no additives or preservatives

kacked.com



Spam Ecosystem

I wasn't feeling creative or studious or anything the other night. I guess I didn't have much energy --so I decided to setup Spamassassin and ClamAV via Amavis. Much easier than I thought it would be.

Not that I was getting a lot of spam. I wasn't. But getting any at all has a way of really pissing me off. Are you listening spammers?

I LIKE MY DICK THE WAY IT IS!

Anyway... I did something about it... Now whatever spam I get comes in with a mutated subject line like so:

 3 O + Feb 20 Dewitt Hyatt    ( 17K) ***SPAM*** re[18]:  
24   + Feb 16 Shauna Elkins   ( 17K) ***SPAM*** re[8]:
 3 O + Feb 20 Dewitt Hyatt    ( 17K) ***SPAM*** re[18]:

That's all of it --all the spam I have gotten since installing the filters. I wanted to set it so it would just reject the spam before my email server processed it. But then I wouldn't have had the satisfaction of knowing whether it was working on not. And besides, it's recommended that you run it awhile to check for false positives. That would be rude eh? --rejecting a friend's email as spam...

Hehe. Sometimes I do get spam from friends and family. Or at least spam inducing email. You know the ones I mean. The ones where your email address is there along with like forty others "on distribution". When will people learn? How do they think spammers get their email addresses? Do me a favor and learn the wisdom of using BCC. PLEASE.

And I cringe when I get email from someone using Microsoft Outlook. Viruses, trojans and worms... oh my! Do me (and yourself) a favor. Get a real email client. Switch to something that hasn't been a petri dish for years.


Where's The Spam

Experimenting with a lot of different things right now. Studying the "z shell". A new version of blosxom has come out. Made my own openbsd 3.5 cd, etc.

Mostly I'm working on setting up a spam filtering system for my email. Everybody I know seems to get a lot of spam. I've been lucky so far, I maybe get 1 or 2 a week. Nothing like what my friend's complain about. Enough to make me wonder when the deluge is coming though. Enough to make me think it's time to setup some kind of defense mechanism for it.

When I was first looking into it I thought I might setup something like an ISP would have. Now though I'm looking at a more personal style solution. It started with my buddy Michael wanting to experiment with this PGP software that he got. I setup Gnupg (an open source encryption software that would allow me to communicate with PGP), but then found that it wouldn't quite work right with PGP. The reason from what I can gather is that PGP doesn't adhere to the open pgp standard. I found something that explained that I could rewrite the email headers as the mail was received --using Procmail. I set that up, worked pretty well. Now I can receive encrypted email and when I get the encrypted message my mail client just asks me for the password when I got to open the email. Pretty cool stuff. This started me thinking about Procmail... what else could I do with an email processor like that?

So now I'm experimenting with tying various spam filtering components into my email system. A piece at a time. The first one I setup was dcc. I provides various checksums of the different headers and the body of each email as it arrives. These checksums are then sent to a dcc server where they are compared to a database that is maintained which houses the checksums of spam messages. A header gets added to my email message before I even open it with these checksums displayed. For example:

Here's one from an email I sent myself:

X-DCC-sonic.net-Metrics: gandalf.kacked.com 1156; Body=1 Fuz1=1

And here's one from some definate spam:

X-DCC-neonova-Metrics: gandalf.kacked.com 1127; Body=1 Fuz1=1 Fuz2=14

Notice that the fuzzy checksum pegs out at 14. This means that this message has been seen by 14 other people, or rather that 14 other people that use this distributed checksum clearinghouse system recieved similar email messages.

That's all it does right now. Add that header. I plan to add spamassassin and razor as well. How I'm going to actually filter the results isn't clear to me yet. And on top of that I don't actually get enough spam to calibrate my email filters.

I got a little impatient so I signed up for a hotmail account. The last time I did that I had spam in there the next day. I think it was about 30 messages, and I hadn't given the address to ANYBODY. I setup this program gotmail that works like fetchmail --logging into hotmail, grabbing any messages then pouring them into my spam tester. But now there isn't any spam in my hotmail account. I guess maybe microsoft has fixed that problem. What do I have to do to get some juicy spam going?


Email Again

germanemail.pngFinally figured out the deal with my email trouble. Basically it comes down to not being able to speak german too good (as in basically not at all.) I found a setting under "Optionen" (I figure that probably translates to "Options" in english) called "AntiSpam". It had the following text included under the option "Spam-Schutz für Massendomains aktivieren" which had a check box that was clicked:

"Aus Sicherheitsgründen empfängt GMX Mails aus den Domains aol.com, aol.de, hotmail.com, yahoo.com, yahoomail.com und msn.com standardmäßig nur von Mailservern dieser Domains. Sollten Sie diesen Schutzmechanismus ausschalten, rechnen Sie bitte mit einem erhöhten Aufkommen von Spam und/ oder UCE in Ihrem Postfach."

This translates with babelfish to:

"For safety reasons GMX Mails from the Domains receives aol.com, aol.de, hotmail.com, yahoo.com, yahoomail.com and msn.com only according to standard from Mailservern of these Domains. If you should switch this protective mechanism off, count please on the increased arising of Spam and/or UCE in your p.o. box."

A little further down on the page there is a text entry box with the title: "erwünschte Absender".

What I found was that if I put my friend's email addresses in this text box their mail doesn't bounce. Nifty eh? I could have saved all this hassle by either just using an english based web mail account, or maybe just learning some german.

Where's the fun in that?


Spam Nation

SpamNation.pngJust checked that hotmail account that I signed up for two days ago. I haven't given anybody the address but there are thirty two spam messages sitting in there right now. What a joke. To sign up for the account I had to wade through a bunch of stuff about and sign up for Microsoft Passport. Some kind of internet identity "service". Who are they kidding?

Microsoft... get your shit together.



Nullam elementum neque a ante. Vestibulum sed urna hendrerit nibh egestas adipiscing. Ut gravida. Vivamus ut dolor. Mauris molestie elementum magna. Maecenas scelerisque feugiat erat. Sed nec risus. Phasellus eu nunc. Curabitur purus. Ut nonummy. Etiam sit amet mi quis felis suscipit tempus. Cum sociis natoque penatibus et magnis dis parturient montes, nascetur ridiculus mus. Quisque tincidunt ullamcorper massa. Duis elit.

Phasellus viverra dolor. Sed nulla dui, pharetra ut, faucibus ut, tempor sit amet, elit. Sed ut dui. Nunc quam nisl, sodales ut, molestie sit amet, tristique sit amet, pede. Donec ornare massa nec ligula. Morbi eget nunc in lectus vestibulum porttitor. Integer nec mauris mattis nibh elementum facilisis. Praesent wisi. Nullam eros sem, fringilla nec, venenatis non, ultrices nec, turpis. Curabitur et erat id mi auctor pulvinar. Vestibulum ante ipsum primis in faucibus orci luctus et ultrices posuere cubilia Curae; Phasellus tempus, orci congue tincidunt ornare, felis libero tempor lectus, et lobortis eros lacus vitae lacus. Etiam tempus nunc quis wisi. Duis elementum blandit mauris. Etiam malesuada lorem et sem.

Nullam elementum neque a ante. Vestibulum sed urna hendrerit nibh egestas adipiscing. Ut gravida. Vivamus ut dolor. Mauris molestie elementum magna. Maecenas scelerisque feugiat erat. Sed nec risus. Phasellus eu nunc. Curabitur purus. Ut nonummy. Etiam sit amet mi quis felis suscipit tempus. Cum sociis natoque penatibus et magnis dis parturient montes, nascetur ridiculus mus. Quisque tincidunt ullamcorper massa. Duis elit.

Phasellus viverra dolor. Sed nulla dui, pharetra ut, faucibus ut, tempor sit amet, elit. Sed ut dui. Nunc quam nisl, sodales ut, molestie sit amet, tristique sit amet, pede. Donec ornare massa nec ligula. Morbi eget nunc in lectus vestibulum porttitor. Integer nec mauris mattis nibh elementum facilisis. Praesent wisi. Nullam eros sem, fringilla nec, venenatis non, ultrices nec, turpis. Curabitur et erat id mi auctor pulvinar. Vestibulum ante ipsum primis in faucibus orci luctus et ultrices posuere cubilia Curae; Phasellus tempus, orci congue tincidunt ornare, felis libero tempor lectus, et lobortis eros lacus vitae lacus. Etiam tempus nunc quis wisi. Duis elementum blandit mauris. Etiam malesuada lorem et sem.