Hey guys,
I just noticed this recently in my latest posts to the list. But I've noticed that every time I mail the list for some advice, I get hit with spam from a camgirl site like every other message. Kinda funny actually. But also annoying!! Anyone else experience this?
Maybe this is something the admins/moderators can take care of!
Thanks, Tim
Tim Dunphy wrote:
Hey guys,
I just noticed this recently in my latest posts to the list. But I've noticed that every time I mail the list for some advice, I get hit with spam from a camgirl site like every other message. Kinda funny actually. But also annoying!! Anyone else experience this?
Maybe this is something the admins/moderators can take care of!
I would guess that someone, or a bot, joined the list for the sole purpose of harvesting email addresses, and I can't see how the admins can possibly block that.
And, btw, this is where I mostly post using this email address, and no, I'm not sending spam to France, or southeast Asia, or.... (as in, they put my email as their Reply-To:).
mark "ah, for the old days of fair use"
mark
I've been getting that intermittently during the day today.
-----Original Message----- From: centos-bounces@centos.org [mailto:centos-bounces@centos.org] On Behalf Of Tim Dunphy Sent: Friday, August 28, 2015 2:53 PM To: CentOS mailing list centos@centos.org Subject: [CentOS] camgirl spam on the list
Hey guys,
I just noticed this recently in my latest posts to the list. But I've noticed that every time I mail the list for some advice, I get hit with spam from a camgirl site like every other message. Kinda funny actually. But also annoying!! Anyone else experience this?
Maybe this is something the admins/moderators can take care of!
Thanks, Tim
-- GPG me!!
gpg --keyserver pool.sks-keyservers.net --recv-keys F186197B _______________________________________________ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On 28/08/15 22:24, John R Pierce wrote:
On 8/28/2015 1:21 PM, Robert Wolfe wrote:
I've been getting that intermittently during the day today.
I haven't seen any since I put the sending domain with a 'DISCARD' in my /etc/mail/access database (using sendmail here)
Well, is there another domain involved now ? It seems the previous spammer (using multiple VMs on DigitalOcean network) had been blocked. As nothing is sent through the mailman/centos.org server, I can't even look at logs, but if you have useful informations (like some headers), feel free to forward those to me (and not on the list).
Cheers,
- -- Fabian Arrotin The CentOS Project | http://www.centos.org gpg key: 56BEC54E | twitter: @arrfab
Hey Fabian,
Here's the headers for one of the spam responses I got from the list:
from:Tracy tracy12614@safeloves.comreply-to:tracy12614@safeloves.com to:Tim Dunphy bluethundr@gmail.com date:Fri, Aug 28, 2015 at 2:19 PMsubject:Re: [CentOS] apache mysterious 404 errormailed-by:safeloves.comsigned-by:safeloves.com:Important mainly because it was sent directly to you.
Please let me know if that's not what you're looking for!
Thanks, Tim
On Fri, Aug 28, 2015 at 5:18 PM, Fabian Arrotin arrfab@centos.org wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On 28/08/15 22:24, John R Pierce wrote:
On 8/28/2015 1:21 PM, Robert Wolfe wrote:
I've been getting that intermittently during the day today.
I haven't seen any since I put the sending domain with a 'DISCARD' in my /etc/mail/access database (using sendmail here)
Well, is there another domain involved now ? It seems the previous spammer (using multiple VMs on DigitalOcean network) had been blocked. As nothing is sent through the mailman/centos.org server, I can't even look at logs, but if you have useful informations (like some headers), feel free to forward those to me (and not on the list).
Cheers,
Fabian Arrotin The CentOS Project | http://www.centos.org gpg key: 56BEC54E | twitter: @arrfab -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.22 (GNU/Linux)
iEYEARECAAYFAlXg0D4ACgkQnVkHo1a+xU5OnACggUMg3QikAFsgAAeHSGGGI5Q1 5MgAn2leYj3Wbflv1w8gHnNICEEOKOo3 =rEWD -----END PGP SIGNATURE----- _______________________________________________ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
On 8/28/2015 2:21 PM, Tim Dunphy wrote:
Here's the headers for one of the spam responses I got from the list:
from:Tracytracy12614@safeloves.comreply-to:tracy12614@safeloves.com to:Tim Dunphybluethundr@gmail.com date:Fri, Aug 28, 2015 at 2:19 PMsubject:Re: [CentOS] apache mysterious 404 errormailed-by:safeloves.comsigned-by:safeloves.com:Important mainly because it was sent directly to you.
Please let me know if that's not what you're looking for!
typically, you need the 'recieved from' headers so we can tell where it entered your mail system to block spammers.
On Fri, August 28, 2015 4:28 pm, John R Pierce wrote:
On 8/28/2015 2:21 PM, Tim Dunphy wrote:
Here's the headers for one of the spam responses I got from the list:
from:Tracytracy12614@safeloves.comreply-to:tracy12614@safeloves.com to:Tim Dunphybluethundr@gmail.com date:Fri, Aug 28, 2015 at 2:19 PMsubject:Re: [CentOS] apache mysterious 404 errormailed-by:safeloves.comsigned-by:safeloves.com:Important mainly because it was sent directly to you.
Please let me know if that's not what you're looking for!
typically, you need the 'recieved from' headers so we can tell where it entered your mail system to block spammers.
Well, this is second discussion on this subject during last fortnight, and I felt to stay away from it... But I just would add one thing. Blocking originator of messages as John suggests, will work. The only thing about it is: these are single IP domains, and one can easily keep registering new ones, and this is all doable withing the frame digitalocean's (the IP block owner) business model. Attempting to fight on per one case basis with something that can be scripted on the bad guys' side I found counter productive. The only way I've found in the past that is not total waste of my time is: block e-mail from the whole block of IPs of that provider.
This can be done on the side of those being abused. Nothing as a mater of fact can be done on the side of CentOS, and I really regret us wasting Fabian's precious time on this. This is however really serious decision, as you may block some of domains hosted at digitalocean your users may need to communicate with. So, use your own judgement and caution. Grepping your mail logs for long time back is advisable, but by no means can be sufficient for sane decision. Contacting digitalocean with complaints, hm..., though is right thing to do, but quite unlikely will lead to them identifying the "person" and dealing with that person with whole seriousness. IMHO, this last doesn't fit into their business model.
Just my $0.02
Valeri
++++++++++++++++++++++++++++++++++++++++ Valeri Galtsev Sr System Administrator Department of Astronomy and Astrophysics Kavli Institute for Cosmological Physics University of Chicago Phone: 773-702-4247 ++++++++++++++++++++++++++++++++++++++++
On Aug 28, 2015, at 6:00 PM, Valeri Galtsev galtsev@kicp.uchicago.edu wrote:
The only way I've found in the past that is not total waste of my time is: block e-mail from the whole block of IPs of that provider.
Blocking all of digitalocean.com?
I guess that’s fine if you don’t mind having mostly false negatives. You’d be better off teaching your antispam system to treat the netblock with more suspicion. The spam I got had enough other rules that it was already in the “maybe spam” score, I bet if I created a spamassasin rule for it, it’d push it over the top.
-- Jonathan Billings billings@negate.org
On Fri, Aug 28, 2015 at 5:18 PM, Fabian Arrotin arrfab@centos.org wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On 28/08/15 22:24, John R Pierce wrote:
On 8/28/2015 1:21 PM, Robert Wolfe wrote:
I've been getting that intermittently during the day today.
I haven't seen any since I put the sending domain with a 'DISCARD' in my /etc/mail/access database (using sendmail here)
Well, is there another domain involved now ? It seems the previous
At least another one on Friday. Porno-spam from from safethebaby.com
I reported the incident to Digital Ocean and Nodes Direct which I believe got handled rather promptly. (In short a host in Nodes Direct ip space was using a mail host in Digital Ocean ip space.)
spammer (using multiple VMs on DigitalOcean network) had been blocked. As nothing is sent through the mailman/centos.org server, I can't even look at logs, but if you have useful informations (like some headers), feel free to forward those to me (and not on the list).
Cheers,
Fabian Arrotin The CentOS Project | http://www.centos.org gpg key: 56BEC54E | twitter: @arrfab -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.22 (GNU/Linux)
iEYEARECAAYFAlXg0D4ACgkQnVkHo1a+xU5OnACggUMg3QikAFsgAAeHSGGGI5Q1 5MgAn2leYj3Wbflv1w8gHnNICEEOKOo3 =rEWD -----END PGP SIGNATURE----- _______________________________________________ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
On Fri, 2015-08-28 at 15:21 -0500, Robert Wolfe wrote:
I've been getting that intermittently during the day today.
-----Original Message----- From: centos-bounces@centos.org [mailto:centos-bounces@centos.org] On Behalf Of Tim Dunphy
I just noticed this recently in my latest posts to the list. But I've noticed that every time I mail the list for some advice, I get hit with spam from a camgirl site like every other message. Kinda funny actually. But also annoying!! Anyone else experience this?
Since the host name does not fully resolve and the HELO name neither, the junk is rejected for anything sent to my mailing list address.
On 08/28/15 14:53, Tim Dunphy wrote:
Hey guys,
I just noticed this recently in my latest posts to the list. But I've noticed that every time I mail the list for some advice, I get hit with spam from a camgirl site like every other message. Kinda funny actually. But also annoying!! Anyone else experience this?
Maybe this is something the admins/moderators can take care of!
. spam is "a fact of life of the internet". always has been, always will be.
when you spread your email address to the inet and be ready to receive spam.
download email from a server, look forward to receiving spam.
deal with it. set filters of your email client.
if you do not want spam, either set filters and/or firewall rules to block it.
if you do not want spam;
use an isp that you have set to auto delete emails and never pull emails from that isp.
post with sudo-name@sudo-address.bad