[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [leafnode-list] filtering spam articles using the "from" field
- Subject: Re: [leafnode-list] filtering spam articles using the "from" field
- From: Mark <lists@xxxxxxxxxxxxxxxxxxxx>
- Date: Sat, 01 May 2004 09:03:27 -0700
- Delivery-date: Sat, 01 May 2004 18:01:00 +0200
- List-id: Discussions on the Leafnode Usenet software package <leafnode-list.dt.e-technik.uni-dortmund.de>
- User-agent: Mozilla Thunderbird 0.5 (Windows/20040207)
Ray Abbitt wrote:
On Sat, 1 May 2004, Mark wrote:
There is a lot of spam lately that has names in the "from" field such as
jamiescot@xxxxxxxxxxxxxxxx
deanmartin@xxxxxxxxxxxxxxxx
peterreid@xxxxxxxxxxxxxxxx
Is there any way to create a leafnode filter that will reject all posts
based on the .shawcable.net.
It's actually fairly easy, but you may want to reconsider just a bit.
I believe you will find that a lot of legitimate posts in your spool
from users @xx.shawcable.net since shaw is one of the bigger cable
connectivity providers in Canada.
If you use Shaw as your cable ISP (as I do) the headers will show
Path: pd7tw1no!pd7cy1no!shaw.ca!pd7tw1no.POSTED!53ab2750!not-for-mail
Shawcable.net is not a legit posting host for email nor usenet. The
"from" name is being munged to make it appear that the post is coming
from a shawcable.net subscriber....that does not exist.
For instance, if I did not munge my "from" address it would be mark@xxxxxxx
Take a look here for the spam associated with shawcable.net
http://groups.google.ca/groups?q=shawcable.net&ie=UTF-8&oe=UTF-8&hl=en
The following filter will work:
pattern = ^From:.*shawcable.net
action = kill
This will perfectly for me.
Thanks!
But from glancing at your example, you would probably gain a lot more
with less damage by rejecting articles that are excessively
crossposted. There is no legitimate reason that I can think of for
anything to be crossposted to all of those groups (in fact it looks
like troll sign rather than spam). Note that it is more effective to
use a filter that looks for excessive commas (,) in the Newsgroups:
header than it is to use the maxcrosspost directive.)
For example:
pattern = ^Newsgroups:.*,.*,.*,.*,
action = kill
will reject any articles crossposted to 5 or more newsgroups. On my
system I limit it to 3 (pattern = ^Newsgroups:.*,.*,.*,) and anything
crossposted to 4 or more will be rejected.
-ray
--
_______________________________________________
leafnode-list mailing list
leafnode-list@xxxxxxxxxxxxxxxxxxxxxxxxxxxx
http://www.dt.e-technik.uni-dortmund.de/mailman/listinfo/leafnode-list
http://leafnode.sourceforge.net/