Spam Harvester getting to the BBS?

I just received my first piece of spam to my [email protected] email address. It's not my first piece of spam -- I get about 20-30 a day to my other accounts in total, but it is the first to this address.

As far as I can remember, I've not used this address for anything other than this BBS.

Is someone harvesting addresses, or is it just that someone in the past has emailed me at that address (having seen it on this board), and something's harvested their address book?

Before I joined the BBS I hardly had any spam, since joining I get 30-40 spam emails a day. I've since modified my address in my profile.

I've been here for quite some time, and I only very recently started receiving obscene amounts of spam. And that's also after I adjusted my email in my profile.

It was really weird. In all the time I've had an email address, I've gotten about 4 to 6 spam mails a day. Then it seemed that one day I suddenly started getting 70 to 80 and sometimes 100. I check my email as often as possible during the day as a result, just so it's easier to sort through. I have some home made filters set up in OE, but I need something more. Like sufficient legislation

Then it seemed that one day I suddenly started getting 70 to 80 and sometimes 100.

I don't think that the rise in spam is directly linked to the BBS, more that, all of a sudden, spam just became a hell of a lot more prevalent.

It's just that this is the first time that the address I use on the BBS has received any spam.

For catching spam, I use SpamBayes on Outlook. It does a very good job of catching spam.

I'll second SpamBayes. Great job.

This is the only forum or place online i've ever used my work email address unmodified. Mistake. I get 50+ spams a day now... and i'd modified my email address years ago.

Oh no, I was arguing that it wasn't this BBS that caused me to get spam. I was saying that my rise in spam was literally overnight! I'm talking 4 to 6 messages for 4 to 5 years, then BAM! 100 a day consistently for the past year. I'll definitely try that program, though!!

I'll definitely try that program, though!!

The plugin only works with Outlook, not Outlook Express. For Outlook Express, you'll need to use one of the other solutions, like a POP/IMAP proxy.

They seem to be harder to train, though. The Outlook plugin just has a pair of buttons which you press whenever something gets misfiled: "Delete as Spam" and "Recover from Spam".

Incoming mail either stays in the Inbox, or ends up in "Junk Suspects" or "Junk E-Mail". These days (now that I've trained it) I never have to rescue anything from "Junk E-Mail". I sometimes have to rescue things from "Junk Suspects", still.

I use the (free) SBL and XBL blacklist service from Spamhaus and it is really, really good. In the first ten days of 2004 it blocked over 2,500 emails from our server. I also use www.blackholes.us (blocking China, Korea, Brazil, Argentina and Russia). That is also very effective - it blocked nearly a thousand in that period, yet it still let in an email from Hong Kong.

Gareth

Ah crap. I don't use Outlook because I don't need all the other things it does. There's no other solution for OE? How do I go about using a proxy?

You have to use a proxy for OE.

http://spambayes.sourceforge.net/applications.html#sb_server

This is probably my fourth or fifth shameless plug for Popfile on this BBS. It's a proxy-type solution with a very neat web interface that makes training less painful (though not as painless as clicking a button in Outlook.) My accuracy has hovered around 99.5% for about a year now.

SpamAssassin all the way IMO

Am I correct in my impression that the program is easy to use but difficult to set up? Here's some questions to get me started on my own system:

-what's this Python business?
-on the FAQ's high-level summary, is it saying that all those components are used, or just some of them, depending on what you do?
-how much does this alter my messages? It just adds a header, right? It isn't very visible, is it?

Really, I'm not sure at all how to set this up. Would someone be kind enough to explain how to set it up with this proxy component on a Win2K box?

Well, the actual outlook component itself is easy, i just installed it and trained it on some presorted mail in a matter of 3 minutes. Sweeeet. The proxy shouldn't be much harder to install... there are install instructions aren't there?

But there doesn't appear to be an installer for anything other than the Outlook plugin. I downloaded the zip file, and there's a bunch of files that I don't know what to do with.

I think I may try PopFile instead. It's got an installer and very clear instructions. I'm sure I could get the other thing working, but the instructions on that page are either not clear, or the ones I need are mixed in with the overall FAQ. I'm not fond of that.

Thanks for the link, Tony (again, I remember you posting it before, but I'll give it a shot this time ).

I do not get any spam at all (and I mean zero) on the address I use here, but it is a Yahoo account and they have some serious behind-the-scenes spam blocking stuff there. But even then you would expect some to slip through if I was getting any at all.

I use Spambayes at work with Outlook. It works pretty well, but I don't get enough spam there either to properly train it. I have passed it around to several other people here who get a lot more spam than I and they (mostly) all love it.

My primary Hotmail account used to get serious Spam, but they recently did something behind the scenes there to kill 90% of the spam as well. I get a fraction of what I used to.

Mozilla mail has a bayesian filter just like SpamBayes for Outlook. That is what I use for my personal mail, along with SpamAssasin on my server. Mozilla filters a good 95% of the seep-through spam.

At work (where I have to use Outlook) Spambayes is great.

Yeah, I'll second the mozilla mail solution (thunderbird). It has a very good learning, programmable junk mail filtering system built in, which I've found works well.

And as a former longtime OE user, the switchover was surprisingly painless.

Heres the dirt.

Mozilla will take over my database of emails (in the thousands) and my inbox directory tree?

Odd that you don't get any spam to your yahoo account. I get it by the bucket-load. It's not even an address I use - I just have the account to access yahoogroups and YIM, and it must get 60 spams a day into the inbox and 100's into the bulk messages folder

Mozilla will take over my database of emails (in the thousands) and my inbox directory tree?

I moved from OE to Mozilla about six months back and think it's very good. All my messages were imported completely fine, although your email accounts will be listed with their own separate Inboxes etc. and there is a "Local Folders" list which is like the standard OE setup. You need to add a rule to each account to move the messages into the Inbox of the local folder.

Gareth

The thing is, my inbox has many folders that I use to sort out my mail. Some are two levels deep. I'd be concerned about switching if that didn't work out well. Having a seperat inbox for each account would actually be preferable, but not required.

It doesn't really matter. I don't especially have a need for switching. A built in filter would be nice, but I'll try Popfile for now and see how it goes.

Mozilla will take over my database of emails (in the thousands) and my inbox directory tree?

Mine did, but I use IMAP so it was just a matter of pointing thunderbird to the right server and doing a synch.
It found all my folders (nested and otherwise) and my multiple thousands of emails. It also easily imported my OE address book.

I cant speak for POP mail though...

Interesting.

I've set up POPFile and I like it a lot. Given that I very much disliked Mozilla's browser, I doubt I'll like their email client. I think I'll pass on it.

Some possibilities?
IE has a bad habit of giving away your profile, which includes your email address from OE or Outlook, when asked by a web page for the info. (or at least that is the rumor I heard).

Also, if you search your BBS username at G00gle you can find some of your posts and sometime email addys if they were attached to a message. For example, search my username and the first hit is my profile page for the empeg BBS. Maybe placing something to foil the searchbots would fix this?

Just some possibilities...

Sean in NC

EDIT: Roger, I just noticed that you have your email in your BBS profile. I bet G00gle has indexed this and someone is harvesting it from them. Do a search on "Roger empeg" and this is what comes up on the first page:

Profile for Roger - Forums powered by UBBThreads™
Main Index | Search | New user | Login | Who's Online | BBS FAQ. Profile for Roger.
Email, [email protected]. Name, Roger Lipscombe. Title, Pooh-Bah. ...
empeg.comms.net/php/showprofile.php?User=Roger - 8k - Jan 14, 2004 - Cached - Similar pages

this is what comes up on the first page

Ah. Damn. Can we robots.txt the profiles out of Google?

Ah. Damn. Can we robots.txt the profiles out of Google?

Done and copied to the Rio Receiver board.

I do need to change the admin address soon. Because of how my procmail scripts are set up with my spam solution, anything to riocar_admin gets by the filter.

For catching spam, I use SpamBayes on Outlook

Sorry, Tony. Thanks for the help setting up POPFile, but I loved how Spambayes installed, configured, and ran on another computer. I've now switched to Outlook, despite having no need for the features it offers over OE.

One question: do I need to keep the messages it identifies as spam for any sort of training purpose, or is it done with them and they're free to delete?

By the way, I gave Thunderbird a shot. It just didn't do it for me. I also don't want those seperate sectiosn for each account. It looked nice, but I just didn't care for it.

It always makes sense to hang onto a good selection of spam messages, just in case you need to move to another system in the future, or in case your current system craps out and corrupts its database or something. It is much easier to get up and running with any of these Bayesian filters if you have spam and non-spam to train it on to start with.

I keep all my spam and non-spam. Anything that ends up in my spam folder gets archived away each day (so that it is outside of my mail boxes so things don't slow down). Any mail that I put in the trash also gets archived away as non-spam (I don't ever put spam in the trash folder).

I then have a bunch of data that I can feed at BogoFilter once every nine months when it comes time to rebuild my spam/non-spam databases because they come up with a better way to analyse the data. I feed the current contents of my filter folder and my archived trash in as non-spam and my archived spam as spam.

That is 150Mb of zipped spam so far and 60Mb of zipped trash (if I trash something big it doesn't get archived).

I really don't know how I managed before Bayesian filtering came along.

Yeah, that's probably what I'll end up doing too. I've definitely not gotten rid of my non-trach emails, but I was thinking of holding on to them now.

So the answer would be no, they don't need to be in the SPAM folder to keep the program working. I have no problem with archiving them away, but I'd like to clean it out every once and a while.

What do you use to archive? Are you using Outlook? How do you do it?

I use an IMAP server on my Linux box to store my mail, all the filtering happens there. I have a bunch of Unix shell scripts that do the archiving and are run automatical (for example I have one that watches two folders that I drop misidentified spam and non-spam into and reclassifies them correctly).

Outlook allows you to schedule archiving actions into another set of personal folders. That's not quite the same though...

I keep all my spam and non-spam

I used to do this, but lately I have a combination of things for spam prevention. With Postfix, I have my e-mail address, then the ability to have infinite aliases with no server side changes. So, I sign up for a new web board for example with drakino_newwebboard and I can get the initial e-mail needed to activate the account. Now, if that address gets harvested by someone and I get spam, I tell my procmail file to throw anything to that address away. If needed, I can just go to the board and change the e-mail to drakino_newwebboard2 to keep getting board notices.

Helpes quite a bit for server side IMAP filtering too. I can just say toss anything to drakino_bank into my bank notices folder.

ability to have infinite aliases with no server side changes

Yeah, I do the same with qmail: [email protected] goes to me, which makes it easier to filter email from a particular source.

Where it gets annoying is that Outlook doesn't (unlike mutt) provide any hooks when replying to emails, or sending to particular addresses, for setting the From address accordingly.

Maybe I can do something server-side on the way out, I don't know.

I'd be amazed if you can't do it with every bit of Unix mail server software. I do it with Sendmail and never realised there was anything special about it.

Until you've tried to do things with MS Exchange (esp. versions prior to 5.5), you truly don't appreciate the "specialness" of ye ol' Sendmail.

Maybe, but in my experience Sendmail and Exchange have one feature in common, there are both keen to drop all your mail down a black hole at the slightest sign of a misconfiguration. I have always thought this was an odd design choice...

N.B. I haven't used Exchange as an admin since before 5.5, so it might have got better in this regard, but I doubt it

Yeah. I do appreciate the "specialness" of Sendmail which is why I use Postfix Exim or Postfix is a much better option that Sendmail in my opinion. The rules for Postfix don't look like the line noise you get in Sendmail as well.

The rules for Postfix don't look like the line noise you get in Sendmail as well

Well, you have to remember when Sendmail was written, and for what purpose. And what Eric most probably was smoking at the time

I find Eric's comment "sendmail took the approach that it should try to accept, clean up, and deliver even very 'crufty' messages instead of rejecting them because they didn't meet some protocol" (from http://www.busan.edu/~nic/networking/sendmail/prf1_03.htm ) somewhat ironic given that any time I screw up a sendmail configuration the end result is mail disappearing without trace

Thankfully I only have to touch sendmail config files about once every 18 months (which probably also explains why I screw it up every time), in between times it just keeps working...

That's weird. I've never seen sendmail drop messages on the ground except in cases of extreme misconfiguration.

I must have an extreme talent for screwing it up then

Yeah...I've had it pipe messages straight into the bit hole when messing with the sendmail.cf rules. I was working on a mail to fax gateway at the time.

Most of the time, however, when something's misconfigured, the messages just get dumped to root.