Void's Forums

Even with all of my SPAM filtering in place I have been getting a lot of SPAM lately (around 4 a day which is a lot for me). Of course I have several accounts that get 0 SPAM but there is one I use that has slipped into the spammer database. I purposefully use it to continue to block class C address ranges that the SPAM is coming from.

What I have noticed for the last several days (or longer) is that all of the SPAM appears to be coming from Windows machines on cable. I have been nmap'ing every address that I get a SPAM from and port 5000 and 1025 is open on nearly every one and they are usually on home cable connections. So it looks to me like people at home are infected with a SPAM virus of some sort and they seem to be oblivious to it. Until people clean up their crap it's almost impossible to block everything. It seems to have no effect.

Something I am toying with is to write a milter filter for Sendmail that when a message is received it will check for port 5000 being open on the machine that sent the message. If it is, reject it as SPAM. Hell, 5000 is probably the port the virus came in on in the first place, it's a crappy M$ security hole is what it is, the CeNsOrEd, trustworthy computing it is. I figure either that or I could just have the filter connect to the machine and reformat their drive for them...

Anybody else notice similar behavior or have any other suggestions?

wow! nmap'ping hosts is really gonna take some time...I too have found an increase in SPAM all of a sudden. Have found the Bayesian based SPAM filtering techniques to be much better than conventional ones..Btw, does milter have bayesian filters?

I didn't say I would nmap the sending machine although that's what I have been using to manually check the sending host. You are right that would be very slow. There are much faster ways to tell if a single port is open or not. milter is not a SPAM filter specifically but it is a way to access incoming messages before they are dropped in the mailbox for any type of processing you want to do. I currently use it to block messages that come in with certain types of attachments. It shouldn't be too hard to put another filter in place to check the sending machine for an open port 5000 and block based on that. Checking for that port being open should require no more processing than what is needed to check an RBL database, and much less processing than what it takes to just receive a message in the first place.

I started a new page that I will manually update as I have time:

http://voidmain.is-a-geek.net/spam/

Microsoft and the people who use Microsoft software should be banished from the Internet. Microsoft deserves 99% of the blame. Not only are they responsible for the virus problem, and somehow make people believe they just have to put up with it as part of the computing eXPerience, but they now seem to be responsible for most of the SPAM out there! Blood boiling... calm down....

Void Main,

I dont think it would be fair to blame Microsoft..I mean, what IF some other company had 95% of the market share? The crackers and spammers would have surely targeted it too. People are just not aware of what a firewall means. Ask any average MS Windows user if they've paid a visit to windows update and they would have never heard of it. How many users enable the built-in firewall in WindowsXP? Doing that alone, would have prevented the mass infestation of the MS Blaster...

This reminds me, I found these articles interesting...both are unrelated. But on the same subject...

Joe Average User Is In Trouble:
www.theregister.co.uk/content/56/33599.html

Cloaking Device Made for Spammers:
http://www.wired.com/news/print/0,1294,60747,00.html

No, I 100% disagree with your line of market share thinking. I have been in many debates over this and I doubt there is anything you can say that will convince me that this is not Microsoft's fault, at least the majority of the blame. The classic counter example is take Apache. It has over twice the web server market share over IIS. Apache has had like 2 exploits in the last several years (I don't recall the exact numbers off the top of my head but I think it's like 2 in 5-6 years). Take IIS on the other hand, swiss cheese.