V 4 and it looks like 5 that is. PSP 9 only makes it to the Bronze list stating: What works: - Open files - Save files - Browse Folders - Merge Layers - Brush Drawing What doesn't work: - Apply effects - Fill surfaces - Use the undo system Considering I use it for photograph editing and need such features as Histogram Adjustment, Digital Camera Noise Removal filter and Chromatic Aberration Removal filter among others then it is pointless even trying PSP 9 on that OS. As far as V 4 and 5 are concerned very few people use them any more as they are too primitive. Rob From BNRAGMAOKKXT at spammotel.com Thu May 5 23:16:56 2005 From: BNRAGMAOKKXT at spammotel.com (Canopus) Date: Thu May 5 18:20:04 2005 Subject: [SpamCop-Geeks] Re: Avoiding sending MIME from Microsoft Windows XP References: Message-ID: Anthony Edwards on 05/05/2005 wrote: > If you want to see if your existing hardware is supported, download > the Live CD and boot from that. See " SUSE LINUX Professional 9.3 > Live version" at..... I believe I may have that CD somewhere, I'm sure I had it as one of the free discs of a mag. I may even be able to find it in a few days using my amazing CD filing system. Alternatively it may be quicker to download it as you suggest :-) Rob From nobody at nowhere.invalid Fri May 6 01:17:57 2005 From: nobody at nowhere.invalid (Steven Maesslein) Date: Thu May 5 18:20:06 2005 Subject: [SpamCop-Geeks] Re: Avoiding sending MIME from Microsoft Windows XP References: Message-ID: On Thu, 5 May 2005 18:41:48 +0000 (UTC), Canopus coughed into spamcop.geeks and left this in : > I suppose I could make room on my second HD which I use for backups and > create a primary partition on it to try out Linux. Linux doesn't require a primary partition. The only requirement is that the kernel be installed in an area of the disk accessible to the BIOS. For example, some older machines only recognized disks up to 8GB and required BIOS overlays for the whole, say, 30GB to be usable in Windows. Linux, OTOH, once it's loaded, throws the BIOS out the window and uses its own code to access the entirety of the disk. -- Steve "Our enemies are innovative and resourceful, and so are we. They never stop thinking about new ways to harm our country and our people, and neither do we." -- President George W. Bush addressing the Pentagon, 05-AUG-2004 From anthony.edwards at uk.easynet.net Thu May 5 23:18:55 2005 From: anthony.edwards at uk.easynet.net (Anthony Edwards) Date: Thu May 5 18:20:09 2005 Subject: [SpamCop-Geeks] Re: Avoiding sending MIME from Microsoft Windows XP References: <1gw27th.13cvuj91epblbjN%asterix@no_where.net> Message-ID: On Wed, 4 May 2005 22:59:31 +0200, Asterix wrote: > I recommend Macs to my friends, and Windows machines > to those whom I don't mind billing by the hour We have seen two compromised Apple servers running Mac OS X Server this week, which were subsequently (ab)used to transmit Unsolicited Bulk Email without the legitimate machine owners' knowledge, authorisation or permission. In both instances, user accounts appear to have been remotely compromised initially, and in one case a rootkit appears to have subsequently been installed. My guess is that such servers are now being actively targetted, so the opportunity to make consultancy revenue from Apple shops may be about to increase. -- Anthony Edwards * anthony.edwards@uk.easynet.net Abuse Team Manager * Tel: 0800 053 0588 Easynet Ltd * DDI: 0161 227 0707 http://www.uk.easynet.net * Fax: 0845 333 4503 From MikeE at ster.invalid Thu May 5 16:22:22 2005 From: MikeE at ster.invalid (Mike Easter) Date: Thu May 5 18:25:02 2005 Subject: [SpamCop-Geeks] Re: Avoiding sending MIME from Microsoft Windows XP References: Message-ID: Canopus wrote: > Mike Easter on 05/05/2005 wrote: >> Wine. http://appdb.winehq.org/ The top-10 Gold List - Applications >> which install and run virtually flawless on a out-of-the-box Wine >> installation make it to the Gold list: -- Paint Shop Pro > > Interesting, but, unfortunately although it is top of the Gold List it > is only V 4 and it looks like 5 that is. PSP 9 only makes it to the > Bronze list stating: Here's the part I read from the site when I chased the various versions. The place I read said that the trial version had problems but that the reg'd version of 9 worked fine: I went from the first link to here http://appdb.winehq.org/appview.php?appId=76 9.x This is version 9 of Paint Shop Pro. Bronze 20050211 5 then here http://appdb.winehq.org/appview.php?versionId=2505 then here -- these are the last 2 of the 5 RE: PSP9: Starts up, but not usable. OpenGL error by Valerie on Saturday January 29th 2005, 4:09 Yes, PSP 9.01 (registered version) seems to be working fine with Wine-20050111. Infact I think its faster. I am not sure why the trial version should not work. I wouldnt say its Garbage with this version. RE: PSP9: Starts up, but not usable. OpenGL error by Jonathan Ernst on Friday February 18th 2005, 5:10 Just tried it with a registered version, it works here too. -- Mike Easter kibitzer, not SC admin From zitt at _no_spam_bigfoot.com Thu May 5 20:50:29 2005 From: zitt at _no_spam_bigfoot.com (John Zitterkopf) Date: Thu May 5 22:55:27 2005 Subject: [SpamCop-Geeks] Re: Procmail recipe no longer working... Any ideas? References: Message-ID: > What about it no longer works? It doesn't forward to spamcop any more or > it forwards everything? It forwards the wrong stuff? No longer forwards or executes; which normally would indicate that I screwed up my email address in the header checks. However, I've checked it about a dozen times... every time I get a spammed email (which I got two today already). The "spam" intended to trapped doesn't appear in the noSpamcop.mail mbox folder... nor does it get forwarded to spamcop. I know it use to work; because I remember cleaning it out recently. Last time appears to be Apr 29 23:01 according to my local unix timestamp. The funny thing is that nothing changed between then and now... my local email address stayed the same... as did my spamcop address. One thing that did occur is my spamcop address "expired" because I was unaware and unnotified that it was up for renewal. That problem was "rectified" within 12hrs. I wouldn't think bounces would be tracked by procmail... ie I don't think procmail would stop forwarding a certain receipe becuase the final address started bouncing. :::Cornfused::: > One thing that might be a problem, however, is your formail command. The > expressions used aren't regexes so there's no need to escape the period > as in: Good catch; but sadly... a result of my copy/paste activity when posting and hiding my real local email address. The acutal receipe has standard email addresses in the formail line. > On a side note, why don't you get SpamCop to pop your mail from your > local account and you pop it, filtered, from SpamCop? The local account is a home linux server. It's the end of the line for a long email chain. The idea is to have the email "local" to my many various machines. John From user at domain.invalid Thu May 5 23:42:50 2005 From: user at domain.invalid (User) Date: Thu May 5 23:45:03 2005 Subject: [SpamCop-Geeks] SORBS DNSBL Message-ID: Anybody notice how unruly dnsbl.sorbs.net can be?? I finally had to remove it from my sendmail.cf file. Netscape Web Mail was being rejected as was most all mail originating from BELLSOUTH.NET .. what a bummer!! From nobody at nowhere.invalid Fri May 6 11:06:29 2005 From: nobody at nowhere.invalid (Steven Maesslein) Date: Fri May 6 04:10:02 2005 Subject: [SpamCop-Geeks] Re: SORBS DNSBL References: Message-ID: On Thu, 05 May 2005 22:42:50 -0500, User coughed into spamcop.geeks and left this in : > Anybody notice how unruly dnsbl.sorbs.net can be?? I finally had to > remove it from my sendmail.cf file. Netscape Web Mail was being rejected > as was most all mail originating from BELLSOUTH.NET .. what a bummer!! dnsbl.sorbs.net is an aggregate of many DNSBLs. If you want to be more picky about what you reject you can look at the various DNSBLs available here: http://www.dnsbl.au.sorbs.net/using.shtml Scroll down to the "Zones Available". -- Steve drug, n: A substance which, when injected into a rat, produces a scientific paper. From nttp.sc.sg at bigsleep.org Fri May 6 23:30:05 2005 From: nttp.sc.sg at bigsleep.org (Blammo) Date: Fri May 6 18:35:03 2005 Subject: [SpamCop-Geeks] Re: SORBS DNSBL References: Message-ID: On 05 May 2005 User entered spamcop.geeks and left news:d5ep2u$6d6$1@news.spamcop.net: > Anybody notice how unruly dnsbl.sorbs.net can be?? I finally had to > remove it from my sendmail.cf file. Netscape Web Mail was being rejected > as was most all mail originating from BELLSOUTH.NET .. what a bummer!! Currently I just use it to add a header to local deliveries because it's almost impossible to whitelist certain domains, ameritech, twtelecom, pacbell, qwest, these idiots don't know how to write good PTR records, such a PIA to deal with. Be nice to just reject all these bozo IPs that can't set a PTR record for their mail server (like get a real mail server), but unfortunately people actually want mail from them. The other option is to use delay checks to check the sender before rejecting. Or come up with your own ruleset to deal with it. It actually shouldn't be hard to white-list Netscape, but I don't know what their outgoing servers are, if it's going out AOL you can just white-list mx.aol.com. -- | Ric | From agent01413 at my-deja.com Sat May 7 00:34:23 2005 From: agent01413 at my-deja.com (Socks the Whitehouse Cat) Date: Fri May 6 19:35:18 2005 Subject: [SpamCop-Geeks] Re: SORBS DNSBL References: Message-ID: User wrote in news:d5ep2u$6d6$1@news.spamcop.net: > Anybody notice how unruly dnsbl.sorbs.net can be?? I finally had to > remove it from my sendmail.cf file. Netscape Web Mail was being rejected > as was most all mail originating from BELLSOUTH.NET .. what a bummer!! i'm using it with great success and no complaints. most all mail from bellsouth SHOULD be rejected. They don't shut down spammers -- "...Life is not a journey to the grave with the intention of arriving safely in one pretty and well preserved piece, but to slide across the finish line broadside, thoroughly used up, worn out, leaking oil, and shouting GERONIMO!!!" -- Bill McKenna, date unknown From jr70 at blackhole.invalid Fri May 6 18:20:43 2005 From: jr70 at blackhole.invalid (John Richards) Date: Fri May 6 20:25:02 2005 Subject: [SpamCop-Geeks] Re: Avoiding sending MIME from Microsoft Windows XP References: Message-ID: "Anthony Edwards" wrote in message news:d5e5be$rvq$1@news.spamcop.net... > > If you want to see if your existing hardware is supported, download > the Live CD and boot from that. See " SUSE LINUX Professional 9.3 > Live version" at: > > http://www.novell.com/products/linuxprofessional/downloads/suse_linux/index.html Which states: "This version runs entirely from the bootable DVD ..." I thought it ran from a bootable CD? I have no access to a DVD burner. -- John Richards From nobody at devnull.spamcop.net Fri May 6 20:48:03 2005 From: nobody at devnull.spamcop.net (WazoO) Date: Fri May 6 20:50:02 2005 Subject: [SpamCop-Geeks] Re: Avoiding sending MIME from Microsoft Windows XP References: Message-ID: "John Richards" wrote in message news:d5h1ks$btb$1@news.spamcop.net... > "Anthony Edwards" wrote in message news:d5e5be$rvq$1@news.spamcop.net... > > > > If you want to see if your existing hardware is supported, download > > the Live CD and boot from that. See " SUSE LINUX Professional 9.3 > > Live version" at: > > > > http://www.novell.com/products/linuxprofessional/downloads/suse_linux/index.html > > Which states: "This version runs entirely from the bootable DVD ..." > I thought it ran from a bootable CD? I have no access to a DVD burner. >From ftp://mirror.mcs.anl.gov/pub/suse/i386/9.2/iso/README.txt You have the choice: 1) If you have a DVD burner, you can download the file SUSE-Linux-9.2-FTP-DVD.iso (the file's exact size is 3363543040 Bytes!) and burn it on a DVD to boot and install from it, just like you would do with a DVD from a SUSE Linux 9.2 box edition. 2) If you have a CDR/RW burner, you may want to download the file SUSE-Linux-9.2-mini-installation.iso (size: exactly 67336192 bytes), burn it on a CD and boot from it to start the installation of the SUSE Linux 9.2 FTP version. The advantage over option 1) is clear: You only download the packages that you need: From the total of 3GB of the DVD image you might only need 1GB for your desired selection of packages to install. Also, consult the README file in the 9.2/boot directory (same level as this "iso" directory). From MikeE at ster.invalid Fri May 6 22:00:18 2005 From: MikeE at ster.invalid (Mike Easter) Date: Sat May 7 00:00:03 2005 Subject: [SpamCop-Geeks] Re: Avoiding sending MIME from Microsoft Windows XP References: Message-ID: John Richards wrote: > "Anthony Edwards" >> If you want to see if your existing hardware is supported, download >> the Live CD and boot from that. See " SUSE LINUX Professional 9.3 >> Live version" at: >> >> http://www.novell.com/products/linuxprofessional/downloads/suse_linux/index.html > > Which states: "This version runs entirely from the bootable DVD ..." > I thought it ran from a bootable CD? I have no access to a DVD burner. You are correct, DVD. SuSE's CDs for an install number 5 -- there isn't such a live CD iso. You can order a live DVD, $8 for the regular 9.3, $25 for the 9.3 Pro at http://www.linuxcd.org -- Mike Easter kibitzer, not SC admin From user at domain.invalid Sat May 7 00:59:20 2005 From: user at domain.invalid (User) Date: Sat May 7 01:00:02 2005 Subject: [SpamCop-Geeks] Re: SORBS DNSBL In-Reply-To: References: Message-ID: On 06.05.2005 03:06, Steven Maesslein wrote: --- Original Message --- > On Thu, 05 May 2005 22:42:50 -0500, User coughed into spamcop.geeks and > left this in : > >> Anybody notice how unruly dnsbl.sorbs.net can be?? I finally had to >> remove it from my sendmail.cf file. Netscape Web Mail was being rejected >> as was most all mail originating from BELLSOUTH.NET .. what a bummer!! > > dnsbl.sorbs.net is an aggregate of many DNSBLs. If you want to be more > picky about what you reject you can look at the various DNSBLs available > here: > > http://www.dnsbl.au.sorbs.net/using.shtml > > Scroll down to the "Zones Available". > Since removing the dnsbl.sorbs.net entry most if not all of the problems disappeared. I've been running the following for a VERY long time: bl.spamcop.net sbl-xbl.spamhaus.org relays.ordb.org dnsbl.njabl.org list.dsbl.org Over 6,000+ rejections daily and no complaints from clients. Only had unhappy campers after adding dnsbl.sorbs.net .. they can keep it!! And those rejections don't include those from the access.db and/or Spamassassin, ClamAV, etc. I only have commercial mail accounts, they're happy and I'm happy that they're happy !! :-) From user at domain.invalid Sat May 7 01:01:18 2005 From: user at domain.invalid (User) Date: Sat May 7 01:00:07 2005 Subject: [SpamCop-Geeks] Re: SORBS DNSBL In-Reply-To: References: Message-ID: On 06.05.2005 18:34, Socks the Whitehouse Cat wrote: --- Original Message --- > i'm using it with great success and no complaints. most all mail from > bellsouth SHOULD be rejected. They don't shut down spammers You wouldn't be pooh-poohing Bellsouth if you had as many PAYing clients as I have .. !! :-) From scamper at trisk.com Sat May 7 02:46:49 2005 From: scamper at trisk.com (Garen Erdoisa) Date: Sat May 7 03:45:23 2005 Subject: [SpamCop-Geeks] Re: Procmail recipe no longer working... Any ideas? In-Reply-To: References: Message-ID: John Zitterkopf wrote: > I've been getting SPAM to a local address not published on the internet. > > Header with my email and server changed to myemail@mylocalserver.com to > avoid more spam at this local server. > > Return-Path: > X-Original-To: myemail@mylocalserver.com > Delivered-To: myemail@mylocalserver.com > Received: from 200-233-183-078-xd-dynamic.ctbcnetsuper.com.br > (200-233-183-078-xd-dynamic.ctbcnetsuper.com.br [200.233.183.78]) > by mylocalserver.com (Postfix) with SMTP id 216AFEDEC4 > for ; Wed, 4 May 2005 18:21:02 -0700 (PDT) > Received: from 129.231.214.4 by 200.233.183.78; Wed, 04 May 2005 > 23:20:00 -0300 > Message-ID: > From: "Hal Weaver" > Reply-To: "Hal Weaver" > To: x > Subject: We can sheep you disccounted errection mads feast > Date: Thu, 05 May 2005 07:18:00 +0500 > X-Mailer: AOL 93.0 for Windows US sub 637 > MIME-Version: 1.0 > Content-Type: multipart/alternative; > boundary="--JLCAYZJNA02756EASLR" > X-Priority: 3 > X-MSMail-Priority: Normal > X-IP:198.98.52.149 > Status: RO > I've been trying to trap these types of spammers using a procmail reciepe > that I thought I had working previously. But for some reason it no longer > works... > Can't figure out why... > > The idea is that if I get email directly on this server without it going > through spamcop; I resend it for "filtering" by spamcop. > > #forward any mail which hasn't been though spamcop to spamcop for filtering > :0 H > * -2^0 > * 1^0 ^Delivered-To:.*myemail@mylocalserver\.com > * 1^0 !^Delivered-To:.*spamcop-net-zitt@spamcop\.net > # Avoid email loops > * 1^0 !^X-Loop:.*myemail@mylocalserver\.com > { > :0 > { RULE="no Spamcop filtered mail" } > :0c: #Preserve a copy of the email > noSpamcop.mail > :0fwh #Adjust some headers before forwarding > | formail -A"X-Loop: myemail@mylocalserver\.com" \ > -A"X-From-Origin: ${FROM_}" \ > -i"Subject: $SUBJ_ (fwd)" \ > -A"X-Rule: $RULE" > :0: > ! zitt@spamcop.net Noticed one problem the above recipe should read: :0 ! zitt@spamcop.net or if you want a lockfile anyway, just specify one to use thus: :0: mylockfile.lock ! zitt@spamcop.net That 2nd colon without a subsequent filename tells procmail to use an implied lockfile, however procmail is unable to determine a lockfile for this recipe because it translates to something like /usr/sbin/sendmail -oi zitt@spamcop.net That in and of itself shouldn't cause a failure, it would just cause procmail to complain about the lockfile. > } > > Anyone have any ideas what may be going wrong now? > Why isn't it working? Other than that the recipe looks like it should work. I tried it on my system having it mail your test message above to a local account and it did work, however I had to delete the content type header first or the body of the message got corrupted since I didn't have the original mime message body to work with, I just replaced it with plain text. Try this while debugging it. At the top of the recipe you are testing put: VERBOSE=yes At the bottom of the recipe you are testing put: :0 /dev/null While debugging, change the delivery address to a local account while you are testing the recipe. Save the recipe you are testing to a file such as "test.rc". Save the raw message you are testing the recipe on in a file such as "testmessage", then try this from the command line. procmail test.rc &1 |less Then you can see what procmail is actually doing as it processes the test message. If you have long recipes though, it may create a huge ammount of output. The above method is usefull for debugging recipes. As an alternative to the above, you can do this instead: LOGFILE=${HOME}/procmail.log VERBOSE=yes ... stuff you are testing ... VERBOSE=no Then watch the procmail.log file as it processes emails. tail -f procmail.log > > John Hope this helps. Garen From wb8tyw at qsl.network Sat May 7 18:41:04 2005 From: wb8tyw at qsl.network (John E. Malmberg) Date: Sat May 7 17:45:06 2005 Subject: [SpamCop-Geeks] Re: SORBS DNSBL In-Reply-To: References: Message-ID: User wrote: > On 06.05.2005 03:06, Steven Maesslein wrote: > >>On Thu, 05 May 2005 22:42:50 -0500, User coughed into spamcop.geeks and >>left this in : >> >> >>>Anybody notice how unruly dnsbl.sorbs.net can be?? I finally had to >>>remove it from my sendmail.cf file. Netscape Web Mail was being rejected >>>as was most all mail originating from BELLSOUTH.NET .. what a bummer!! >> >>dnsbl.sorbs.net is an aggregate of many DNSBLs. If you want to be more >>picky about what you reject you can look at the various DNSBLs available >>here: >> >>http://www.dnsbl.au.sorbs.net/using.shtml >> >>Scroll down to the "Zones Available". >> > Since removing the dnsbl.sorbs.net entry most if not all of the problems > disappeared. I've been running the following for a VERY long time: > > bl.spamcop.net > sbl-xbl.spamhaus.org > relays.ordb.org > dnsbl.njabl.org > list.dsbl.org > > Over 6,000+ rejections daily and no complaints from clients. Only had > unhappy campers after adding dnsbl.sorbs.net .. they can keep it!! You will find that those false positives are probably from when dnsbl.sorbs.net returns 127.0.0.6 If you followed the above link for SORBS, you will see that 127.0.0.6 is their spam-trap zone that usually requires the ISP to pay a donation to charity to get delisted. It only takes one multi-hop spam or virus to get on that list, so many of the residential ISPs will get listed on a regular basis. Now you will probably find that using dul.dnsbl.sorbs.net will reduce what spam is currently leaking through. It will likely have a lower chance of a false positive than bl.spamcop.net. The rest of the sorbs zones in the dnsbl will likely be listing the same I.P. addresses that your existing ones are providing better coverage of. The use of spam.dnsbl.sorbs.net is more suited for a scoring system than an outright block. Think of it more as a multi-hop spam list. The bl.spamcop.net will also sometimes list real mail servers. The difference is that it takes more spam trap hits for spamcop.net, and the listing will expire with in 24 hours after the network owner takes action. From what I have seen, it is the SORBS dul.dnsbl.sorbs.net that provides the best listing of DHCP spam or virus sources sources. I get mail on one mail server that uses SORBS DUHL (dul.dnsbl.sorbs.net) and one that uses dynablock.njabl.org. SORBS by far has more dhcp pools listed, and SORBS has a web based system so mistakenly listed static addresses can be easily be delisted by their owners if they have dns entry with a long enough TTL to indicate static. -John wb8tyw@qsl.network Personal Opinion Only From / at /.cn Sun May 8 11:37:30 2005 From: / at /.cn (Petzl) Date: Sat May 7 20:40:16 2005 Subject: [SpamCop-Geeks] How to make a USB drive Bootable Message-ID: http://aaltonen.us/archive/2004/03/01/tip-boot-from-usb-key-addendum/ or http://tinyurl.com/deznc Some time ago I asked the question and although a number were interested no one knew how. I wanted one so I did not have to fly with a Laptop overseas I found on EBAY there are Samsung 80GB 5400rpm Laptop drives that come with USB enclosures on a direct (Buy Now) Price of US$130 (Drives alone are under US$110) These need no power supply and easily fit in top pocket and a lot more robust and easy to cary than a laptop Petzl -- SECURE YOUR WINDOWS COMPUTER NOW!! Keep Windows UPDATED AVG 7.0 Free Edition" Anti-Virus Check your computer for "SpyWare" (free MS Product) a good firewall for windows(free version available) Use a Password Saver on USB removable drive to store passwords From user at domain.invalid Sun May 8 01:25:50 2005 From: user at domain.invalid (User) Date: Sun May 8 01:25:02 2005 Subject: [SpamCop-Geeks] Re: SORBS DNSBL In-Reply-To: References: Message-ID: On 07.05.2005 16:41, John E. Malmberg wrote: --- Original Message --- > User wrote: >> On 06.05.2005 03:06, Steven Maesslein wrote: >> >>>On Thu, 05 May 2005 22:42:50 -0500, User coughed into spamcop.geeks and >>>left this in : >>> >>> >>>>Anybody notice how unruly dnsbl.sorbs.net can be?? I finally had to >>>>remove it from my sendmail.cf file. Netscape Web Mail was being rejected >>>>as was most all mail originating from BELLSOUTH.NET .. what a bummer!! >>> >>>dnsbl.sorbs.net is an aggregate of many DNSBLs. If you want to be more >>>picky about what you reject you can look at the various DNSBLs available >>>here: >>> >>>http://www.dnsbl.au.sorbs.net/using.shtml >>> >>>Scroll down to the "Zones Available". >>> >> Since removing the dnsbl.sorbs.net entry most if not all of the problems >> disappeared. I've been running the following for a VERY long time: >> >> bl.spamcop.net >> sbl-xbl.spamhaus.org >> relays.ordb.org >> dnsbl.njabl.org >> list.dsbl.org >> >> Over 6,000+ rejections daily and no complaints from clients. Only had >> unhappy campers after adding dnsbl.sorbs.net .. they can keep it!! > > You will find that those false positives are probably from when > dnsbl.sorbs.net returns 127.0.0.6 > > If you followed the above link for SORBS, you will see that 127.0.0.6 is > their spam-trap zone that usually requires the ISP to pay a donation > to charity to get delisted. It only takes one multi-hop spam or virus > to get on that list, so many of the residential ISPs will get listed on > a regular basis. > > Now you will probably find that using dul.dnsbl.sorbs.net will reduce > what spam is currently leaking through. It will likely have a lower > chance of a false positive than bl.spamcop.net. > > The rest of the sorbs zones in the dnsbl will likely be listing the same > I.P. addresses that your existing ones are providing better coverage of. > > The use of spam.dnsbl.sorbs.net is more suited for a scoring system than > an outright block. Think of it more as a multi-hop spam list. > > The bl.spamcop.net will also sometimes list real mail servers. The > difference is that it takes more spam trap hits for spamcop.net, and the > listing will expire with in 24 hours after the network owner takes action. > > From what I have seen, it is the SORBS dul.dnsbl.sorbs.net that > provides the best listing of DHCP spam or virus sources sources. > > I get mail on one mail server that uses SORBS DUHL (dul.dnsbl.sorbs.net) > and one that uses dynablock.njabl.org. SORBS by far has more dhcp pools > listed, and SORBS has a web based system so mistakenly listed static > addresses can be easily be delisted by their owners if they have dns > entry with a long enough TTL to indicate static. > > -John > wb8tyw@qsl.network > Personal Opinion Only Well, having 5 bl's in sendmail.cf is probably a good enough configured limit of sorts. Too many listings can degrade performance. And besides, the clients are happy and I ain't fixing something that ain't busted. :-) SpamAssassin, ClamAV and 5 bl's is plenty, not enough slips through to be concerned. From wb8tyw at qsl.network Sun May 8 11:31:48 2005 From: wb8tyw at qsl.network (John E. Malmberg) Date: Sun May 8 10:35:12 2005 Subject: [SpamCop-Geeks] Re: SORBS DNSBL In-Reply-To: References: Message-ID: User wrote: > > Well, having 5 bl's in sendmail.cf is probably a good enough configured > limit of sorts. Too many listings can degrade performance. And besides, > the clients are happy and I ain't fixing something that ain't busted. :-) > > SpamAssassin, ClamAV and 5 bl's is plenty, not enough slips through to > be concerned. Most of njabl.org is now covered by sbl-xbl.spamhaus.org, so if you were to replace the njabl.org listing with dul.dsnbl.sorbs.net you would still have the same open proxy/open relay coverage, but a slightly improved DHCP coverage. But if you leave it the way that it is, and get feedback from your clients on the spam that gets through, NJABL.ORG will accept suggestions for updates on their dynablock list. So eventually it could get as up to date as SORBS. Since one of the servers that I get e-mail from is using dynablock, such feedback will cut down on the spam that I get. SpamAssassin 3.0 has a feature that checks the URLs in mail to see if they resolve to locations in DNSbls. While the bl.spamcop.net, incorrect rDNS, or the dnsbl.sorbs.net, or multihop.dsbl.org lists by them selves will produce a lot of false positives, combining them with SpamAssasin detecting that the URL resolves to an I.P. in the sbl-xbl.spamhaus.org should produce zero false positives. If I were running a mail server and a scoring system, for the above, I would give bl.spamcop.net, dnsbl.sorbs.net, or bad rDNS each over 50% of the score needed for SpamAssasin to cause rejection of the message as spam. And then the having the URL resolve to being listed in sbl-xbl.spamhaus.org be enough to cause rejection. If the sending system has a good rDNS and is not in any DNSbls at all, I would not run it through anything other than possibly a virus scanner. From what I have seen, content filtering for spam on I.Ps that have correct rDNS and are not in any DNSbl is far more likely to catch legitimate e-mail than it is to catch an additional spam items. And that includes the Bayesian filtering method. -John wb8tyw@qsl.network Personal Opinion Only From user at domain.invalid Sun May 8 14:20:21 2005 From: user at domain.invalid (User) Date: Sun May 8 14:20:03 2005 Subject: [SpamCop-Geeks] Re: SORBS DNSBL In-Reply-To: References: Message-ID: On 08.05.2005 09:31, John E. Malmberg wrote: > > Most of njabl.org is now covered by sbl-xbl.spamhaus.org, so if you were > to replace the njabl.org listing with dul.dsnbl.sorbs.net you would > still have the same open proxy/open relay coverage, but a slightly > improved DHCP coverage. I have the same suggestion in other camps and I may just do that. Thanks for bringing that up again. > SpamAssassin 3.0 has a feature that checks the URLs in mail to see if > they resolve to locations in DNSbls. I AM running 3.0 .. thanks. > -John > wb8tyw@qsl.network > Personal Opinion Only Users are quite happy at the moment but I constantly am on the hunt for better stuff and suggestions .. :-) Now if I can just remmeber to restart sendmail after additions, etc. :-) From user at domain.invalid Sun May 8 14:48:02 2005 From: user at domain.invalid (User) Date: Sun May 8 14:50:04 2005 Subject: [SpamCop-Geeks] Re: SORBS DNSBL In-Reply-To: References: Message-ID: On 08.05.2005 13:20, User wrote: --- Original Message --- > On 08.05.2005 09:31, John E. Malmberg wrote: > >> >> Most of njabl.org is now covered by sbl-xbl.spamhaus.org, so if you were >> to replace the njabl.org listing with dul.dsnbl.sorbs.net you would >> still have the same open proxy/open relay coverage, but a slightly >> improved DHCP coverage. > > I have the same suggestion in other camps and I may just do that. Thanks > for bringing that up again. > > >> SpamAssassin 3.0 has a feature that checks the URLs in mail to see if >> they resolve to locations in DNSbls. > > I AM running 3.0 .. thanks. Actually 3.0.2 >> -John >> wb8tyw@qsl.network >> Personal Opinion Only > > Users are quite happy at the moment but I constantly am on the hunt for > better stuff and suggestions .. :-) > > Now if I can just remmeber to restart sendmail after additions, etc. :-) Ok, deleted the njabl and added the dul.dnsbl.sorbs.net We'll see what the logs AND users say in the next few days .. Thanks And YES, I restarted Sendmail .. :-) From noah.boddie at newsgroup.nospam Tue May 10 02:30:46 2005 From: noah.boddie at newsgroup.nospam (Dwayne Conyers) Date: Tue May 10 01:35:09 2005 Subject: [SpamCop-Geeks] RPCSS Message-ID: Started experiencing diverse slow-downs with my box, running Windows Server 2003. Noticed that when booting up message "RPCSS is starting" would sit for several minutes before the login box would appear. I read on the US CERT web site that there was a vulnerability -- suspecting me to believe someone on the cable modem network might be hacking or atttempting DOS against my server. I followed the recommendations on Microsoft's site to disable DCOM and this caused the dependent RPC services to be disabled. The box crashed and on reboot noticed active desktop was gone and couldn't be re-started... all of my printers and access to USB drives vanished... and the task bar would not show any running programs. I went into services to re-establish the DCOM but the options were all greyed out. I am logged in as adminstrator so not sure why all the options are grayed out. I get the sinking feeling I'm going to have to pull out a CD and re-install WS03... Am I completely FOOBAR'ed? -- I Shave With Occams Razor http://www.dwacon.com From nobody at devnull.spamcop.net Tue May 10 02:06:45 2005 From: nobody at devnull.spamcop.net (WazoO) Date: Tue May 10 02:10:09 2005 Subject: [SpamCop-Geeks] Re: RPCSS References: Message-ID: "Dwayne Conyers" wrote in message news:d5pgu3$ljp$1@news.spamcop.net... Setting your app to post "plain text" is the preferred mode for posting into a newsgroup. > I read on the US CERT web site that there was a vulnerability -- > suspecting me to believe someone on the cable modem network > might be hacking or atttempting DOS against my server. And just where is your firewall? > I followed the recommendations on Microsoft's site to > disable DCOM and this caused the dependent RPC > services to be disabled. Not stated .. what instructions? Maybe take a look at http://www.microsoft.com/technet/security/bulletin/MS03-039.mspx which includes some detail to see if this stuff is installed, links to other data pages ...? > I went into services to re-establish the DCOM but the > options were all greyed out. I am logged in as adminstrator > so not sure why all the options are grayed out. Did you "remove" or did you "uninstall" ...??? As in the above link, perhaps simply going through the Add/Remove process to re-install, then apply security updates/patches, install the apparently missing firewall ...??? > Am I completely FOOBAR'ed? Hard to say, as it appears that there's a fact or two missing from your story at this point. From SCNews.5.myspamgobbler at spamgourmet.com Tue May 10 01:03:35 2005 From: SCNews.5.myspamgobbler at spamgourmet.com (Brian (SnSR)) Date: Tue May 10 03:05:10 2005 Subject: [SpamCop-Geeks] Re: RPCSS In-Reply-To: References: Message-ID: Dwayne Conyers wrote: > Started experiencing diverse slow-downs with my box, running Windows Server 2003. Noticed that when booting up message "RPCSS is starting" would sit for several minutes before the login box would appear. > > I read on the US CERT web site that there was a vulnerability -- suspecting me to believe someone on the cable modem network might be hacking or atttempting DOS against my server. > > I followed the recommendations on Microsoft's site to disable DCOM and this caused the dependent RPC services to be disabled. > > The box crashed and on reboot noticed active desktop was gone and couldn't be re-started... all of my printers and access to USB drives vanished... and the task bar would not show any running programs. > > I went into services to re-establish the DCOM but the options were all greyed out. I am logged in as adminstrator so not sure why all the options are grayed out. > > I get the sinking feeling I'm going to have to pull out a CD and re-install WS03... > > Am I completely FOOBAR'ed? > > Try rebooting a second time and go from there. From nobody at nowhere.invalid Tue May 10 12:21:29 2005 From: nobody at nowhere.invalid (Steven Maesslein) Date: Tue May 10 05:25:12 2005 Subject: [SpamCop-Geeks] Re: RPCSS References: Message-ID: On Tue, 10 May 2005 01:30:46 -0400, Dwayne Conyers coughed into spamcop.geeks and left this in : > > > charset=3Diso-8859-1"> > > > > {snip} ?????? -- Steve Everyone has a photographic memory. Some just don't have film. From me at my.net Tue May 10 17:32:29 2005 From: me at my.net (Tom Moore) Date: Tue May 10 17:35:04 2005 Subject: [SpamCop-Geeks] Re: Verizon DSL In-Reply-To: References: Message-ID: There is an RJ-45 jack too. Probably has a cover over it... eddie wrote: > I use speakeasy DSL as a backup to my cable connection. I have had it for > years, dating back to flashcom days. They went belly-up and their "Father" > Covad switched me over to speakeasy. The connection is an old-fashioned > 384K and I recently noticed Verizon offering DSL for nearly 1/3 the > speakeasy price so I called them. Not only cheaper, but they claim 3 meg! > Well I am not counting megs, but the bucks are good, so I am in the > process of switching over. > Verizon's modem is newer and includes a router but it only has an RJ-11 > input and my present DSL uses RJ-45 on both ends. The box coming > into the house is RJ-45. > Verizon was clueless when I called them. I guess I will have to make a > cable with RJ-45 on one end and RJ-11 on the other side. Only two wires > are used for the DSL input. I already have a box installed on the outside > of my house with a splitter and filters but Verizon expects me to use my > phone line to connect to their modem. Talk about thinking inside a box. > It should be interesting when the equipment comes, and if I do get 3M/s > for $30/month, it will be a fine backup system. > I was thinking of calling speakeasy and asking them if they would up my > speed to 3M and cut the price to $30, but I didn't want to embarass them. > If Verizon works, for the price I will be happy, since I rarely use it > anyway. Just another toy, I guess. But I once read that he who has the > most toys at the end is the winner :) > One thing: I don't expect the same tech service from Verizon as I get from > speakeasy, but again, it's really a secondary, backup system for when the > cable goes dead. From nobody at spamcop.net Tue May 10 21:19:11 2005 From: nobody at spamcop.net (Heidi) Date: Tue May 10 20:20:03 2005 Subject: [SpamCop-Geeks] Why aren't my OE filters working? Message-ID: No comments on the mail client, I have no plans to change to a mac or Linux - if you make mail rules, they should work. I have one that says if the body contains "viagra" or "cialis" etc., do not download it from the server. It's still downloading, anyone know why? From nobody at spamcop.net Tue May 10 21:27:34 2005 From: nobody at spamcop.net (Dave Lerner) Date: Tue May 10 20:30:03 2005 Subject: [SpamCop-Geeks] Re: Why aren't my OE filters working? In-Reply-To: References: Message-ID: Heidi wrote on 05/10/2005 08:19 PM: > No comments on the mail client, I have no plans to change to a mac or > Linux - if you make mail rules, they should work. I have one that says if > the body contains "viagra" or "cialis" etc., do not download it from the > server. It's still downloading, anyone know why? Just a guess, but how can OE tell what's in the body without downloading it? From MikeE at ster.invalid Tue May 10 18:43:59 2005 From: MikeE at ster.invalid (Mike Easter) Date: Tue May 10 20:45:03 2005 Subject: [SpamCop-Geeks] Re: Why aren't my OE filters working? References: Message-ID: Heidi wrote: > No comments on the mail client, I have no plans to change to a mac or > Linux - if you make mail rules, they should work. I have one that > says if the body contains "viagra" or "cialis" etc., do not download > it from the server. It's still downloading, anyone know why? I don't believe that OE's rules 'tell the truth' about their functionality. I don't know what 'don't download it from the server' actually means in the context of OE's functionality. [Added later: actually the rule is 'delete it from the server' and Tom Koch's site addresses the subject as well.] It functions as a pop client typically. When it does that, the first thing it does before it 'looks at' an email message is download it from the server -- so any mailrule to the contrary is bullsh*t. Even if it had some 'power' like an app like MailWasher which can look at an item on the server including its headers and a little bit of its body, it would have a really hard time telling about what was in the body if it didn't dl it from the server. And in the case of OE and pop, there's no such thing as any pop related command which can look at any part of the body. So, let's forget about 'don't download from the server'. That's not a good messagerule to make about looking for something in the body. If you were willing to delete an item without it being seen, which is quite a different thing from not downloading from the server, that kind of rule would work -- but you might be deleting a perfectly good mail. IMO, OE's rules aren't good for very much. At one time when I used them, the only thing I used them for was to sort my mail into folders from my known friends and my mailing lists and all of the mail which didn't have my addy in the To. In my case, that was actually pretty powerful, because I don't have to deal with 'any' unknown wanted mail - so a lot of my spam went to Junk because it didn't have me in the To, all of my friends' mails were in my Friends folder, and almost all of what was left in the Inbox was Junk. But, I don't do that anymore. I put SpamPal between me and my provider's mailbox and just about 100% of my spam is subject branded as spam and my OE sorts it into the Junk folder on the basis of the subject brand and absolutely 0% is ever falsely branded. [Added] - Koch's site is here http://www.insideoe.com/ http://www.insideoe.com/faqs/why.htm#rules Why don't my message rules work? http://www.insideoe.com/tips/rules.htm Tips and Ideas - Message Rules - Deleting messages without downloading -- Mike Easter kibitzer, not SC admin From noah.boddie at newsgroup.nospam Wed May 11 03:41:25 2005 From: noah.boddie at newsgroup.nospam (Dwayne Conyers) Date: Wed May 11 02:45:23 2005 Subject: [SpamCop-Geeks] Re: RPCSS References: Message-ID: sorry about the HTML -- I was using a system in a hotel since my machine is dead and I failed to notice that the default was set to HTML -- I'm going to have to make a note to check messages each time I switch boxes. Anyway, reposting with additional expository. "Dwayne Conyers" wrote in message news:d5pgu3$ljp$1@news.spamcop.net... Started experiencing diverse slow-downs with my development server, a box running Windows Server 2003 that is connected to a cable modem for net connectivity. I noticed the system would hang and freeze for no apparent reason. When re-booting, the message "RPCSS is starting" would sit for several minutes before the login box would appear. Did not have a hardware firewall -- box was not networked and all accounts were disabled except the admin which was renamed. However, used windows firewall and zonealarm. Attempting to investigate what was going on, did some google searches and found on the US CERT web site that there was a vulnerability -- suspecting me to believe someone on the cable modem network might be hacking or atttempting DOS against my server. I read security alerts on Microsoft's site which were vague but the one thing that jumped out at me was to disable DCOM, which I did in the services control panel applet. This caused the dependent RPC services to be disabled. The box crashed and on reboot noticed active desktop was gone and couldn't be re-started... all of my printers and access to USB drives vanished... and the task bar showed desktop and quick launch but would not show any running programs. Also, Outlook seemed to be able to receive e-mail but could not send. Figuring the disabling of DCOM was a mistake, I went back into services to re-establish the DCOM but the options were all greyed out. I am logged in as adminstrator so not sure why all the options are grayed out. I get the sinking feeling I'm going to have to pull out a CD and re-install WS03... but seeking ideas... -- I Shave With Occams Razor http://www.dwacon.com From nobody at devnull.spamcop.net Wed May 11 04:53:27 2005 From: nobody at devnull.spamcop.net (Glenn Daniels) Date: Wed May 11 03:55:23 2005 Subject: [SpamCop-Geeks] Re: RPCSS References: Message-ID: "Dwayne Conyers" wrote in message ... > Figuring the disabling of DCOM was a mistake, I went back into services to > re-establish the DCOM but the options were all greyed out. I am logged in > as adminstrator so not sure why all the options are grayed out. > > I get the sinking feeling I'm going to have to pull out a CD and re-install > WS03... but seeking ideas... I dunno from WS03, but in 98SE or 2K Pro, one simply reboots in "Safe Mode" renegotiates the settings to preferences and then restarts in "Normal Mode", but it may require a couple of rounds to get everything back to rights. Several viruses install themselves using firewall defeating holes created by DCOM exploits. Only Avast! seems to detect the exploits whilst Symantec claims they are not malware. You may need to completely remove the firewall and reinstall it making sure the computer is not otherwise already infected. Netsky.D was especially good about installing the DCOM exploit when delivered by way of unopened virms. Dunno how it did it but it did. Good luck with this one, Glenn From nttp.sc.sg at bigsleep.org Wed May 11 09:31:48 2005 From: nttp.sc.sg at bigsleep.org (Blammo) Date: Wed May 11 04:35:07 2005 Subject: [SpamCop-Geeks] Re: Verizon DSL References: Message-ID: On 10 May 2005 Tom Moore entered spamcop.geeks and left news:d5r9an$mjo$1@news.spamcop.net: > There is an RJ-45 jack too. Probably has a cover over it... Regardless, you can just use a RJ-11 cable to connect the two. You only need RJ-45 for networking, or in the rare case you have more than 3 phone lines. Ethernet requires CAT5 twisted pair using (for TX and RX) pins 1 and 2, 3 and 6. Phone lines use pins 4 and 5, 3 and 6 (if two lines). I'm not sure how homes are usually wired for DSL, but I would assume you can filter line one (pins 4 and 5) for phone and use line two (pins 3 and 6) for the DSL. I don't know whether the modem looks for line two, but if the outlet is wired directly to a distribution box, as it usually is in newer homes, it's easy to swap the wiring for that outlet. You can add a distribution box by running CAT5e cable out to the telephone demarc box. The demarc usually has two jumpers for up to 4 lines, so you can connect all 4 pair if you want, connecting the other end to a structured wiring panel demarcation connection, this allows you to select which line goes to which room, or even network your home through this one panel. Using CAT5e connections, and/or wiring for both network and phone with dual jack boxes, allows you to run multiple lines, select which line goes where, or even send the Internet uplink from the modem back out to the panel where you can have the network switch located. I found many sites with wiring diagrams such as http://www.leviton-lin.com/learning/jackpindesignations.aspx Note that phone generally uses (UTP pairs) blue for line 1, orange for line 2 and green for line 3. Ethernet cables usually swap the orange and green pair, not that the color really matters, ethernet cables you buy are usually T568B. > > eddie wrote: >> >> Verizon's modem is newer and includes a router but it only has an >> RJ-11 input and my present DSL uses RJ-45 on both ends. The box >> coming into the house is RJ-45. >> Verizon was clueless when I called them. I guess I will have to make >> a cable with RJ-45 on one end and RJ-11 on the other side. Only two >> wires are used for the DSL input. I already have a box installed on >> the outside of my house with a splitter and filters but Verizon >> expects me to use my phone line to connect to their modem. Talk about >> thinking inside a box. > Not sure why I replied, maybe because I'm thinking about someone who has a strange phone line problem where some network lines don't seem to work (maybe stapled cables) and some phones disconnect other phones (either low voltage or crossed wires?). -- | Ric | From nttp.sc.sg at bigsleep.org Wed May 11 10:51:18 2005 From: nttp.sc.sg at bigsleep.org (Blammo) Date: Wed May 11 05:55:19 2005 Subject: [SpamCop-Geeks] Re: Verizon DSL References: Message-ID: On 11 May 2005 Blammo entered spamcop.geeks and left news:Xns9653F902787Fblammo@216.154.195.61: > ...wiring for both network and phone with dual jack boxes, > allows you to run multiple lines... Huh, looks like I'm going to need several wall jacks in every room to run all my Telco powered devices... http://www.sandman.com/telco.html -- | Ric | From nobody at nowhere.invalid Wed May 11 13:11:40 2005 From: nobody at nowhere.invalid (Steven Maesslein) Date: Wed May 11 06:15:04 2005 Subject: [SpamCop-Geeks] Re: Verizon DSL References: Message-ID: On Wed, 11 May 2005 09:51:18 +0000 (UTC), Blammo coughed into spamcop.geeks and left this in : > Huh, looks like I'm going to need several wall jacks in every room to run > all my Telco powered devices... > http://www.sandman.com/telco.html <*SPLORF*> You could have given a C&C warning... -- Steve A conclusion is simply the place where someone got tired of thinking. From devnull at spamcop.net Wed May 11 09:03:09 2005 From: devnull at spamcop.net (Frog Prince) Date: Wed May 11 08:30:10 2005 Subject: [SpamCop-Geeks] Re: Verizon DSL References: Message-ID: "Blammo" wrote in message news:Xns9653F902787Fblammo@216.154.195.61... | On 10 May 2005 Tom Moore entered spamcop.geeks and left | news:d5r9an$mjo$1@news.spamcop.net: | | > There is an RJ-45 jack too. Probably has a cover over it... | | Regardless, you can just use a RJ-11 cable to connect the two. | You only need RJ-45 for networking, or in the rare case you have more than | 3 phone lines. Ethernet requires CAT5 twisted pair using (for TX and RX) | pins 1 and 2, 3 and 6. Phone lines use pins 4 and 5, 3 and 6 (if two | lines). | I'm not sure how homes are usually wired for DSL, but I would assume you | can filter line one (pins 4 and 5) for phone and use line two (pins 3 and | 6) for the DSL. The filters will have to be between the CAT5 cable and the phone equipment as the DSL signal will be linked by 'cross talk' to the other (talk) lines. From mikeyhsd at sport.rr.com Wed May 11 09:19:37 2005 From: mikeyhsd at sport.rr.com (mikeyhsd) Date: Wed May 11 09:20:05 2005 Subject: [SpamCop-Geeks] Re: Why aren't my OE filters working? References: Message-ID: OE has to download the message toi check the body. you would be more successful in filtering IN the mail you want and leaving the rest for the trash. mikeyhsd@sport.rr.com "Heidi" wrote in message news:d5rj23$ro7$1@news.spamcop.net... > No comments on the mail client, I have no plans to change to a mac or > Linux - if you make mail rules, they should work. I have one that says if > the body contains "viagra" or "cialis" etc., do not download it from the > server. It's still downloading, anyone know why? > > From noah.boddie at newsgroup.nospam Wed May 11 14:19:30 2005 From: noah.boddie at newsgroup.nospam (Dwayne Conyers) Date: Wed May 11 13:20:05 2005 Subject: [SpamCop-Geeks] Hardware Firewall Message-ID: Before re-connecting my PC to the cable modem, I am thinking of buying an appliance rather than rely on Windows Firewall and ZoneAlarm. Would like recommendations on what to buy for a home-based system sitting on a cable modem network. TIA -- I Shave With Occams Razor http://www.dwacon.com From pete+usenet at heypete.com Wed May 11 11:28:07 2005 From: pete+usenet at heypete.com (Pete Stephenson) Date: Wed May 11 13:30:03 2005 Subject: [SpamCop-Geeks] Re: Hardware Firewall References: Message-ID: In article , "Dwayne Conyers" wrote: > Would like recommendations on what to buy for a home-based system sitting on > a cable modem network. Any of the Netgear, Linksys, or similar NAT router products are quite suitable. I actually have two Linksys routers I'm looking to sell -- a wired-only one and a wired/wireless one. Email me if you're interested, I'd be willing to part with them for a reasonable price plus shipping. I'd be glad to send pictures and/or specs. Cheers! -- Pete Stephenson HeyPete.com From borgholio at storymind.com Wed May 11 11:29:25 2005 From: borgholio at storymind.com (Borgholio) Date: Wed May 11 13:30:06 2005 Subject: [SpamCop-Geeks] Re: Hardware Firewall In-Reply-To: References: Message-ID: Pete Stephenson wrote: > In article , > "Dwayne Conyers" wrote: > > >>Would like recommendations on what to buy for a home-based system sitting on >>a cable modem network. > > > Any of the Netgear, Linksys, or similar NAT router products are quite > suitable. > > I actually have two Linksys routers I'm looking to sell -- a wired-only > one and a wired/wireless one. Email me if you're interested, I'd be > willing to part with them for a reasonable price plus shipping. I'd be > glad to send pictures and/or specs. > > Cheers! > I've used both US Robotics and Dlink routers, both of which include a quite adequate firewall. From user at domain.invalid Thu May 12 09:27:39 2005 From: user at domain.invalid (User) Date: Thu May 12 09:30:04 2005 Subject: [SpamCop-Geeks] Re: Hardware Firewall In-Reply-To: References: Message-ID: On 11.05.2005 12:19, Dwayne Conyers wrote: --- Original Message --- > Before re-connecting my PC to the cable modem, I am thinking of buying an > appliance rather than rely on Windows Firewall and ZoneAlarm. > > Would like recommendations on what to buy for a home-based system sitting on > a cable modem network. > > TIA > > A little pricey for the "home" but I've been using the Firebox 1000 with much success. From nttp.sc.sg at bigsleep.org Fri May 13 06:26:20 2005 From: nttp.sc.sg at bigsleep.org (Blammo) Date: Fri May 13 01:30:08 2005 Subject: [SpamCop-Geeks] Re: Verizon DSL References: Message-ID: On 11 May 2005 Frog Prince entered spamcop.geeks and left news:d5ston$mkb$1@news.spamcop.net: > The filters will have to be between the CAT5 cable and the phone > equipment as the DSL signal will be linked by 'cross talk' to the > other (talk) lines. > I disagree, homes properly wired with twisted pair cable are protected from cross talk. This is the whole reason for using UTP, the old POTS flat cable should be replaced with CAT5e and/or isolated with a better filter, such as the ones designed to filter security system lines. The only reason they give you the individual filters to plug into each phone is to reduce their service calls. They used to run dedicated unfiltered lines for DSL, then when you wanted to move the modem somewhere else you had to wait around for the phone company to come and rewire your lines, the home kits eliminate this. I read that old DSL modems where designed to run on line two, which would be the unfiltered line as I described above. I don't know if DSL modems now would be "backwards compatable", and it's possible that the modem might detect a DSL signal on the filtered line one anyway, so I don't know if that idea would work today, it probably depends on the modem and filter quality. Now line one and line two are actually the same, with line one being filtered, so any phone device that looks for line two could possibly feed back noise from line two to line one (even if it were connected directly to a filter), or it could even get confused as to which line is off hook or ringing. This shouldn't hurt anything, but if it were a problem you would simply cut line two from that device. -- | Ric | From eddie at eddie.web Fri May 13 14:24:35 2005 From: eddie at eddie.web (eddie) Date: Fri May 13 13:25:53 2005 Subject: [SpamCop-Geeks] Re: Verizon DSL References: Message-ID: On Fri, 13 May 2005 05:26:20 +0000, Blammo scratched out the following: > On 11 May 2005 Frog Prince entered spamcop.geeks and left > news:d5ston$mkb$1@news.spamcop.net: > >> The filters will have to be between the CAT5 cable and the phone >> equipment as the DSL signal will be linked by 'cross talk' to the other >> (talk) lines. >> >snip > Now line one and line two are actually the same, with line one being > filtered, so any phone device that looks for line two could possibly feed > back noise from line two to line one (even if it were connected directly > to a filter), or it could even get confused as to which line is off hook > or ringing. This shouldn't hurt anything, but if it were a problem you > would simply cut line two from that device. Yup! The old system, which I had used what could be called "spatial" multiplex - two separate drops - one twisted pair for the phone, the other for the DSL. Now, because of advances in technology, they can use frequency multiplexing in which the phone line exists below 8KHz or so, and the DSL component above 10KHz or so. Like different stations on a radio, the two signals are separate and independent. The filters are to prevent the loading of the twisted pair by the voice equipment which would reduce the level of the higher-frequency DSL signals and lower the signal-to-noise ratio. Ideally, a splitter on the outside of the house would be better, with the lower frequency components going to the phone system and the higher frequency components directed to the DSL modem. What Verizon and others offer is quite good, and as you note, since most modern phone lines use twisted pair which make excellent 72-ohm transmission lines that do not radiate, the bandwidth is now way above the original 8KHz and is actually closer to several megahertz, with very little loss or radiation. Spread spectrum and other techniques make the system quite workable, much better than the BPL idiocy proposed by the power companies to attempt to do the same thing, but which would result in a huge amount of radiation and a loss or impairment of ham radio and other communications. As a Ham radio operator, I have checked Verizon's DSL signals and I do not find any detectable leakage at any frequency, so I hope that this puts BPL to rest. BPL for those who are interested is Broadband over Power Lines - something most of the world has already rejected for obvious reasons, but something the US is/was still thinking about. Wherever it was tried, it failed. -- Once movie theaters gave out steak knives Today they confiscate them From nobody at spamcop.net Fri May 13 14:43:29 2005 From: nobody at spamcop.net (Spamvireslayer) Date: Fri May 13 13:45:06 2005 Subject: [SpamCop-Geeks] Re: Why aren't my OE filters working? References: Message-ID: "Mike Easter" wrote in message news:d5rkcj$sds$1@news.spamcop.net... > > I don't believe that OE's rules 'tell the truth' about their > functionality. I don't know what 'don't download it from the server' > actually means in the context of OE's functionality. [Added later: > actually the rule is 'delete it from the server' and Tom Koch's site > addresses the subject as well.] There is a 'don't download from the server rule' but it doesn't work, apparently, it has to download the message to read it. I wanted to keep them on the server in the [ridiculous] hope that reporting them as spam would make the Brightmail filters work better - that doesn't seem to be happening either. > > So, let's forget about 'don't download from the server'. That's not a > good messagerule to make about looking for something in the body. If > you were willing to delete an item without it being seen, which is quite > a different thing from not downloading from the server, that kind of > rule would work -- but you might be deleting a perfectly good mail. I'm willing to delete anything that contains 'viagra', cialis, online pharmacy, etc, the problem is that even if you make the rule 'delete from the server' rather than 'don't download' it still downloads the message, and THEN deletes it from the server. I don't even want to see this crap, not even in my trash. I think your links prove that the 'do not download' is completely useless. His rules would be hard to apply, because spammers don't use the same 'from' address, and they're starting to screw up words in the subject to avoid filters. So I either create a huge whitelist or go to the web mail and delete before I download in OE. Harrumph. Thanks for the links though, very helpful. From noah.boddie at newsgroup.nospam Fri May 13 14:46:47 2005 From: noah.boddie at newsgroup.nospam (Dwayne Conyers) Date: Fri May 13 13:50:05 2005 Subject: [SpamCop-Geeks] Re: Hardware Firewall References: Message-ID: My local BestBuy only had one box, the DCom firewall. It seems sufficient to provide protection. After installing the appliance, I'll prolly continue running ZoneAlarm until the license expires, then buy Norton AV and Firewall. Now... comes the fun part of discovering if I can restore the OS with the installation CD or if I will wind up having to FDISK and Format C: Sigh... - - - - - - - - - - - - Should a man answer the tears of his child or the orders of his President? http://www.dwacon.com/publications/pater_familias.asp From / at /.cn Sat May 14 15:13:36 2005 From: / at /.cn (Petzl) Date: Sat May 14 00:15:03 2005 Subject: [SpamCop-Geeks] Re: Hardware Firewall References: Message-ID: "Dwayne Conyers" wrote in message news:d62p64$ofv$1@news.spamcop.net... > My local BestBuy only had one box, the DCom firewall. It seems sufficient > to provide protection. > > After installing the appliance, I'll prolly continue running ZoneAlarm > until the license expires, then buy Norton AV and Firewall. > > Now... comes the fun part of discovering if I can restore the OS with the > installation CD or if I will wind up having to FDISK and Format C: > > Sigh... Zone Alarm freeware is more than adequate as long as it is combined with Keep Windows UPDATED AVG 7.0 Free Edition" Anti-Virus (Norton AV is ok but AVG is no slouch either) Check your computer for "SpyWare" (free MS Product) a good firewall for windows(free version available) Use a Password Saver on USB removable drive to store passwords From nobody at spamcop.net Sat May 14 10:39:56 2005 From: nobody at spamcop.net (Dave Lerner) Date: Sat May 14 09:40:09 2005 Subject: [SpamCop-Geeks] Re: Recommendation for store front/shopping cart, preferably Linux hosted In-Reply-To: References: Message-ID: You might look at . It's open source, PHP/MySQL. From nobody at devnull.spamcop.net Sat May 14 21:25:39 2005 From: nobody at devnull.spamcop.net (PopTart) Date: Sat May 14 16:30:05 2005 Subject: [SpamCop-Geeks] Re: FYI Domain Roundtable Conference References: Message-ID: Pop wrote: > To me, this looks -just like- a spam that worked! Apparently it's OK to > advertise here, eh? Long's it's something someone might be interested in? > > I'm setting up a Zeerocks computer spam skills class; how many wish to sign > up? Contact me at my_domain.asdf.biz. Low rates available for signing up > early! > > STFU troll. From pete+usenet at heypete.com Sat May 14 16:41:35 2005 From: pete+usenet at heypete.com (Pete Stephenson) Date: Sat May 14 18:45:03 2005 Subject: [SpamCop-Geeks] Re: Hardware Firewall References: Message-ID: In article , "Dwayne Conyers" wrote: > After installing the appliance, I'll prolly continue running ZoneAlarm until > the license expires, then buy Norton AV and Firewall. Er, wot? Get the freeware version of ZoneAlarm (available at download.com, as the links are tiny on the ZA website), and it works fine. Don't buy Norton AV -- get Grisoft AVG at http://free.grisoft.com/ -- better protection, no cost. They have good pricing for the "professional" version, which has very little difference. I bought it simply to support the company. Cheers! -- Pete Stephenson HeyPete.com From skiwi at spamcop.net Sat May 14 16:54:27 2005 From: skiwi at spamcop.net (Skiwi) Date: Sat May 14 18:55:22 2005 Subject: [SpamCop-Geeks] Sick of Internet Destroyer? Message-ID: http://funnyfox.org/ hehehehehehe... From / at /.cn Sun May 15 11:20:17 2005 From: / at /.cn (Petzl) Date: Sat May 14 20:25:27 2005 Subject: [SpamCop-Geeks] Re: Hardware Firewall References: Message-ID: "Pete Stephenson" wrote in message news:pete+usenet-97FB06.15413514052005@news.cesmail.net... > In article , > "Dwayne Conyers" wrote: > >> After installing the appliance, I'll prolly continue running ZoneAlarm >> until >> the license expires, then buy Norton AV and Firewall. > > Er, wot? > > Get the freeware version of ZoneAlarm (available at download.com, as the > links are tiny on the ZA website), and it works fine. > > Don't buy Norton AV -- get Grisoft AVG at http://free.grisoft.com/ -- > better protection, no cost. They have good pricing for the > "professional" version, which has very little difference. I bought it > simply to support the company. > > Cheers! Sorry Pete trying out OE as a news reader (removed button) Pete's views seem to be my findings also Grisoft AVG (free version) seems to me to be MUCH less system heavy and at least as good as Norton AV if not better The free version of Zone Alarm has never been compromised from outside attack That said spyware programs "exe" type have been known to disable firewalls (both) hardware and software types during their installation. While hardware Firewalls "double" protection of software (only) run types. they inevitably are also run by software! You still need to have a "TEAM" of products to effectively stop hackers such as this signature advises All are EFFECTIVE freeware (MicroSoft you have already paid for) Petzl -- SECURE YOUR WINDOWS COMPUTER NOW!! Keep Windows UPDATED AVG 7.0 Free Edition" Anti-Virus Check your computer for "SpyWare" (free MS Product) a good firewall for windows(free version available) Use a Password Saver on USB removable drive to store passwords From aunt.jemima at pancake.box Sun May 15 00:41:24 2005 From: aunt.jemima at pancake.box (Dwayne Conyers) Date: Sat May 14 23:45:05 2005 Subject: [SpamCop-Geeks] Adobe Woes... Message-ID: Our Windows Server 2003 box suffered fatal errors when a user hacked our server using DCOM exploit. After investing in a hardware firewall to supplement the software firewall, we were unable to repair the machine and after several attempts finally reinstalled windows. Our program files remain but are not accessible as the registry and user accounts have changed. We attempted to reinstall Acrobat 6.0 Standard from CD but received an error: Internal Error 2753. Dist_acrodist.exe Any clues as to what is causing this abend? TIA! ----- The Runaway Bride... http://www.cafepress.com/dwacon/601709 From rcarlton at spamcop.net Sat May 14 23:21:25 2005 From: rcarlton at spamcop.net (Rick Carlton) Date: Sun May 15 01:25:03 2005 Subject: [SpamCop-Geeks] Re: Adobe Woes... In-Reply-To: References: Message-ID: Dwayne Conyers wrote: > Internal Error 2753. Dist_acrodist.exe > > Any clues as to what is causing this abend? Here's your answer: http://www.adobe.com/support/techdocs/327197.html Error "Internal error 2753 dist_acrodist.exe" occurs when you install Acrobat (6.0 on Windows) Issue When you try to install Adobe Acrobat, the installer returns the error "Internal error 2753 dist_acrodist.exe" and quits. Detail You may have recently reinstalled Windows. Solutions Do one or both of the following solutions: Solution 1: Delete the Acrobat 6.0 folder, disable startup items, and install Acrobat. Delete the Acrobat 6.0 folder from the Program Files folder, disable startup items, and then restart the computer and install Acrobat. To disable startup items in Windows XP: 1. Quit all applications. 2. Choose Start > Run, and type msconfig in the Open box and then click OK. 3. In the System Configuration Utility dialog box, click the Startup tab, and then select Disable All. 4. Click OK, and then restart Windows. To reenable the startup items after you're done installing Acrobat: 1. Choose Start > Run, and type msconfig in the Open box, and then click OK. 2. In the System Configuration Utility dialog box, click the Startup tab, and then select Enable All. 3. Click OK, and then restart Windows. To disable startup items located in the Startup Folders in Windows 2000: 1. Quit all applications. 2 In Windows Explorer, move all icons and shortcuts from the following folders to another folder: -- Documents and Settings\All Users\Start Menu\Programs\Startup -- Documents and Settings \ [user profile] \Start Menu\Programs\Startup 3. Restart Windows . To disable items specified in the registry to start automatically in Windows 2000: 1. Right-click the Taskbar, and choose Task Manager. 2. Click the Applications tab. 3. Select an application, and then click End Task. To reenable the startup items after you're done installing Acrobat, move the icons and shortcuts back to their respective Startup folders. Solution 2: Remove older versions of Acrobat and then install Acrobat. If you have older versions of Acrobat installed, remove them using the Add/Remove Programs utility, and then install Acrobat 6.0. For instructions on how to remove Acrobat, see Related Records. Background information Files created during previous installations of Acrobat are not always removed when you reinstall Windows. These files may interfere with the installation of Acrobat. From agent01413 at my-deja.com Sun May 15 06:47:49 2005 From: agent01413 at my-deja.com (Socks the Whitehouse Cat) Date: Sun May 15 01:50:04 2005 Subject: [SpamCop-Geeks] Re: Adobe Woes... References: Message-ID: "Dwayne Conyers" wrote in news:d66gd4$t4r$1@news.spamcop.net: > After investing in a hardware firewall to supplement the software > firewall, we were unable to repair the machine and after several > attempts finally reinstalled windows. You just dont learn do you? Install linux. Problem solved. MSFT is not intended for any machine connected to the internet. -- See NANAE kooks, including Barbara Schwarz: http://www.morningmist.org/nanae/kookfaq.html From nobody at nowhere.invalid Sun May 15 11:24:39 2005 From: nobody at nowhere.invalid (Steven Maesslein) Date: Sun May 15 04:25:21 2005 Subject: [SpamCop-Geeks] Re: Adobe Woes... References: Message-ID: On Sun, 15 May 2005 05:47:49 +0000 (UTC), Socks the Whitehouse Cat coughed into spamcop.geeks and left this in : > You just dont learn do you? Install linux. Problem solved. Or FreeBSD. In fact just about any O/S that works on an x86 machine except Windows. > MSFT is not intended for any machine connected to the internet. Well, it is *intnded* for that purpose, but it certainly isn't safe! -- Steve Just remember: when you go to court, you are trusting your fate to twelve people that weren't smart enough to get out of jury duty! From avoozl at spamcop.net Sun May 15 08:40:01 2005 From: avoozl at spamcop.net (Chris F. Willoughby) Date: Sun May 15 10:45:04 2005 Subject: [SpamCop-Geeks] Re: Adobe Woes... References: Message-ID: Normally, I don't mind your posts.. but this is out of line. If I wanted to read flames I'd go visit any web forum. At least someone else tried to help her.. Chris "Socks the Whitehouse Cat" wrote in message news:Xns9656F20899EE5agent01413MYDEJACOM@216.154.195.61... > You just dont learn do you? Install linux. Problem solved. MSFT is not > intended for any machine connected to the internet. > > -- > See NANAE kooks, including Barbara Schwarz: > http://www.morningmist.org/nanae/kookfaq.html From MikeE at ster.invalid Sun May 15 16:07:48 2005 From: MikeE at ster.invalid (Mike Easter) Date: Sun May 15 18:10:28 2005 Subject: [SpamCop-Geeks] Log looking Message-ID: I'm planning on playing with looking at some logs generated by my BEFSR41 switchrouter - but I'm mostly planning on submitting them to DShield [and/or MNW]. DShield wants them in a compatible format which is done by their CVTWIN client, and that is enabled in one of 3 ways. "You have a choice between using SNMP Trap Watcher, Kiwi Syslog Daemon, or the Linksys LogViewer to capture the log information from your router and write it to a disk file. They all work--the difference is whichever one you prefer." They are all free. DShield has more screenshots of the Kiwi Syslog Daemon setup, and the Kiwi's site has a lot of information http://www.kiwisyslog.com/info_syslog.htm that causes me to think that those logs might be the most comfortable to look at or handle and has the most tools or functions attached to it, if I feel like doing any of that. Aha! I just went to MyNetWatchman and found that submission client also accepts the Kiwi logs, so that will probably be the best choice. Comments welcome. -- Mike Easter kibitzer, not SC admin From wb8tyw at qsl.network Sun May 15 19:59:54 2005 From: wb8tyw at qsl.network (John E. Malmberg) Date: Sun May 15 19:00:05 2005 Subject: [SpamCop-Geeks] sober-p SpamAssasin Rules? Message-ID: Does anyone have some rules that can be used with SpamAssasin to detect and reject both the Sober-p spam and the backscatter from it? As near as I can tell, the only thing constant with it is that it has a set of URLs that the spam contains. Thanks, -John From aunt.jemima at pancake.box Sun May 15 20:15:51 2005 From: aunt.jemima at pancake.box (Dwayne Conyers) Date: Sun May 15 19:20:05 2005 Subject: [SpamCop-Geeks] Re: Adobe Woes... References: Message-ID: "Rick Carlton" wrote in message news:d66m8m$vul$1@news.spamcop.net... > Dwayne Conyers wrote: >> Internal Error 2753. Dist_acrodist.exe >> >> Any clues as to what is causing this abend? > > Here's your answer: > > http://www.adobe.com/support/techdocs/327197.html Thanks. The adobe site should be better organized. Much appreciated! -- The Runaway Bride... http://www.cafepress.com/dwacon/601709 From nobody at devnull.spamcop.net Sun May 15 21:33:54 2005 From: nobody at devnull.spamcop.net (Pop) Date: Sun May 15 20:35:03 2005 Subject: [SpamCop-Geeks] Re: FYI Domain Roundtable Conference References: Message-ID: And another knee-jerker who jumps off cliffs, pretended: "PopTart" wrote in message news:d65mrr$dtj$1@news.spamcop.net... > Pop wrote: > >> To me, this looks -just like- a spam that worked! >> Apparently it's OK to advertise here, eh? Long's >> it's something someone might be interested in? >> >> I'm setting up a Zeerocks computer spam skills >> class; how many wish to sign up? Contact me at >> my_domain.asdf.biz. Low rates available for signing >> up early! >> >> > > STFU troll. but can't be bothered to see what the "real" issues were. Or weren't. Probably has no reading comprehension abilities anyway. So long Stu From user at domain.invalid Sun May 15 21:30:16 2005 From: user at domain.invalid (User) Date: Sun May 15 21:30:03 2005 Subject: [SpamCop-Geeks] Re: Adobe Woes... In-Reply-To: References: Message-ID: On 15.05.2005 00:47, Socks the Whitehouse Cat wrote: --- Original Message --- > "Dwayne Conyers" wrote in > news:d66gd4$t4r$1@news.spamcop.net: > >> After investing in a hardware firewall to supplement the software >> firewall, we were unable to repair the machine and after several >> attempts finally reinstalled windows. > > You just dont learn do you? Install linux. Problem solved. MSFT is not > intended for any machine connected to the internet. > If that were the case I wouldn't have any clients .. shhhhh .. go away will ya ??!! ;-) From MikeE at ster.invalid Sun May 15 19:45:49 2005 From: MikeE at ster.invalid (Mike Easter) Date: Sun May 15 21:45:10 2005 Subject: [SpamCop-Geeks] Re: german spam References: Message-ID: posted in sc & geeks f/up geeks John E. Malmberg wrote: > See my post in .geeks if someone has found a SpamAssassin rule to > detect it and backscatter from the mail servers that are abusively > bouncing it. The other day a much detested trollish nanae individual named Moris came up with an excellent regex creation for some issue that was nanae posted. Everyone was astounded that Moris was actually good for something. Maybe if you put the item [propagation's headers & body] in sightings and then asked about it in nanae, Moris would come up with a regex for it. -- Mike Easter kibitzer, not SC admin From wb8tyw at qsl.network Sun May 15 22:59:22 2005 From: wb8tyw at qsl.network (John E. Malmberg) Date: Sun May 15 22:00:03 2005 Subject: [SpamCop-Geeks] Re: german spam In-Reply-To: References: Message-ID: Mike Easter wrote: > posted in sc & geeks f/up geeks > > John E. Malmberg wrote: > >>See my post in .geeks if someone has found a SpamAssassin rule to >>detect it and backscatter from the mail servers that are abusively >>bouncing it. > > The other day a much detested trollish nanae individual named Moris came > up with an excellent regex creation for some issue that was nanae > posted. Everyone was astounded that Moris was actually good for > something. > > Maybe if you put the item [propagation's headers & body] in sightings > and then asked about it in nanae, Moris would come up with a regex for > it. Going from my foggy memory, I was thinking that there were at least 5 variations of it, and the list operator was blocking by subject as they were seeing it from more I.P. addresses than I was. Then it morphed and and a new subject and URL showed up. So I was hoping that someone had a better understanding of this worm. It is tripping enough of the spam detection to get into the moderator queue, but not enough for it to reliably classify it. -John From not at home.today Mon May 16 04:18:58 2005 From: not at home.today (Ant) Date: Sun May 15 22:20:03 2005 Subject: [SpamCop-Geeks] Re: german spam References: Message-ID: "John E. Malmberg" wrote: > Going from my foggy memory, I was thinking that there were at least 5 > variations of it, and the list operator was blocking by subject as they > were seeing it from more I.P. addresses than I was. Then it morphed and > and a new subject and URL showed up. > > So I was hoping that someone had a better understanding of this worm. See Internet Storm Center for more info on this, including Postfix and SA rules: http://isc.sans.org/diary.php?date=2005-05-15 From wb8tyw at qsl.network Mon May 16 00:23:13 2005 From: wb8tyw at qsl.network (John E. Malmberg) Date: Sun May 15 23:25:03 2005 Subject: [SpamCop-Geeks] Re: german spam In-Reply-To: References: Message-ID: Ant wrote: > "John E. Malmberg" wrote: > >>Going from my foggy memory, I was thinking that there were at least 5 >>variations of it, and the list operator was blocking by subject as they >>were seeing it from more I.P. addresses than I was. Then it morphed and >>and a new subject and URL showed up. >> >>So I was hoping that someone had a better understanding of this worm. > > See Internet Storm Center for more info on this, including Postfix > and SA rules: > http://isc.sans.org/diary.php?date=2005-05-15 Thanks, those cover the direct sources. Anyone know how to get SpamAssasin to shake them out of the body or attachments? The blowback from auto-responders and bouncing is starting to increase. -John From nobody at nowhere.invalid Mon May 16 12:23:36 2005 From: nobody at nowhere.invalid (Steven Maesslein) Date: Mon May 16 05:25:03 2005 Subject: [SpamCop-Geeks] Re: sober-p SpamAssasin Rules? References: Message-ID: On Sun, 15 May 2005 18:59:54 -0400, John E. Malmberg coughed into spamcop.geeks and left this in : > Does anyone have some rules that can be used with SpamAssasin to detect > and reject both the Sober-p spam and the backscatter from it? If you want to use SA to reject mails then I'm assuming you're using it as a milter on a Unix system. This being the case, why not just use an anti-virus such as ClamAV and have done with it? -- Steve "They that can give up essential liberty to obtain a little temporary safety deserve neither liberty nor safety." -- Benjamin Franklin, 1759 From MikeE at ster.invalid Mon May 16 03:39:51 2005 From: MikeE at ster.invalid (Mike Easter) Date: Mon May 16 05:40:02 2005 Subject: [SpamCop-Geeks] Re: Log looking References: Message-ID: Mike Easter wrote: > I'm planning on playing with looking at some logs generated by my > BEFSR41 switchrouter - > "You have a choice between using SNMP Trap Watcher, Kiwi Syslog > Daemon, or the Linksys LogViewer I installed the Kiwi, but I didn't like the way the interface worked/looked. The Linksys viewer wouldn't install - but that didn't matter much to me because it wouldn't handle submitting to MNW or DShield. I found out that WallWatcher would be able to feed both MNW & DSh and I like the way its interface works much better. http://www.wallwatcher.com/ -- Mike Easter kibitzer, not SC admin From wb8tyw at qsl.network Mon May 16 09:19:25 2005 From: wb8tyw at qsl.network (John E. Malmberg) Date: Mon May 16 08:20:02 2005 Subject: [SpamCop-Geeks] Re: sober-p SpamAssasin Rules? In-Reply-To: References: Message-ID: Steven Maesslein wrote: > On Sun, 15 May 2005 18:59:54 -0400, John E. Malmberg coughed into > spamcop.geeks and left this in : > >>Does anyone have some rules that can be used with SpamAssasin to detect >>and reject both the Sober-p spam and the backscatter from it? > > If you want to use SA to reject mails then I'm assuming you're using it > as a milter on a Unix system. This being the case, why not just use an > anti-virus such as ClamAV and have done with it? I am not the sysadmin of the systems that are under attack, and all I know about the systems is that they are using SpamAssasin as part of their Anti-spam defenses. Right now the problem no longer appears to be the direct delivery of the spew, but the backscatter from the sites that are auto-responding to it. -John wb8tyw@qsl.network Personal Opinion Only From user at domain.invalid Mon May 16 09:28:17 2005 From: user at domain.invalid (User) Date: Mon May 16 09:30:05 2005 Subject: [SpamCop-Geeks] Re: sober-p SpamAssasin Rules? In-Reply-To: References: Message-ID: On 16.05.2005 04:23, Steven Maesslein wrote: --- Original Message --- > On Sun, 15 May 2005 18:59:54 -0400, John E. Malmberg coughed into > spamcop.geeks and left this in : > >> Does anyone have some rules that can be used with SpamAssasin to detect >> and reject both the Sober-p spam and the backscatter from it? > > If you want to use SA to reject mails then I'm assuming you're using it > as a milter on a Unix system. This being the case, why not just use an > anti-virus such as ClamAV and have done with it? > Was about to post the same thought as I run ClamAV and it traps those emails just fine and dandy. Nary a one slips by. From nobody at nowhere.invalid Mon May 16 16:29:24 2005 From: nobody at nowhere.invalid (Steven Maesslein) Date: Mon May 16 09:30:08 2005 Subject: [SpamCop-Geeks] Re: sober-p SpamAssasin Rules? References: Message-ID: On Mon, 16 May 2005 08:19:25 -0400, John E. Malmberg coughed into spamcop.geeks and left this in : > I am not the sysadmin of the systems that are under attack, Can you not direct hir here? > and all I know about the systems is that they are using SpamAssasin as > part of their Anti-spam defenses. If SA ia /all/ they're using then you really ought to try and point the sysadmin here... > Right now the problem no longer appears to be the direct delivery of the > spew, but the backscatter from the sites that are auto-responding to it. Those sites can be blocked by IP address... -- Steve FAILURE IS NOT AN OPTION. It comes bundled with Microsoft software. From user at domain.invalid Mon May 16 10:03:55 2005 From: user at domain.invalid (User) Date: Mon May 16 10:05:03 2005 Subject: [SpamCop-Geeks] Re: sober-p SpamAssasin Rules? In-Reply-To: References: Message-ID: On 16.05.2005 08:29, Steven Maesslein wrote: --- Original Message --- > On Mon, 16 May 2005 08:19:25 -0400, John E. Malmberg coughed into > spamcop.geeks and left this in : > >> I am not the sysadmin of the systems that are under attack, > > Can you not direct hir here? > >> and all I know about the systems is that they are using SpamAssasin as >> part of their Anti-spam defenses. > > If SA ia /all/ they're using then you really ought to try and point the > sysadmin here... > >> Right now the problem no longer appears to be the direct delivery of the >> spew, but the backscatter from the sites that are auto-responding to it. > > Those sites can be blocked by IP address... > Just ONE sample taken from my ClamAV log: +++ Started at Sun May 8 03:31:23 2005 clamd daemon 0.80 (OS: freebsd4.7, ARCH: i386, CPU: i386) Log file size limited to 1048576 bytes. Running as user clamav (UID 106, GID 106) Reading databases from /usr/local/share/clamav NOTE: ==> Protecting against 34304 viruses. Unix socket file /var/run/clamav/clamd Setting connection queue length to 15 Archive: Archived file size limit set to 10485760 bytes. Archive: Recursion level limit set to 5. Archive: Files limit set to 1000. Archive: Compression ratio limit set to 250. Archive support enabled. Archive: RAR support disabled. Portable Executable support enabled. Mail files support enabled. OLE2 support enabled. HTML support enabled. Self checking every 1800 seconds. stream: Worm.Sober.P FOUND No stats for Database check - forcing reload Reading databases from /usr/local/share/clamav Database correctly reloaded (34304 viruses) SelfCheck: Database status OK. stream: Worm.Sober.P FOUND stream: Worm.Sober.P FOUND SelfCheck: Database status OK. Sober.P et al are resting somewhere in magnetic purgatory. 'nuff said. ;-) From SCNews.5.myspamgobbler at spamgourmet.com