SPAM detection for freeware MX 4.2
Vance Haemmerle
latest patches and the Anti-open relay modifications.
Is there anyone else out there still using MX 4.2?
Last summer SPAM seemed to grow enormously, for me
up to about 200-300 SPAM messages a day. I used the
MX_SMTP_SERVER_DEBUG variable and looked at the traffic.
Most of the SPAM messages could be easily detected
by bad HELO hostnames (e.g. localhost or my own
domain or host or IP) and invalid usernames. Some
usernames in SPAM messges were actually usenet message
IDs that I could even find in the original usenet post
in Google Groups.
I made modifications to the anti-relay version of
SMTP_SERVER.B32, about 300 lines, and came up with
several methods to reduce SPAM as well as added an
optional usage of a DNS blackhole list to reject
messages from hosts that are in the list. Using all
the anti-SPAM messages and the blackhole list
"zen.spamhaus.org" my SPAM was reduced by about 85-90%.
Since then the SPAM has reduced and now I only get a
few a day.
I know that rejecting email based on the HELO
message isn't good according to the RFCs but looking
at what's on the Internet, I see many doing it
and the seriousness of the SPAM problem is making
it popular.
Here is my documentation on how to use it:
-------------------------------------------------------------------
New SPAM filter functionality for MX 4.2:
Logical: MX_SMTP_SERVER_DNSBL
Defines the name of the SPAM DNS Blackhole list to use.
MX will take the remote address and check the blackhole
list specified. If found on the list, the email will be
rejected at the RCPT_TO command with the error:
554 Mail rejected; remote host is listed in SPAM DNS blackhole list <...>
where <...> is the value of MX_SMTP_SERVER_DNSBL
Logical: MX_SMTP_SERVER_SPAMCODE
Defines which SPAM rules to use in filtering.
Value is the sum of the rules as follows:
Rule
1 Reject connections which use localhost as the HELO domain and
the connection does not originate from 127.0.0.1 or connections
which use localhost.localdomain. These will be rejected with
the status:
554 Fix your HELO domain, localhost usually means SPAM.
2 Reject connections which use your hostname as the HELO domain
and who's originating IP does not match. This includes connections
using your host IP number. These will be rejected with the status:
554 Fix your HELO domain, using mine usually means SPAM.
4 Reject connections which do not use a fully qualified domain as
the HELO domain. Specifically, the name must contain a "." or it
will be rejected with the status:
504 Not a fully qualified domain name, usually means SPAM.
8 Reject RCPT_TO addresses who's local part does not contain a ":" and
is greater than 12 characters (the max VMS username) for the case where
the remote server is not in the relay.dat list (i.e. the RCPT_TO should
be directed to the local system). These will be rejected with the status:
550 Username is not valid on this system.
-------------------------------------------------------------------
Would people be interested in these new features? I see that
madgoat.com no longer exists. What would the authors think of me
distributing my changes?
I also found a bug in compiling MX on VAX with the BLISS compiler.
I had to add the option "/SYNTAX_LEVEL=2" to BFLAGS in DESCRIP.MMS
for VAX so that the alias lines compiled without error.
--
Vance Haemmerle
Jan-Erik Söderholm
> I've been using MX 4.2 for almost a decade, with the
> latest patches and the Anti-open relay modifications.
> Is there anyone else out there still using MX 4.2?
Well, yes, I'm "still" using MX 4.2 since installing
it about 2 weeks ago... :-)
(I have been using the 3.x version(s) about 15 yrs ago,
but that's another story.)
I'd be intrerested in your changes.
I see a lot of mails from users like :
<iyzg...@yahoo.com>, <rokp...@yahoo.com>
<djg...@yahoo.com> and so on.
Only Yahoo adresses for some reason...
Jan-Erik.
Joseph Huber
> I've been using MX 4.2 for almost a decade, with the
> latest patches and the Anti-open relay modifications.
> Is there anyone else out there still using MX 4.2?
<snip>
> Would people be interested in these new features? I see that
> madgoat.com no longer exists. What would the authors think of me
> distributing my changes?
>
> I also found a bug in compiling MX on VAX with the BLISS compiler.
> I had to add the option "/SYNTAX_LEVEL=2" to BFLAGS in DESCRIP.MMS
> for VAX so that the alias lines compiled without error.
Just a coincidence (or a near miss ?):
MX 6 is now open source, see
http://www.openvms.org/stories.php?story=08/02/05/9642981
and
http://forums12.itrc.hp.com/service/forums/questionanswer.do?threadId=1190006
--
Joseph Huber - http://www.huber-joseph.de
Bill Gunshannon
Jan-Erik Söderholm <jan-erik....@telia.com> writes:
> Vance Haemmerle wrote:
>> I've been using MX 4.2 for almost a decade, with the
>> latest patches and the Anti-open relay modifications.
>> Is there anyone else out there still using MX 4.2?
>
> Well, yes, I'm "still" using MX 4.2 since installing
> it about 2 weeks ago... :-)
>
> (I have been using the 3.x version(s) about 15 yrs ago,
> but that's another story.)
>
> I'd be intrerested in your changes.
> I see a lot of mails from users like :
> <iyzg...@yahoo.com>, <rokp...@yahoo.com>
> <djg...@yahoo.com> and so on.
> Only Yahoo adresses for some reason...
>
Gee, that looks easy to fix. Block yahoo.com. :-)
And, before someone asks, yes, I would.
bill
--
Bill Gunshannon | de-moc-ra-cy (di mok' ra see) n. Three wolves
bi...@cs.scranton.edu | and a sheep voting on what's for dinner.
University of Scranton |
Scranton, Pennsylvania | #include <std.disclaimer.h>
VAXman-
>I've been using MX 4.2 for almost a decade, with the
>latest patches and the Anti-open relay modifications.
>Is there anyone else out there still using MX 4.2?
>
>Last summer SPAM seemed to grow enormously, for me
>up to about 200-300 SPAM messages a day. I used the
>MX_SMTP_SERVER_DEBUG variable and looked at the traffic.
>Most of the SPAM messages could be easily detected
>by bad HELO hostnames (e.g. localhost or my own
>domain or host or IP) and invalid usernames. Some
>usernames in SPAM messges were actually usenet message
>IDs that I could even find in the original usenet post
>in Google Groups.
I've notice a *marked* increase in SPAM since the holidays. Probably all
of those new _V_isual _I_nterface _S_imilar _T_o _A_pple boxes foisted on
the hapless as holiday presents without knowledge of how to properly sec-
ure them prior to putting them on the internet.
Regardless, if you visit http://www.MadGoat.com you will see that Matt has
put the sources up for MX 6.0 and other MagGoat products. This may help
you with your present SPAM issues.
--
VAXman- A Bored Certified VMS Kernel Mode Hacker VAXman(at)TMESIS(dot)COM
"Well my son, life is like a beanstalk, isn't it?"
VAXman-
>In article <yBWrj.3740$R_4....@newsb.telia.net>,
> Jan-Erik Söderholm <jan-erik....@telia.com> writes:
>> Vance Haemmerle wrote:
>>> I've been using MX 4.2 for almost a decade, with the
>>> latest patches and the Anti-open relay modifications.
>>> Is there anyone else out there still using MX 4.2?
>>
>> Well, yes, I'm "still" using MX 4.2 since installing
>> it about 2 weeks ago... :-)
>>
>> (I have been using the 3.x version(s) about 15 yrs ago,
>> but that's another story.)
>>
>> I'd be intrerested in your changes.
>> I see a lot of mails from users like :
>> <iyzg...@yahoo.com>, <rokp...@yahoo.com>
>> <djg...@yahoo.com> and so on.
>> Only Yahoo adresses for some reason...
>>
>
>Gee, that looks easy to fix. Block yahoo.com. :-)
>
>And, before someone asks, yes, I would.
I have. I have put the email addresses of a few people I know using Yahoo
on a whilelist but the volume of crap coming from Yahoo.com warranted, IMO,
blocking that whole domain. It will be absolutely necessary, IMHO, if/when
M$ acquired Yahoo.
Peter 'EPLAN' LANGSTOeGER
>madgoat.com no longer exists. What would the authors think of me
>distributing my changes?
Matt (the author) has made MX V5 (know, the one with Anti-SPAM) freeware now.
Why not take it, and improve it (for all of us)
--
Peter "EPLAN" LANGSTOEGER
Network and OpenVMS system specialist
E-mail pe...@langstoeger.at
A-1030 VIENNA AUSTRIA I'm not a pessimist, I'm a realist
Jan-Erik Söderholm
> In article <qrVrj.14699$EZ3....@nlpi070.nbdc.sbc.com>, Vance Haemmerle <va...@toyvax.Glendale.CA.US> writes:
>> Would people be interested in these new features? I see that
>> madgoat.com no longer exists. What would the authors think of me
>> distributing my changes?
>
> Matt (the author) has made MX V5 (know, the one with Anti-SPAM) freeware now.
>
> Why not take it, and improve it (for all of us)
>
Is the free V5 what is called "V6" ?
Jan-Erik.
Vance Haemmerle
Thanks for pointing me to this, I missed it. The last time I
checked madgoat.com, a few weeks ago, it was still "under construction"
and site of the former Madgoat Software.
At least I was using my changes for the last 7 months.
My SMTP server is on a VAX and I don't think MX 6 supports VAX.
--
Vance
Vance Haemmerle
> In article <qrVrj.14699$EZ3....@nlpi070.nbdc.sbc.com>, Vance Haemmerle <va...@toyvax.Glendale.CA.US> writes:
>
>>I've been using MX 4.2 for almost a decade, with the
>>latest patches and the Anti-open relay modifications.
>>Is there anyone else out there still using MX 4.2?
>>
>>Last summer SPAM seemed to grow enormously, for me
>>up to about 200-300 SPAM messages a day. I used the
>>MX_SMTP_SERVER_DEBUG variable and looked at the traffic.
>>Most of the SPAM messages could be easily detected
>>by bad HELO hostnames (e.g. localhost or my own
>>domain or host or IP) and invalid usernames. Some
>>usernames in SPAM messges were actually usenet message
>>IDs that I could even find in the original usenet post
>>in Google Groups.
>
>
> I've notice a *marked* increase in SPAM since the holidays. Probably all
> of those new _V_isual _I_nterface _S_imilar _T_o _A_pple boxes foisted on
> the hapless as holiday presents without knowledge of how to properly sec-
> ure them prior to putting them on the internet.
>
> Regardless, if you visit http://www.MadGoat.com you will see that Matt has
> put the sources up for MX 6.0 and other MagGoat products. This may help
> you with your present SPAM issues.
>
>
Thanks for the pointer. My changes to the SMTP_SERVER for
MX V4.2 have been working pretty well over the last 7 months
and I wanted to see if anyone wanted them. I guess the
preferred option for those on Itanium or Alpha would be MX 6.
--
Vance
Peter 'EPLAN' LANGSTOEGER
It looks like.
Matt seems to call it V6 now (to tell, that it now supports I64 as well ;-)
I don't know if there are any differences to my MX V5.4 (ECO x), will have
to check myself soon (when my I64 finally boots)...
Martin Vorlaender
> Joseph Huber wrote:
>> MX 6 is now open source, see
>> http://www.openvms.org/stories.php?story=08/02/05/9642981
>> and
>> http://forums12.itrc.hp.com/service/forums/questionanswer.do?threadId=1190006
> At least I was using my changes for the last 7 months.
> My SMTP server is on a VAX and I don't think MX 6 supports VAX.
It could be well worth a look. In the 00README.TXT file, Matt writes:
"I have removed the kitting for VAX systems, although the source code
still contains VAX support."
cu,
Martin
--
One OS to rule them all | Martin Vorlaender | OpenVMS rules!
One OS to find them | work: m...@pdv-systeme.de
One OS to bring them all | http://vms.pdv-systeme.de/users/martinv/
And in the Darkness bind them.| home: martin.v...@t-online.de
Bob Koehler
I do. And I block AOL, Hotmail, Comcast, ...
Except for a few AOL and Comcast accounts on my whitelist.
It's just too easy for a spammer to get an account on those systems,
violate thier rules, throw away the account, get another, ... as
infinitum.
Not to mention the number of unsecured PCs on those network, which
spammers have taken over without thier owner's knowledge or concern.
"People wouldn't attack your system if you didn't have that firewall."
8-(
Bob Gezelter
wrote:
Vance,
I would like to second Peter's suggestion that this modification be
checked against the V6 sources. While apparently the kit does not
exist, we should be able to recompile V6 for VAX and then have all the
advantages your work and the other improvements that were in the
interim versions of MX.
- Bob Gezelter, http://www.rlgsc.com
Vance Haemmerle
> Vance Haemmerle <va...@toyvax.Glendale.CA.US> wrote:
>
>>Joseph Huber wrote:
>>
>>>MX 6 is now open source, see
>>> http://www.openvms.org/stories.php?story=08/02/05/9642981
>>>and
>>>http://forums12.itrc.hp.com/service/forums/questionanswer.do?threadId=1190006
>
> ...
>
>>At least I was using my changes for the last 7 months.
>>My SMTP server is on a VAX and I don't think MX 6 supports VAX.
>
>
> It could be well worth a look. In the 00README.TXT file, Matt writes:
> "I have removed the kitting for VAX systems, although the source code
> still contains VAX support."
>
> cu,
> Martin
That's good. The release notes for V5.4 said the next version
would not suppport VAX.
--
Vance
Vance Haemmerle
> Vance Haemmerle wrote:
>
>> I've been using MX 4.2 for almost a decade, with the
>> latest patches and the Anti-open relay modifications.
>> Is there anyone else out there still using MX 4.2?
>
>
> Well, yes, I'm "still" using MX 4.2 since installing
> it about 2 weeks ago... :-)
>
> (I have been using the 3.x version(s) about 15 yrs ago,
> but that's another story.)
>
> I'd be intrerested in your changes.
http://toyvax.glendale.ca.us/www/mx_spam.html
--
Vance
Jan-Erik Söderholm
OK, fine.
I have also fetched the 6.0 kit, so we'll see which way I'll go.
Thanks anyway !
Jan-Erik.
Tom Linden
I wonder if there is any difference between 5.4 and 6.0?
>
> Jan-Erik.
>
--
PL/I for OpenVMS
www.kednos.com
Jan-Erik Söderholm
The 6.0 rel-notes mentions two "changes" from 5.4, it's
freeware and there are no supplied VAX build scripts.
Jan-Erik.
Ruslan R. Laishev
-ERROR-(404): i/o error
Requested method: GET
Requested URL: /www/mx_spam.zip
HTTP protocol: HTTP/1.0
-------- additional request headers --------
Host: toyvax.glendale.ca.us
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.12)
Gecko/20080201 SeaMonkey/1.1.8
Accept:
text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Language: ru
Accept-Encoding: gzip,deflate
Accept-Charset: KOI8-R,utf-8;q=0.7,*;q=0.7
Connection: close
Referer: http://toyvax.glendale.ca.us/www/mx_spam.html
--
+ WBR, OpenVMS [Sys|Net] HardWorker ................ ICQ# 319518233 +
Delta Telecom JSC, IMT-MC-450(CDMA2000) cellular operator
Russia,191119,St.Petersburg,Transportny per. 3 Cel: +7 (812) 716-3222
+http://starlet.deltatelecom.ru ............. Frying on OpenVMS only +
E .T.
http://www.panoramio.com/photo/4940173
"Jan-Erik Söderholm" <jan-erik....@telia.com> a écrit dans le message de news:
pFctj.3845$R_4....@newsb.telia.net...