BLTT :: spam

received_from - find the last MTA hop

Thu, 25 Oct 2007

received_from parses any mbox style mailbox and prints out the IP address of the last MTA to connect to the given hostname. This list of IPs can be useful for generating black- or whitelists.

(version 0.20, updated 25 October 2007)

Usage:

formail -c -s < spam.mbx | received_from --days=30 --last_hop=my.hostname.tld --class_c | sort -u > $HOME/spammers
...

(read more...)

[ category: /spam | link: received_from ]

Giving up (maybe for reals this time)

Tue, 25 Sep 2007

I don't think I'll post more on this subject. I feel that I've got a long-term solution that works for me--I have beat spam and it takes less than 10 seconds per day to do it (about the time it takes for me to save the handful of spams in my 'spam' folder).

When last I wrote, my spammer friends had tried 215 times (thats 215 half-hour long connections or 107.5 hours) to alert me to a "hot stock" or some other important message. Since then, they've gradually declined again: ...

(read more...)

[ category: /spam | link: 070925090651 ]

Welcome back!

Wed, 19 Sep 2007

I want to give a hearty "welcome back!" to my spammers. They're really showing some cheek the past few days, making me rescale my histospam:

20070911: #################################### (77)
20070912: ################################################ (101)
20070913: ###################################### (81)
20070914: ################ (35)
20070915: ############# (28)
20070916: ########### (24)
...

(read more...)

[ category: /spam | link: 070919063845 ]

Tarpits Work

Tue, 18 Sep 2007

Here are a few juicy processes, eagerly waiting for that heavenly "connection closed" message from my server:

10:34AM  sendmail: startup with mx150.immensedispersalpublicity.com (sendmail)
10:36AM  sendmail: startup with mx149.immensetradepublicity.com (sendmail)
10:44AM  sendmail: startup with mx149.immensetradepublicity.com (sendmail)
10:54AM  sendmail: startup with mx150.immensedispersalpublicity.com (sendmail)
10:59AM  sendmail: startup with pd1.peanutdays.com (sendmail)

The first couple have been going for about half-an-hour.

[ category: /spam | link: 070918110039 ]

Giving Up?

Mon, 17 Sep 2007

I think the spammers are giving up on me. This is sad because my beautiful blocked-to-spam ratio is certainly going to drop. Here's the sender-blocked histogram:

20070912: ##################################################################################################### (101)
20070913: ################################################################################# (81)
20070914: ################################### (35)
20070915: ############################ (28)
20070916: ######################## (24)
...

(read more...)

[ category: /spam | link: 070917095655 ]

I'm Special (update)

Thu, 13 Sep 2007

Just an update. Looks like my list is getting more efficient over time. Here is a sender-blocked update for the past 8 days:

20070905: ################ (16)
20070906: ##################################### (37)
20070907: ###################### (22)
20070908: ############## (14)
20070909: ########################### (27)
20070910: ##################################### (37)
...

(read more...)

[ category: /spam | link: 070913132426 ]

I'm Somebody Special!

Tue, 11 Sep 2007

Spammers must think I'm somebody influential or special, because since I've made my latest spam posts, they're really giving it through the firehose.

Here, for example, is the rate I've received spam in my inbox for the past 20 days:

20070823: ############################ (28)
20070824: ############################ (28)
...

(read more...)

[ category: /spam | link: 070911200100 ]

New Techniques

Fri, 07 Sep 2007

I've been fairly content for the past two years with Spamhaus's RBLs. Of the total mail blocked by my RBLs, Spamhaus accounts for nearly all of it:

sbl-xbl => 28883
    zen => 14384
 dsbl.org =>   798

This data is for the past ...

(read more...)

[ category: /spam | link: 070907102830 ]

Which RBL caught my spam?

Fri, 07 Sep 2007

I'm a big believer in statistics. If you don't know which spam-fighting techniques are most effective, you're probably wasting lots of effort in the wrong places.

One little one-liner I use to gauge effectiveness is this:

zcat /var/log/maillog.* | grep 'Access denied' | perl -lne '/Access denied\((.+?)\) for/ && $reason{$1}++;' \
-e 'END { print "$_ => $reason{$_}" for sort keys %reason }'

...

(read more...)

[ category: /spam | link: which_rbl ]

histospam - a spam histogram from procmail logs

Fri, 22 Jul 2005

histospam is a program that creates a histogram of email messages received by procmail.

Output is in the format:

yyyymmdd => ***... (message count)

Sample usage:

...

(read more...)

[ category: /spam/util | link: histospam ]

Better Living Through Thinking	home \| blog
received_from - find the last MTA hop Thu, 25 Oct 2007 received_from parses any mbox style mailbox and prints out the IP address of the last MTA to connect to the given hostname. This list of IPs can be useful for generating black- or whitelists. (version 0.20, updated 25 October 2007) Usage: formail -c -s < spam.mbx \| received_from --days=30 --last_hop=my.hostname.tld --class_c \| sort -u > $HOME/spammers ... (read more...) [ category: /spam \| link: received_from ] Giving up (maybe for reals this time) Tue, 25 Sep 2007 I don't think I'll post more on this subject. I feel that I've got a long-term solution that works for me--I have beat spam and it takes less than 10 seconds per day to do it (about the time it takes for me to save the handful of spams in my 'spam' folder). When last I wrote, my spammer friends had tried 215 times (thats 215 half-hour long connections or 107.5 hours) to alert me to a "hot stock" or some other important message. Since then, they've gradually declined again: ... (read more...) [ category: /spam \| link: 070925090651 ] Welcome back! Wed, 19 Sep 2007 I want to give a hearty "welcome back!" to my spammers. They're really showing some cheek the past few days, making me rescale my histospam: 20070911: #################################### (77) 20070912: ################################################ (101) 20070913: ###################################### (81) 20070914: ################ (35) 20070915: ############# (28) 20070916: ########### (24) ... (read more...) [ category: /spam \| link: 070919063845 ] Tarpits Work Tue, 18 Sep 2007 Here are a few juicy processes, eagerly waiting for that heavenly "connection closed" message from my server: 10:34AM sendmail: startup with mx150.immensedispersalpublicity.com (sendmail) 10:36AM sendmail: startup with mx149.immensetradepublicity.com (sendmail) 10:44AM sendmail: startup with mx149.immensetradepublicity.com (sendmail) 10:54AM sendmail: startup with mx150.immensedispersalpublicity.com (sendmail) 10:59AM sendmail: startup with pd1.peanutdays.com (sendmail) The first couple have been going for about half-an-hour. [ category: /spam \| link: 070918110039 ] Giving Up? Mon, 17 Sep 2007 I think the spammers are giving up on me. This is sad because my beautiful blocked-to-spam ratio is certainly going to drop. Here's the sender-blocked histogram: 20070912: ##################################################################################################### (101) 20070913: ################################################################################# (81) 20070914: ################################### (35) 20070915: ############################ (28) 20070916: ######################## (24) ... (read more...) [ category: /spam \| link: 070917095655 ] I'm Special (update) Thu, 13 Sep 2007 Just an update. Looks like my list is getting more efficient over time. Here is a sender-blocked update for the past 8 days: 20070905: ################ (16) 20070906: ##################################### (37) 20070907: ###################### (22) 20070908: ############## (14) 20070909: ########################### (27) 20070910: ##################################### (37) ... (read more...) [ category: /spam \| link: 070913132426 ] I'm Somebody Special! Tue, 11 Sep 2007 Spammers must think I'm somebody influential or special, because since I've made my latest spam posts, they're really giving it through the firehose. Here, for example, is the rate I've received spam in my inbox for the past 20 days: 20070823: ############################ (28) 20070824: ############################ (28) ... (read more...) [ category: /spam \| link: 070911200100 ] New Techniques Fri, 07 Sep 2007 I've been fairly content for the past two years with Spamhaus's RBLs. Of the total mail blocked by my RBLs, Spamhaus accounts for nearly all of it: sbl-xbl => 28883 zen => 14384 dsbl.org => 798 This data is for the past ... (read more...) [ category: /spam \| link: 070907102830 ] Which RBL caught my spam? Fri, 07 Sep 2007 I'm a big believer in statistics. If you don't know which spam-fighting techniques are most effective, you're probably wasting lots of effort in the wrong places. One little one-liner I use to gauge effectiveness is this: zcat /var/log/maillog.* \| grep 'Access denied' \| perl -lne '/Access denied\((.+?)\) for/ && $reason{$1}++;' \ -e 'END { print "$_ => $reason{$_}" for sort keys %reason }' ... (read more...) [ category: /spam \| link: which_rbl ] histospam - a spam histogram from procmail logs Fri, 22 Jul 2005 histospam is a program that creates a histogram of email messages received by procmail. Output is in the format: yyyymmdd => ***... (message count) Sample usage: ... (read more...) [ category: /spam/util \| link: histospam ] Next 10 entries Home \| Blog Home \| About BLTT Copyright 2005, Scott Wiersdorf	Audio Broadcast ON AIR: listen Loreena McKennitt Dark Night Of The Soul Moon Status Phase: 28.60% Illuminated: 61.23% Age (days): 8.45 Mon Sep 8 12:46:09 MDT 2008 Categories util (1) histospam - a spam histogram from procmail logs

Better Living Through Thinking

Thu, 25 Oct 2007

Tue, 25 Sep 2007

Wed, 19 Sep 2007

Tue, 18 Sep 2007

Mon, 17 Sep 2007

Thu, 13 Sep 2007

Tue, 11 Sep 2007

Fri, 07 Sep 2007

Fri, 07 Sep 2007

Fri, 22 Jul 2005

Audio Broadcast

Moon Status

Categories

util (1)