Has there been a recent uptick in crap sent to the list or is it just me? Is there anything that we can do to filter these messages with junk links? -AK
It's not just you. -----Original Message----- From: NANOG [mailto:nanog-bounces+milt=net2atlanta.com@nanog.org] On Behalf Of anthony kasza Sent: Sunday, October 25, 2015 12:14 AM To: North American Network Operators Group Subject: Uptick in spam Has there been a recent uptick in crap sent to the list or is it just me? Is there anything that we can do to filter these messages with junk links? -AK
I added this to my postfix header_checks: /^Subject:.*\bFw: new message/ REJECT No more new messages please On Sat, 24 Oct 2015 21:13:58 -0700 anthony kasza <anthony.kasza@gmail.com> wrote:
Has there been a recent uptick in crap sent to the list or is it just me? Is there anything that we can do to filter these messages with junk links?
-AK
Hi, I added this two lines to our postfix header checks: /mike@sentex\.net/ DISCARD /jdenoy@jdlabs\.fr/ DISCARD Worked very well: # grep -i discard /var/log/mail.log | grep -iE "@jdlabs|@sentex" | wc -l 408 Best regards Jürgen Jaritsch Head of Network & Infrastructure ANEXIA Internetdienstleistungs GmbH Telefon: +43-5-0556-300 Telefax: +43-5-0556-500 E-Mail: JJaritsch@anexia-it.com Web: http://www.anexia-it.com Anschrift Hauptsitz Klagenfurt: Feldkirchnerstraße 140, 9020 Klagenfurt Geschäftsführer: Alexander Windbichler Firmenbuch: FN 289918a | Gerichtsstand: Klagenfurt | UID-Nummer: AT U63216601 -----Ursprüngliche Nachricht----- Von: NANOG [mailto:nanog-bounces@nanog.org] Im Auftrag von John Peach Gesendet: Montag, 26. Oktober 2015 17:07 An: nanog@nanog.org Betreff: Re: Uptick in spam I added this to my postfix header_checks: /^Subject:.*\bFw: new message/ REJECT No more new messages please On Sat, 24 Oct 2015 21:13:58 -0700 anthony kasza <anthony.kasza@gmail.com> wrote:
Has there been a recent uptick in crap sent to the list or is it just me? Is there anything that we can do to filter these messages with junk links?
-AK
On 26/10/15 11:38, Jürgen Jaritsch wrote:
Hi,
I added this two lines to our postfix header checks:
/mike@sentex\.net/ DISCARD /jdenoy@jdlabs\.fr/ DISCARD
Worked very well:
# grep -i discard /var/log/mail.log | grep -iE "@jdlabs|@sentex" | wc -l 408
But it is originating all from different IP addresses. Who knows if this is an attack to get *@jdlabs.fr blocked from NANOG and is just getting its goal accomplished.
On Mon, Oct 26, 2015 at 9:40 PM, Octavio Alvarez <octalnanog@alvarezp.org> wrote:
On 26/10/15 11:38, Jürgen Jaritsch wrote: <snip>
But it is originating all from different IP addresses. Who knows if this
is an attack to get *@jdlabs.fr blocked from NANOG and is just getting its goal accomplished.
This is the part that's been bugging me. Doesn't the NANOG server implement SPF checking on inbound list mail? jdlabs.fr doesn't appear to have an SPF record published. It seems to me that these messages should have been dropped during the connection. Ian Smith
On Tue, Oct 27, 2015 at 08:09:00AM -0400, Ian Smith wrote:
This is the part that's been bugging me. Doesn't the NANOG server implement SPF checking on inbound list mail?
Don't know, but it doesn't matter: SPF has zero anti-spam value. (I know. I've studied this in ridiculous detail using a very large corpus of spam/nonspam messages over a very long period of time.) There are much better methods available. ---rsk
Rich Kulawiec <rsk@gsp.org> writes:
On Tue, Oct 27, 2015 at 08:09:00AM -0400, Ian Smith wrote:
This is the part that's been bugging me. Doesn't the NANOG server implement SPF checking on inbound list mail?
Don't know, but it doesn't matter: SPF has zero anti-spam value. (I know. I've studied this in ridiculous detail using a very large corpus of spam/nonspam messages over a very long period of time.) There are much better methods available.
My experience is that it dramatically cuts down on the number of spam bounce messages coming back to the SPF-protected domain. It may be that spammers don't bother sending out spam 'from' SPF-protected domains (that they don't own) but still send the same amount of spam; so it's not an effective antispam technique but it is a good domain reputation preservation technique. ... and thus a suitable topic for NANOG, I guess, rather than a mail abuse list, because it's best use is for domains that send no mail and recieve no mail and don't want anything to do with mail and stil get spam complaints.
Wouldn't that be interesting -- you can't join NANOG unless your email domain publishes an SPF record with a -all rule. That would raise the bar AND prevent the kind of thing that happened this weekend. On Tue, 27 Oct 2015, Geoffrey Keating wrote:
... and thus a suitable topic for NANOG, I guess, rather than a mail abuse list, because it's best use is for domains that send no mail and recieve no mail and don't want anything to do with mail and stil get spam complaints.
--------------------------------------------------------------------------- Peter Beckman Internet Guy beckman@angryox.com http://www.angryox.com/ ---------------------------------------------------------------------------
The trouble is that this is not the NAMSOG (North American Mail Server Operators Group). ;) On Tue, Oct 27, 2015 at 4:59 PM, Peter Beckman <beckman@angryox.com> wrote:
Wouldn't that be interesting -- you can't join NANOG unless your email domain publishes an SPF record with a -all rule.
That would raise the bar AND prevent the kind of thing that happened this weekend.
On Tue, 27 Oct 2015, Geoffrey Keating wrote:
... and thus a suitable topic for NANOG, I guess, rather than a mail
abuse list, because it's best use is for domains that send no mail and recieve no mail and don't want anything to do with mail and stil get spam complaints.
--------------------------------------------------------------------------- Peter Beckman Internet Guy beckman@angryox.com http://www.angryox.com/ ---------------------------------------------------------------------------
In article <alpine.BSF.2.00.1510271757090.95704@nog.angryox.com> you write:
Wouldn't that be interesting -- you can't join NANOG unless your email domain publishes an SPF record with a -all rule.
That would raise the bar AND prevent the kind of thing that happened this weekend.
That's OK. It'd take about 15 minutes for the other 90% of us to migrate over to the new list for people who actually want to get work done. R's, John
On Tue, 27 Oct 2015 17:59:29 -0400, Peter Beckman said:
Wouldn't that be interesting -- you can't join NANOG unless your email domain publishes an SPF record with a -all rule.
That would raise the bar AND prevent the kind of thing that happened this weekend.
And make a number of long-time contributors have to change their e-mail provider just to participate. Hint: There's now 4 people listed in the To/From/CC for this mail, of which 2 don't have a -all SPF record published. Oh. And there's this in the DNS as well: nanog.org. 600 IN TXT "v=spf1 include:_spf.google.com ip4:50.31.151.74 ip6:2001:1838:2001:8::10 ip4:50.31.151.73 ip6:2001:1838:2001:8::9 ~all" Did you *really* want to go there?
Am 27.10.2015 13:09, schrieb Ian Smith:
On Mon, Oct 26, 2015 at 9:40 PM, Octavio Alvarez <octalnanog@alvarezp.org> wrote:
On 26/10/15 11:38, Jürgen Jaritsch wrote: <snip>
But it is originating all from different IP addresses. Who knows if this
is an attack to get *@jdlabs.fr blocked from NANOG and is just getting its goal accomplished.
This is the part that's been bugging me. Doesn't the NANOG server implement SPF checking on inbound list mail? jdlabs.fr doesn't appear to have an SPF record published. It seems to me that these messages should have been dropped during the connection.
If it does (which I don't know), it will probably check the SPF record of the delivering mailserver, which was not *.jdlabs.fr as far as I can see from the mailheaders. Jutta Zalud
But that's not how SPF works. In SPF, the domain of the envelope header sender address is checked against that domain's sender policy. Since jdlabs.fr has no policy specified, a strict SPF policy at the NANOG server would have prevented this small issue. As for the utility of SPF, well. It's not comprehensive, no one I know would say that it is. But it's a bit of a stretch to say that has zero value. It would have prevented this latest bit of fun, which seems to have people upset, so there's *some* value. -Ian On Tue, Oct 27, 2015 at 8:40 AM, Jutta Zalud <ju@netzwerklabor.at> wrote:
Am 27.10.2015 13:09, schrieb Ian Smith: <snip> If it does (which I don't know), it will probably check the SPF record of the delivering mailserver, which was not *.jdlabs.fr as far as I can see from the mailheaders.
Jutta Zalud
On Tue, Oct 27, 2015 at 09:08:00AM -0400, Ian Smith wrote:
But it's a bit of a stretch to say that [SPF] has zero value.
No, it's not a stretch at all. It's a statistical reality. And a single isolated case does not alter that. You're welcome to set up your own network of spamtraps and mailboxes, ingest a sizable corpus of messages, and analyze it. If you do so, and if you take care to ensure that the composition of that traffic is appropriate (that is, not skewed by network, domain, ASN, TLD, etc.), and you accumulate samples over a period of many years, you'll find the same thing. This wasn't always true, incidentally. In the early days of SPF, it did have some value, because -- by far -- the most prolific early adopters of SPF were spammers. ---rsk
I'm not making any argument about the relation of SPF compliance to message quality or spam/ham ratio. You are no doubt correct that at this point in the game SPF doesn't matter with respect to message quality in a larger context, because these days messages that are not SPF compliant will simply never arrive, and therefore aren't sent. I'm saying that SPF helps prevent envelope header forgery, which is what it was designed to do. The fact that NANOG isn't checking SPF (and it isn't, I tested) was exploited and resulted in a lot of spam to the list. This wasn't caught by receiving servers (like Gmail's, for example) because they checked mail.nanog.org against the nanog.org spf record, which checked out. You can argue that envelope header forgery is irrelevant, and that corner cases don't matter. But I think this latest incident provides a good counterexample that it does matter. And it's easy to fix, so why not fix it? -Ian
hosted gmail did catch some of the spam but not all , into auto junk filter due to some of the weblinks were spammy Colin
On 27 Oct 2015, at 14:18, Ian Smith <ian.w.smith@gmail.com> wrote:
I'm not making any argument about the relation of SPF compliance to message quality or spam/ham ratio. You are no doubt correct that at this point in the game SPF doesn't matter with respect to message quality in a larger context, because these days messages that are not SPF compliant will simply never arrive, and therefore aren't sent.
I'm saying that SPF helps prevent envelope header forgery, which is what it was designed to do. The fact that NANOG isn't checking SPF (and it isn't, I tested) was exploited and resulted in a lot of spam to the list. This wasn't caught by receiving servers (like Gmail's, for example) because they checked mail.nanog.org against the nanog.org spf record, which checked out.
You can argue that envelope header forgery is irrelevant, and that corner cases don't matter. But I think this latest incident provides a good counterexample that it does matter. And it's easy to fix, so why not fix it?
-Ian
22 emails later (only counting this thread)... Can someone with the proper privileges confirm they have the spam under control? I think any solution would be acceptable at this point. If you all would like to debate the pros/cons of different spam filtering theories after the spam has subsided, I don't mind but let's safeguard the infrastructure before we start using it again. -AK On Oct 27, 2015 7:20 AM, "Ian Smith" <ian.w.smith@gmail.com> wrote:
I'm not making any argument about the relation of SPF compliance to message quality or spam/ham ratio. You are no doubt correct that at this point in the game SPF doesn't matter with respect to message quality in a larger context, because these days messages that are not SPF compliant will simply never arrive, and therefore aren't sent.
I'm saying that SPF helps prevent envelope header forgery, which is what it was designed to do. The fact that NANOG isn't checking SPF (and it isn't, I tested) was exploited and resulted in a lot of spam to the list. This wasn't caught by receiving servers (like Gmail's, for example) because they checked mail.nanog.org against the nanog.org spf record, which checked out.
You can argue that envelope header forgery is irrelevant, and that corner cases don't matter. But I think this latest incident provides a good counterexample that it does matter. And it's easy to fix, so why not fix it?
-Ian
On Tue, Oct 27, 2015 at 10:18:11AM -0400, Ian Smith wrote:
I'm not making any argument about the relation of SPF compliance to message quality or spam/ham ratio. You are no doubt correct that at this point in the game SPF doesn't matter with respect to message quality in a larger context, because these days messages that are not SPF compliant will simply never arrive, and therefore aren't sent.
No, what I'm trying to explain to you is that the presence or absence of SPF records, and the content of those records, has no bearing on whether not messages emitted are spam or nonspam. I have millions of messages that passed all SPF checks and are clearly spam; I have millions of messages that failed (or had none) and are clearly not spam. I have analyzed this data in ridiculous detail using a variety of statistical/pattern recognition techniques, and the bottom line vis-a-vis SPF is that it simply doesn't matter. It would be nice if it did; it would be nice if the fatuous claim made at SPF's introduction ("Spam as a technical problem is solved by SPF") were true. But it's not. It's worthless.
I'm saying that SPF helps prevent envelope header forgery, which is what it was designed to do.
When trying to stop spam, forgery (header and otherwise) is largely unimportant. These are separate-but-related problems, and it is a fundamental tactical error to conflate them.
The fact that NANOG isn't checking SPF (and it isn't, I tested) was exploited and resulted in a lot of spam to the list.
No, the fact that NANOG's mailing list mechanisms (the MTA, Mailman, etc.) aren't defended by *other* methods is the problem. There are much better ways to accomplish the goal than screwing around with SPF.
You can argue that envelope header forgery is irrelevant, and that corner cases don't matter. But I think this latest incident provides a good counterexample that it does matter.
It's an unimportant and isolated incident. I have a bazillion of those too. But using those, instead of looking at overall statistical trends, is a very poor way to craft mail system defenses. The correct strategy is to begin with those measures that: - have the lowest FP rate - have the lowest FN rate - take the least bandwidth - take the least memory - take the least CPU - are as close as possible to the source of abuse - rely the least on external resources - are simplest to understand - are simplest to implement - are easiest to monitor and evaluate - are easiest to maintain and modify - are the least susceptible to gaming - are the least susceptible to "flavor-of-the-moment" issues and then work down the list from there. This yields architectures that are effective, predictable, and accurate. Not perfect: there is no such thing; but certainly robust enough for production use. ---rsk
On Tue, 27 Oct 2015, Rich Kulawiec wrote:
It would be nice if it did; it would be nice if the fatuous claim made at SPF's introduction ("Spam as a technical problem is solved by SPF") were true. But it's not. It's worthless.
I disagree. Since implementing SPF, there have been no joe-jobs on my accounts, and attempting to pretend to be me via email is difficult where SPF is implemented. I never read or understood that SPF was created to solve the spam problem. It was to give owners of domains a way to say "If you got an email from us from these IPs/hosts, then it is probably from us." It gave domain owners a standardized programmatic way to say to email recipients when to accept or reject email from their domains. SPF is not worthless. However, SPF IS worthless at preventing spam. And while SPF *could* have been implemented by the owner of the email/domain that sent all of the spam to the NANOG list and *if* the mail server for NANOG respected SPF then the emails would have been dropped, it seems one or both is not the case. --------------------------------------------------------------------------- Peter Beckman Internet Guy beckman@angryox.com http://www.angryox.com/ ---------------------------------------------------------------------------
You can argue that envelope header forgery is irrelevant, and that corner cases don't matter. But I think this latest incident provides a good counterexample that it does matter. And it's easy to fix, so why not fix it?
Why do you think that the envelope addresses in the spam bore any relation to the address in the From header? The from comments (the so-called friendly name) were randomized, and they came from compromised servers all over the world, so I'd expect the envelope addresses to be similarly random. SPF has some value for some heavily forged domains, but that's about it. R's, John
I was assuming that messages to the list were already filtered by sender, so non-list or randomized senders would have been rejected by mailman. -Ian
On 2015-10-27 13:08, Ian Smith wrote:
But that's not how SPF works. In SPF, the domain of the envelope header sender address is checked against that domain's sender policy. Since jdlabs.fr has no policy specified, a strict SPF policy at the NANOG server would have prevented this small issue.
No sane system rejects email based on the lack of a SPF policy. If the domain had a policy ending in "-all" and the spam wasn't coming from a source allowed by the policy then it should be marked as failing, held for moderator review, or rejected. -- “Simply stated, we have a new formula for Coke.” --- Roberto C. Goizueta, Company Chairman, Coca-Cola
On 27/10/15 05:40, Jutta Zalud wrote:
But it is originating all from different IP addresses. Who knows if this is an attack to get *@jdlabs.fr blocked from NANOG and is just getting its goal accomplished.
This is the part that's been bugging me. Doesn't the NANOG server implement SPF checking on inbound list mail? jdlabs.fr doesn't appear to have an SPF record published. It seems to me that these messages should have been dropped during the connection.
Well... an empty record is pretty much the same as "?all" anyway. The correct interpretation from the receiving MTA is "The SPF (if it exists) doesn't say if this is spam or not". This could, of course, vary from implementation to implementation.
If it does (which I don't know), it will probably check the SPF record of the delivering mailserver, which was not *.jdlabs.fr as far as I can see from the mailheaders.
And also, most of the MX records end in ~all or ?all anyway, and ?all is the default if no "all" is defined, and the lack of jdlabs.fr SPF record is the equivalent of being defined as "?all". I now wonder if there is *really* a case for the ~ and ? operators in SPF and if we could deprecate ?all and ~all, and change the default to -all, by RFC. This would be just to make SPF useful. In its current state it asserts nothing, and --by its definition-- it forces no work from anybody. Best regards.
On 10/27/2015 05:09 AM, Ian Smith wrote:
On Mon, Oct 26, 2015 at 9:40 PM, Octavio Alvarez <octalnanog@alvarezp.org <mailto:octalnanog@alvarezp.org>> wrote:
On 26/10/15 11:38, Jürgen Jaritsch wrote: <snip>
But it is originating all from different IP addresses. Who knows if this is an attack to get *@jdlabs.fr <http://jdlabs.fr/> blocked from NANOG and is just getting its goal accomplished.
This is the part that's been bugging me. Doesn't the NANOG server implement SPF checking on inbound list mail? jdlabs.fr <http://jdlabs.fr> doesn't appear to have an SPF record published. It seems to me that these messages should have been dropped during the connection.
That doesn't stop spam from hijacked accounts. For this case, an account was compromised, apparently. What if after 6 messages in the last 5 minutes with the same or absent 'In-Reply-To' moves the account to moderation mode. Easier said than implemented, though.
On Wed, Oct 28, 2015 at 3:44 AM, Octavio Alvarez <octalnanog@alvarezp.org> wrote:
On 10/27/2015 05:09 AM, Ian Smith wrote:
On Mon, Oct 26, 2015 at 9:40 PM, Octavio Alvarez <octalnanog@alvarezp.org <mailto:octalnanog@alvarezp.org>> wrote:
On 26/10/15 11:38, Jürgen Jaritsch wrote: <snip>
But it is originating all from different IP addresses. Who knows if this is an attack to get *@jdlabs.fr <http://jdlabs.fr/> blocked from NANOG and is just getting its goal accomplished.
This is the part that's been bugging me. Doesn't the NANOG server implement SPF checking on inbound list mail? jdlabs.fr <http://jdlabs.fr> doesn't appear to have an SPF record published. It seems to me that these messages should have been dropped during the connection.
That doesn't stop spam from hijacked accounts.
For this case, an account was compromised, apparently.
There was no account compromise, it was only oddball webservers that were compromised and then used in a spam run where the From was set to a nanog subscriber's email address.
What if after 6 messages in the last 5 minutes with the same or absent 'In-Reply-To' moves he account to moderation mode.
Easier said than implemented, though.
This is already under consideration, by me, for a mailman patch. It's a good idea that has been around for a while and is well worth having as an option. -Jim P.
All. Weekend. Long. I wanted someone to say something before I did. I thought I was the only one. Kirill Klimakhin Principal Consultant Kirill.Klimakhin@corebts.com www.corebts.com -----Original Message----- From: NANOG [mailto:nanog-bounces+kirill.klimakhin=corebts.com@nanog.org] On Behalf Of anthony kasza Sent: Sunday, October 25, 2015 12:14 AM To: North American Network Operators Group <nanog@nanog.org> Subject: Uptick in spam Has there been a recent uptick in crap sent to the list or is it just me? Is there anything that we can do to filter these messages with junk links? -AK ________________________________ Important Notice: This email message and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you are not the named addressee, you should not disseminate, distribute or copy this e-mail. Please notify the sender immediately by e-mail if you have received this e-mail by mistake and delete this e-mail from your system. Please note that any views or opinions presented in this email are solely those of the author and do not necessarily represent those of Core BTS. Core BTS specifically disclaims liability for any damage caused by any virus transmitted by this email.
I see it too, there are some 517 messages in my spam folder "New message" Most of them get blocked, but a small fraction are still making it into my inbox On 10/25/2015 12:13 AM, anthony kasza wrote:
Has there been a recent uptick in crap sent to the list or is it just me? Is there anything that we can do to filter these messages with junk links?
-AK
Filtering *@jdlabs.fr did the trick for me. Of course, now I have to write a much more complex filter to hide all the complaining about NANOG spam :) Ian Smith ________________________________________ 161 South St. Hightstown, NJ 201-315-1316 phone ian.w.smith@gmail.com On Mon, Oct 26, 2015 at 12:14 PM, Paras <paras@protrafsolutions.com> wrote:
I see it too, there are some 517 messages in my spam folder "New message"
Most of them get blocked, but a small fraction are still making it into my inbox
On 10/25/2015 12:13 AM, anthony kasza wrote:
Has there been a recent uptick in crap sent to the list or is it just me? Is there anything that we can do to filter these messages with junk links?
-AK
I think there might be more emails discussing the spam, than the actual spam itself. -----Original Message----- From: NANOG [mailto:nanog-bounces@nanog.org] On Behalf Of Ian Smith Sent: Monday, October 26, 2015 12:34 PM To: Paras <paras@protrafsolutions.com> Cc: nanog@nanog.org Subject: Re: Uptick in spam Filtering *@jdlabs.fr did the trick for me. Of course, now I have to write a much more complex filter to hide all the complaining about NANOG spam :) Ian Smith ________________________________________ 161 South St. Hightstown, NJ 201-315-1316 phone ian.w.smith@gmail.com On Mon, Oct 26, 2015 at 12:14 PM, Paras <paras@protrafsolutions.com> wrote:
I see it too, there are some 517 messages in my spam folder "New message"
Most of them get blocked, but a small fraction are still making it into my inbox
On 10/25/2015 12:13 AM, anthony kasza wrote:
Has there been a recent uptick in crap sent to the list or is it just me? Is there anything that we can do to filter these messages with junk links?
-AK
not even close to more discussing than from the original spam. Not even close. On Mon, Oct 26, 2015 at 4:57 PM, Steve Mikulasik <Steve.Mikulasik@civeo.com> wrote:
I think there might be more emails discussing the spam, than the actual spam itself.
-----Original Message----- From: NANOG [mailto:nanog-bounces@nanog.org] On Behalf Of Ian Smith Sent: Monday, October 26, 2015 12:34 PM To: Paras <paras@protrafsolutions.com> Cc: nanog@nanog.org Subject: Re: Uptick in spam
Filtering *@jdlabs.fr did the trick for me.
Of course, now I have to write a much more complex filter to hide all the complaining about NANOG spam :)
Ian Smith ________________________________________
161 South St. Hightstown, NJ 201-315-1316 phone ian.w.smith@gmail.com
On Mon, Oct 26, 2015 at 12:14 PM, Paras <paras@protrafsolutions.com> wrote:
I see it too, there are some 517 messages in my spam folder "New message"
Most of them get blocked, but a small fraction are still making it into my inbox
On 10/25/2015 12:13 AM, anthony kasza wrote:
Has there been a recent uptick in crap sent to the list or is it just me? Is there anything that we can do to filter these messages with junk links?
-AK
Hi,
not even close to more discussing than from the original spam. Not even close.
data volume wise, the discussion of spam is easily beating the volume of spam (which some people had issue with) as the SPAM emails were very small with just a URL - the discusions about it is now spread into around 6 threads with many pages of text in some messages. alan
Hey! Maybe this is relevant: <https://utcc.utoronto.ca/~cks/space/blog/spam/OutlookSpamGetsWorseII> On Mon, Oct 26, 2015 at 11:14 AM, Paras <paras@protrafsolutions.com> wrote:
I see it too, there are some 517 messages in my spam folder "New message"
Most of them get blocked, but a small fraction are still making it into my inbox
On 10/25/2015 12:13 AM, anthony kasza wrote:
Has there been a recent uptick in crap sent to the list or is it just me? Is there anything that we can do to filter these messages with junk links?
-AK
The spam is real. You can tune your own spamassassin-installation by adding these lines to local.cf: #Custom Rule for SPAMCOP header SUBJECT_FW_NEWMESSAGE Subject =~ /(Fw: new message)/ describe SUBJECT_FW_NEWMESSAGE subject fw new message score SUBJECT_FW_NEWMESSAGE 10.0 I caught hundreds of these in my spam folder. Gunther
-----Ursprüngliche Nachricht----- Von: NANOG [mailto:nanog-bounces+gstammw=gmx.net@nanog.org] Im Auftrag von anthony kasza Gesendet: Sonntag, 25. Oktober 2015 05:14 An: North American Network Operators Group Betreff: Uptick in spam
Has there been a recent uptick in crap sent to the list or is it just me? Is there anything that we can do to filter these messages with junk links?
-AK
participants (24)
-
A.L.M.Buxey@lboro.ac.uk
-
Andrew Kirch
-
anthony kasza
-
Colin Johnston
-
Connor Wilkins
-
Geoffrey Keating
-
Gunther Stammwitz
-
Hunter Fuller
-
Ian Smith
-
Ishmael Rufus
-
Jim Popovitch
-
John Levine
-
John Peach
-
Jutta Zalud
-
Jürgen Jaritsch
-
Klimakhin, Kirill
-
Larry Sheldon
-
Milt Aitken
-
Octavio Alvarez
-
Paras
-
Peter Beckman
-
Rich Kulawiec
-
Steve Mikulasik
-
Valdis.Kletnieks@vt.edu