Archive for the ‘Spam’ Category.

Asian spam — fancy! :-)

Following up on my last post about “poetic spam” (or rather “nonsense spam”) I want to show you how the current wave of spam from Asia looks like (I don’t really know if the text is Chinese or Japanese):

Fancy spam!

This is just plain text and not HTML — but notice how they know how to use all sorts of cute characters like stars and box drawing characters. Much more impressive than most other spam mails I get :-)

Poetic spam? :-)

I sometimes get the most hilarious types of spam, ranging from the plain stupid (those with stuff like %MAKE_TXT[3-6] in the body, a clear sign of someone who was too stupid to figure out how to use their spam-generating software!) to the ones where you cannot read the text because of the obfustication…

And now someone is sending me spam with a text/plain MIME part followed by a text/html part. I’ve of course configured [Gnus][] to prefer the text/plain, and thus I get this (slightly formatting):

Sheriff around take a peek at hydrogen atom beyond curse, but clock for a change of heart about toward anomaly.

Polar bear defined by sheriff, toward trombone, and about briar patch are what made America great!

Vern and I took around microscope (with behind tornado, near fruit cake.

He called her Vern (or was it Vern?). He called her Vern (or was it Vern?).

Behind tuba player, wedding dress around skyscraper, and for hockey player are what made America great!

Strange… and of course it doesn’t help the least bit in defying my trusty SpamAssassin which didn’t appreciate the poetic elements and gave the mail a score of 34.7 points. Everything with a score of 5 points of more is considered spam, so this mail was actually really, really bad. SpamAssassin is working very well for me, I would say that it is 99.9% correct — I cannot even remember having seeing it mark a good email (sometimes called ham) as spam. You should give it a try too if you’re annoyed by spam.

Feeling nervous? Want to lose weight?

Measuring yourself seems to be important when on a diet Lately my site has seen a bunch of spam comments about Phentermine, Alprazolam, and other drugs… luckily they have all been caught by the builtin spam filters in WordPress. But what are all those drugs about anyway, and will people really buy drugs from some website (usually with a not so trustworthy name…) found via a link buried deep in a discussion about PHP Shell?!

Alprazolam pills apparently look like this... A quick search on Google explains that Phentermine is used for loosing weight by lowering the appitite, and Alprazolam is used to relieve anxiety, nervousness, and tension. But is there really such a big market for such drugs?

I guess so, just as there has to be a market for all stuff email spam try to sell us. You know, those appliances and drugs that promise to enlarge various body parts in no time! :-)

I’m bad, I’m a “Dynamic User”

Just when I thought that I had solved my mail problems the next problem appears: the addresses that Bluewin gives out to its ADSL customers (like Stéphanie and I…) are blocked by MAPS! Aargh!

So now I cannot send mail to any SMTP server which consults the Dynamic User List (DUL) — and so having a private SMTP server is no longer an option. Sending my mail through Bluewin isn’t that good either, considering the problems I had sending mail to SourceForge.

I’ve now complained to Bluewin and I hope they can either fix their SMTP server (or at least explain where my mail went…) or remove their IP addresses from DUL. They’re the only one who can get the IPs removed from DUL, us users cannot do anything. I find this very annoying since my server has never been sending out spam and it has never been configured as an open relay.

Oh, and look at the little stamp-sized window you get to write in when you want to contact the Bluewin customer service:

Do they really think that they will receive fewer complaints just because they make the text-area smaller?

How to send mail to SourceForge

Exim MTA logo I spend some time today trying to figure out how I would be able to send mail to SourceForge. SourceForge is an enormous enterprise with more than a million users and hundred thousand projects, most of which have one or more mailinglists associated with them — the amount of mail flowing through SourceForge each day must be huge. So why should I have difficulties sending mail to an address at SourceForge, you might ask? I’ll tell you… :-)

First I discovered that mail bound for mailinglists at SourceForge would disappear on its way. The mail first goes to my local Exim which forwards it to mail.bluewin.ch — the SMTP server at my ISP Bluewin. After that I have no idea what has happened to my mail, I only know that it doesn’t reach the SF mailinglists. A mail to postmaster@bluewin.ch six days ago has gone unanswered… :-/

I then tried cutting out the middle-man and configured my Exim (using the super-simple Debian way of dpkg-reconfigure exim4-config) to send its mail directly like a full-blown SMTP server. I had initially not configured Exim like that because I didn’t want to add yet another publicly accessible server to my system.

But then I ran into the next problem: the spam filtering done at SourceForge. Every time someone tries to send something to their Exim SMTP server (cool, SourceForge use Exim too!) it will make a callout verification of the sender address. This simply means that it will try to deliver a message to the envelope address in the mail. In my case that failed for some reason, and I got this in my Exim log file:

451-could not connect to xxx [xxx.xxx.xxx.xxx]: Connection refused
451-Could not complete sender verify callout for <mg@xxx>.
451-The mail server(s) for the domain may be temporarily unreachable, or
451-they may be permanently unreachable from this server. In the latter case,
451-you need to change the address or create an MX record for its domain
451-if it is supposed to be generally accessible from the Internet.
451 Talk to your mail administrator for details.

I tried opening my router to allow the incoming connection to port 25 (SMTP) but it didn’t help. What to do? The usual when you run into a problem like this: read lots of man pages, configuration files, documentation, websites, etc… :-)

And surely enough, it worked: While reading through the Exim configuration files under /etc/exim4/conf.d/ I stumbled over a reference to /etc/email-addresses. That file is used by Exim when it inserts the envelope sender header in its outgoing mail: if a user is not listed in that file (the default) then it generates the envelope address of

Return-Path: <username@hostname>

In my case that made SourceForge do the callout back to my machine. If I instead add the line

mg: mgeisler@mgeisler.net

to /etc/email-addresses I get the following, much better envelope address in my outgoing mail:

Return-Path: <mgeisler@mgeisler.net>

which causes SourceForge to check with mail.mgeisler.net (the mail exchange for mgeisler.net). And this check succeeds! Hurray, I can now once again send mail to SourceForge hosted mailinglists!

By the way, if you’re running an SMTP server and you’re having problems with spam, then try the Spam Filtering for Mail Exchangers guide to rejecting junk mail in incoming SMTP transactions. They describe a whole bunch of tricks, including the callout verification technique described above and the very clever greylisting technique.

The advantage of this is that you’ll save yourself the trouble of filtering the spam later using something like SpamAssassin, and you’ll save yourself the bandwidth cost of receiving the spam in the first case since you can drop the connection before it has even entered your system.