[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [leafnode-list] filtering spam articles using the "from" field

Subject: Re: [leafnode-list] filtering spam articles using the "from" field
From: Mark <lists@xxxxxxxxxxxxxxxxxxxx>
Date: Sat, 01 May 2004 09:03:27 -0700
Delivery-date: Sat, 01 May 2004 18:01:00 +0200
List-id: Discussions on the Leafnode Usenet software package <leafnode-list.dt.e-technik.uni-dortmund.de>
User-agent: Mozilla Thunderbird 0.5 (Windows/20040207)

Ray Abbitt wrote:

On Sat, 1 May 2004, Mark wrote:
There is a lot of spam lately that has names in the "from" field such as
jamiescot@xxxxxxxxxxxxxxxx
deanmartin@xxxxxxxxxxxxxxxx
peterreid@xxxxxxxxxxxxxxxx
Is there any way to create a leafnode filter that will reject all posts based on the .shawcable.net.
It's actually fairly easy, but you may want to reconsider just a bit. I believe you will find that a lot of legitimate posts in your spool from users @xx.shawcable.net since shaw is one of the bigger cable connectivity providers in Canada.


If you use Shaw as your cable ISP (as I do) the headers will show
Path: pd7tw1no!pd7cy1no!shaw.ca!pd7tw1no.POSTED!53ab2750!not-for-mail

Shawcable.net is not a legit posting host for email nor usenet. The "from" name is being munged to make it appear that the post is coming from a shawcable.net subscriber....that does not exist. For instance, if I did not munge my "from" address it would be mark@xxxxxxx

Take a look here for the spam associated with shawcable.net
http://groups.google.ca/groups?q=shawcable.net&ie=UTF-8&oe=UTF-8&hl=en

The following filter will work:


pattern = ^From:.*shawcable.net
action = kill

This will perfectly for me.

Thanks!

But from glancing at your example, you would probably gain a lot more with less damage by rejecting articles that are excessively crossposted. There is no legitimate reason that I can think of for anything to be crossposted to all of those groups (in fact it looks like troll sign rather than spam). Note that it is more effective to use a filter that looks for excessive commas (,) in the Newsgroups: header than it is to use the maxcrosspost directive.)

For example:
pattern = ^Newsgroups:.*,.*,.*,.*,
action = kill
will reject any articles crossposted to 5 or more newsgroups. On my system I limit it to 3 (pattern = ^Newsgroups:.*,.*,.*,) and anything crossposted to 4 or more will be rejected.

-ray


--
_______________________________________________
leafnode-list mailing list
leafnode-list@xxxxxxxxxxxxxxxxxxxxxxxxxxxx
http://www.dt.e-technik.uni-dortmund.de/mailman/listinfo/leafnode-list
http://leafnode.sourceforge.net/

References:
- Re: [leafnode-list] filtering spam articles using the "from" field
  - From: Ray Abbitt

Prev by Date: Re: [leafnode-list] filtering spam articles using the "from" field
Next by Date: Re: [leafnode-list] filtering spam articles using the "from" field
Previous by thread: Re: [leafnode-list] filtering spam articles using the "from" field
Next by thread: Re: [leafnode-list] filtering spam articles using the "from" field
Index(es):
- Date
- Thread