Thread: A plague of link spam ...
I've been seeing more and more link spam getting through on the PG
lists; this past week there's been about one a day. It might or might
not be relevant that just about every single one of them is from
yahoo.com accounts. (I am only about one or two more spams away from
summarily blocking all yahoo traffic from my own mail server, btw.
They account for easily a third of all the spam I'm seeing lately.)
Can't we adjust the spam filters to be a bit more wary of traffic like
the attached? Single body line consisting of a URL is not legitimate
list traffic IMO.
regards, tom lane
------- Forwarded Message
Received: from malur.postgresql.org (malur.postgresql.org [217.196.149.56])
by sss.pgh.pa.us (8.14.5/8.14.5) with ESMTP id r2FI4jeo023992
for <tgl@sss.pgh.pa.us>; Fri, 15 Mar 2013 14:04:45 -0400 (EDT)
Received: from localhost ([127.0.0.1] helo=postgresql.org)
by malur.postgresql.org with smtp (Exim 4.72)
(envelope-from <pgsql-general-owner+M195698=tgl=sss.pgh.pa.us@postgresql.org>)
id 1UGYzk-0001MU-Ms
for tgl@sss.pgh.pa.us; Fri, 15 Mar 2013 18:04:44 +0000
Received: from makus.postgresql.org ([2001:4800:7903:4::125])
by malur.postgresql.org with esmtp (Exim 4.72)
(envelope-from <bbrown_cppm@yahoo.com>)
id 1UGYx9-0008F9-DB
for pgsql-general@postgresql.org; Fri, 15 Mar 2013 18:02:03 +0000
Received: from nm36-vm5.bullet.mail.ne1.yahoo.com ([98.138.229.117])
by makus.postgresql.org with esmtp (Exim 4.72)
(envelope-from <bbrown_cppm@yahoo.com>)
id 1UGYx6-0004b2-OV
for pgsql-general@postgresql.org; Fri, 15 Mar 2013 18:02:02 +0000
Received: from [98.138.90.51] by nm36.bullet.mail.ne1.yahoo.com with NNFMP; 15 Mar 2013 18:02:00 -0000
Received: from [98.138.89.160] by tm4.bullet.mail.ne1.yahoo.com with NNFMP; 15 Mar 2013 18:01:59 -0000
Received: from [127.0.0.1] by omp1016.mail.ne1.yahoo.com with NNFMP; 15 Mar 2013 18:01:59 -0000
X-Yahoo-Newman-Property: ymail-3
X-Yahoo-Newman-Id: 708102.93702.bm@omp1016.mail.ne1.yahoo.com
Received: (qmail 55717 invoked by uid 60001); 15 Mar 2013 18:01:59 -0000
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s1024; t=1363370519;
bh=TTU3gPj289rVhRO1vkLxVw3FvciQZ+g8DGLOuc3yKww=;
h=X-YMail-OSG:Received:X-Rocket-MIMEInfo:X-Mailer:Message-ID:Date:From:Reply-To:Subject:To:MIME-Version:Content-Type;
b=Fi1DoyTrgVVj/4IwcGv1t8i++Qmdi5rdgjuUfa075eywulD/Lh5vgqNEFHalmFkVsYTScKuU3YjpjkwliptUV6tY0L42jEBx7hG9O0TKA6EgfLucDP7Vda067AzCEFbcNYryhFHcSZJS/kN51gxTJi0O2xApz92GsyHLIfymPzo=
DomainKey-Signature:a=rsa-sha1; q=dns; c=nofws;
s=s1024; d=yahoo.com;
h=X-YMail-OSG:Received:X-Rocket-MIMEInfo:X-Mailer:Message-ID:Date:From:Reply-To:Subject:To:MIME-Version:Content-Type;
b=RTEwpKyuWjhSj627T6WJneVz9kZ7HblOAx5AwO3LFRBL5Zv65qdroxlUzjfWKHi4w5bKxCUupCvKOiJR1/B1iQiP65ktiOvtHfb28WSf7qN0mkPIA+qwcjD2eQ9YC5LBUPZuCwoIh8xZehZTROadWwNAJMZLW3OjtqMK9wSx7pA=;
X-YMail-OSG: kFKJGHkVM1kxAalTfVBTYxSDs5NMT7zfH14Fe3X6PSWiWEk
otSXThWl0vAE2_bK4t8ihwoN2blEAYVocx_DpguJ1Z5o0n4FFqNrSFU8YBAl
xZVt8jQgaSILlWp4GspK0pOvy.XruJdyjGVy_rDvsoHV77FWKeBWkZAv.zsp
ivnaUJ4waXzrWmenpEnsoxiuHLD3ssw6XcHQc200jbxVvCjA0Hoid0qDNziD
9Mzk8tEdT3Pj3RgSElAl9m3Nn.fUY6L_LfMxihIsMef71nPCPvLt2J3AC3._
W_04U3g5mVc_taV29B3ntciTlTSc7uz9p3gij7eD2OuvFZ1PHve1mYD1fRl2
TP79.DIGVMQ_xu4ZB4RRpHSYH6D2Jj52NMzGAjGITehItQgbQ6xVMPw6uHak
B0vjWBVmB57AVktKnND808teICOQPvu6jbBMf9s3isW0w_pKAurKLtZVuiNC
Du1Cz1Y5fV0tYjPMC.C_s1iqCKavjTVeIId7Pa_Wam7QFc6p_w0GxqJGkdAZ
lYiExt8JkmPHe13vaxdY5MagpT.I6vylLki1E9Jn4236wrJiNRpTpTaH5Noo
jbqK.afkr62q6vlSTuI1_U2Qfl9b6.q.7YMy6m_.Anh27U_Bo9hcycw1o.g-
-
Received: from [189.81.120.107] by web120003.mail.ne1.yahoo.com via HTTP; Fri, 15 Mar 2013 11:01:59 PDT
X-Rocket-MIMEInfo: 002.001,ICAgIApodHRwOi8vc3RhZ2dlY2lrdGlyaWNpc3ByZXkubmV0L3hzcS9xcWt6b3d6em5tYXQBMAEBAQE-
X-Mailer: YahooMailWebService/0.8.137.519
Message-ID: <1363370519.49230.YahooMailNeo@web120003.mail.ne1.yahoo.com>
Date: Fri, 15 Mar 2013 11:01:59 -0700 (PDT)
From: Bob Brown <bbrown_cppm@yahoo.com>
Reply-To: Bob Brown <bbrown_cppm@yahoo.com>
Subject: [GENERAL] link
To: jim <jim@jimsrepower.com>, bob brown <bob.brown@choicepoint.com>,
ed mann <ed.mann@arctechnologies.net>,
mwittekiend <mwittekiend@ameritech.net>,
lesa <lesa@scsinternational.com>,
pgsql general <pgsql-general@postgresql.org>
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="-1007318780-374093466-1363370519=:49230"
X-Pg-Spam-Score: -0.4 (/)
List-Archive: <http://archives.postgresql.org/pgsql-general>
List-Help: <mailto:majordomo@postgresql.org?body=help>
List-ID: <pgsql-general.postgresql.org>
List-Owner: <mailto:pgsql-general-owner@postgresql.org>
List-Post: <mailto:pgsql-general@postgresql.org>
List-Subscribe: <mailto:majordomo@postgresql.org?body=sub%20pgsql-general>
List-Unsubscribe: <mailto:majordomo@postgresql.org?body=unsub%20pgsql-general>
X-Mailing-List: pgsql-general
Precedence: bulk
Sender: pgsql-general-owner@postgresql.org
---1007318780-374093466-1363370519=:49230
Content-Type: text/plain; charset=us-ascii
http://staggeciktiricisprey.net/xsq/qqkzowzznmat
---1007318780-374093466-1363370519=:49230
Content-Type: text/html; charset=us-ascii
<html><body><div style="color:#000; background-color:#fff; font-family:tahoma, new york, times,
serif;font-size:10pt"><div><spanstyle="font-family: arial,helvetica,sans-serif;"><span class="tab"><span
style="font-size:18px;"> </span></span></span><br><span style="font-size: 18px;"><a
href="http://staggeciktiricisprey.net/xsq/qqkzowzznmat">http://staggeciktiricisprey.net/xsq/qqkzowzznmat</a></span></div></div></body></html>
---1007318780-374093466-1363370519=:49230--
------- End of Forwarded Message
Tom Lane wrote: > I've been seeing more and more link spam getting through on the PG > lists; this past week there's been about one a day. It might or might > not be relevant that just about every single one of them is from > yahoo.com accounts. (I am only about one or two more spams away from > summarily blocking all yahoo traffic from my own mail server, btw. > They account for easily a third of all the spam I'm seeing lately.) Yeah, I have removed the subscriptions for these addresses on sight. Sadly, it seems unused Yahoo accounts are ripe for malfeasants to pick. We removed hundreds of old, unused Yahoo and Hotmail addresses when we moved the listserver, but evidently new ones keep popping up. (It's a bit funny that old addresses can be created anew.) > Can't we adjust the spam filters to be a bit more wary of traffic like > the attached? Single body line consisting of a URL is not legitimate > list traffic IMO. I'll let Stefan chime in on this. -- Álvaro Herrera http://www.2ndQuadrant.com/ PostgreSQL Development, 24x7 Support, Training & Services
On 03/15/2013 07:16 PM, Tom Lane wrote: > I've been seeing more and more link spam getting through on the PG > lists; this past week there's been about one a day. It might or might > not be relevant that just about every single one of them is from > yahoo.com accounts. (I am only about one or two more spams away from > summarily blocking all yahoo traffic from my own mail server, btw. > They account for easily a third of all the spam I'm seeing lately.) yeah abuse on yahoo accounts is really bad, but I don't think we can block those in general... > > Can't we adjust the spam filters to be a bit more wary of traffic like > the attached? Single body line consisting of a URL is not legitimate > list traffic IMO. I will see what I can do, alvaro and I have some ideas on how to improve our current filtering but doing that without blocking (too much) legimate mail requires careful testing and evaluation... Stefan
Stefan Kaltenbrunner <stefan@kaltenbrunner.cc> writes:
> On 03/15/2013 07:16 PM, Tom Lane wrote:
>> (I am only about one or two more spams away from
>> summarily blocking all yahoo traffic from my own mail server, btw.
>> They account for easily a third of all the spam I'm seeing lately.)
> yeah abuse on yahoo accounts is really bad, but I don't think we can
> block those in general...
TBH, I think Yahoo doesn't give a damn about their spam problem because
they think they're too big for anybody to block them. It's not going to
get better until some people start to do so anyway.
regards, tom lane
On 03/15/2013 09:46 PM, Tom Lane wrote: > Stefan Kaltenbrunner <stefan@kaltenbrunner.cc> writes: >> On 03/15/2013 07:16 PM, Tom Lane wrote: >>> (I am only about one or two more spams away from >>> summarily blocking all yahoo traffic from my own mail server, btw. >>> They account for easily a third of all the spam I'm seeing lately.) > >> yeah abuse on yahoo accounts is really bad, but I don't think we can >> block those in general... > > TBH, I think Yahoo doesn't give a damn about their spam problem because > they think they're too big for anybody to block them. It's not going to > get better until some people start to do so anyway. yeah yahoo seems to be unable to deal with them - there is tons of discussions about the yahoo DKIM-signed-"only a link" spam on the spamassassin lists for example and some people consider it the "#1 spam problem" there... However - I still don't think we can seriously consider blocking all of yahoo inbound - what do others think about this? Stefan
On 16 Mar 2013, at 18:34, Stefan Kaltenbrunner <stefan@kaltenbrunner.cc> wrote: > On 03/15/2013 09:46 PM, Tom Lane wrote: >> Stefan Kaltenbrunner <stefan@kaltenbrunner.cc> writes: >>> On 03/15/2013 07:16 PM, Tom Lane wrote: >>>> (I am only about one or two more spams away from >>>> summarily blocking all yahoo traffic from my own mail server, btw. >>>> They account for easily a third of all the spam I'm seeing lately.) >> >>> yeah abuse on yahoo accounts is really bad, but I don't think we can >>> block those in general... >> >> TBH, I think Yahoo doesn't give a damn about their spam problem because >> they think they're too big for anybody to block them. It's not going to >> get better until some people start to do so anyway. > > yeah yahoo seems to be unable to deal with them - there is tons of > discussions about the yahoo DKIM-signed-"only a link" spam on the > spamassassin lists for example and some people consider it the "#1 spam > problem" there... > > > However - I still don't think we can seriously consider blocking all of > yahoo inbound - what do others think about this? > Sooner or later someone has to make a stand. Disclaimer: I'm with Devrim in London. And England just lost to Wales.
On 16/03/2013 18:48, Dave Page wrote: > > > On 16 Mar 2013, at 18:34, Stefan Kaltenbrunner <stefan@kaltenbrunner.cc> wrote: > >> On 03/15/2013 09:46 PM, Tom Lane wrote: >>> Stefan Kaltenbrunner <stefan@kaltenbrunner.cc> writes: >>>> On 03/15/2013 07:16 PM, Tom Lane wrote: >>>>> (I am only about one or two more spams away from >>>>> summarily blocking all yahoo traffic from my own mail server, btw. >>>>> They account for easily a third of all the spam I'm seeing lately.) >>> >>>> yeah abuse on yahoo accounts is really bad, but I don't think we can >>>> block those in general... >>> >>> TBH, I think Yahoo doesn't give a damn about their spam problem because >>> they think they're too big for anybody to block them. It's not going to >>> get better until some people start to do so anyway. >> >> yeah yahoo seems to be unable to deal with them - there is tons of >> discussions about the yahoo DKIM-signed-"only a link" spam on the >> spamassassin lists for example and some people consider it the "#1 spam >> problem" there... >> >> >> However - I still don't think we can seriously consider blocking all of >> yahoo inbound - what do others think about this? >> > > Sooner or later someone has to make a stand. > > Disclaimer: I'm with Devrim in London. And England just lost to Wales. And a cracker of a match it was too... and Wales was the only team that Ireland managed to beat this year... :-) Ray. -- Raymond O'Donnell :: Galway :: Ireland rod@iol.ie
Dave Page <dpage@pgadmin.org> writes:
> On 16 Mar 2013, at 18:34, Stefan Kaltenbrunner <stefan@kaltenbrunner.cc> wrote:
>> On 03/15/2013 09:46 PM, Tom Lane wrote:
>>> Stefan Kaltenbrunner <stefan@kaltenbrunner.cc> writes:
>>>> On 03/15/2013 07:16 PM, Tom Lane wrote:
>>>>> (I am only about one or two more spams away from
>>>>> summarily blocking all yahoo traffic from my own mail server, btw.
>>>>> They account for easily a third of all the spam I'm seeing lately.)
>> However - I still don't think we can seriously consider blocking all of
>> yahoo inbound - what do others think about this?
> Sooner or later someone has to make a stand.
TBH I wasn't (very) seriously suggesting we institute such a block on
the project's mailing lists, only remarking that I was about ready
to do so for my own mail. But I'm well known for having draconian
filtering in place.
What I *would* like to see on the lists is some attempt at catching
link spam, because more and more of that has been getting through
lately. I'm not sure all of it has been from yahoo accounts.
regards, tom lane
On 03/16/2013 07:56 PM, Tom Lane wrote: > Dave Page <dpage@pgadmin.org> writes: >> On 16 Mar 2013, at 18:34, Stefan Kaltenbrunner <stefan@kaltenbrunner.cc> wrote: > >>> On 03/15/2013 09:46 PM, Tom Lane wrote: >>>> Stefan Kaltenbrunner <stefan@kaltenbrunner.cc> writes: >>>>> On 03/15/2013 07:16 PM, Tom Lane wrote: >>>>>> (I am only about one or two more spams away from >>>>>> summarily blocking all yahoo traffic from my own mail server, btw. >>>>>> They account for easily a third of all the spam I'm seeing lately.) > >>> However - I still don't think we can seriously consider blocking all of >>> yahoo inbound - what do others think about this? > >> Sooner or later someone has to make a stand. > > TBH I wasn't (very) seriously suggesting we institute such a block on > the project's mailing lists, only remarking that I was about ready > to do so for my own mail. But I'm well known for having draconian > filtering in place. > > What I *would* like to see on the lists is some attempt at catching > link spam, because more and more of that has been getting through > lately. I'm not sure all of it has been from yahoo accounts. working on it, spent a few hours yesterday and today to work on our filtering but it is not as easy as simply declaring "everything that is a very short mail and has a url in it is bad". We do have regular mailbox users (in the same namespaces as the list) as do we have lists that want to receive such stuff (say the sysadmin list getting an email about a failed http download from a cronjob with basically just the url). Stefan
Stefan Kaltenbrunner <stefan@kaltenbrunner.cc> writes:
> On 03/16/2013 07:56 PM, Tom Lane wrote:
>> What I *would* like to see on the lists is some attempt at catching
>> link spam, because more and more of that has been getting through
>> lately. I'm not sure all of it has been from yahoo accounts.
> working on it, spent a few hours yesterday and today to work on our
> filtering but it is not as easy as simply declaring "everything that is
> a very short mail and has a url in it is bad".
> We do have regular mailbox users (in the same namespaces as the list) as
> do we have lists that want to receive such stuff (say the sysadmin list
> getting an email about a failed http download from a cronjob with
> basically just the url).
Maybe that could be dealt with by whitelisting the expected senders
of such traffic? Or maybe we could get away with blacklisting url-only
mails from yahoo and anyplace else that proves to be a problem?
regards, tom lane
Tom Lane wrote: > Dave Page <dpage@pgadmin.org> writes: > > On 16 Mar 2013, at 18:34, Stefan Kaltenbrunner <stefan@kaltenbrunner.cc> wrote: > > >> On 03/15/2013 09:46 PM, Tom Lane wrote: > >>> Stefan Kaltenbrunner <stefan@kaltenbrunner.cc> writes: > >>>> On 03/15/2013 07:16 PM, Tom Lane wrote: > >>>>> (I am only about one or two more spams away from > >>>>> summarily blocking all yahoo traffic from my own mail server, btw. > >>>>> They account for easily a third of all the spam I'm seeing lately.) > > >> However - I still don't think we can seriously consider blocking all of > >> yahoo inbound - what do others think about this? > > > Sooner or later someone has to make a stand. > > TBH I wasn't (very) seriously suggesting we institute such a block on > the project's mailing lists, only remarking that I was about ready > to do so for my own mail. But I'm well known for having draconian > filtering in place. The valid traffic from Yahoo is fairly low -- less than one a day. It bothers me too that link spam is getting through. We have a great record of very clean traffic. I'm happy to hear that Stefan is working more on improving it, thanks. -- Álvaro Herrera http://www.2ndQuadrant.com/ PostgreSQL Development, 24x7 Support, Training & Services
<p dir="ltr"><br /> On Mar 17, 2013 12:39 AM, "Alvaro Herrera" <<a href="mailto:alvherre@2ndquadrant.com">alvherre@2ndquadrant.com</a>>wrote:<br /> ><br /> > Tom Lane wrote:<br />> > Dave Page <<a href="mailto:dpage@pgadmin.org">dpage@pgadmin.org</a>> writes:<br /> > > > On 16Mar 2013, at 18:34, Stefan Kaltenbrunner <stefan@kaltenbrunner.cc> wrote:<br /> > ><br /> > > >>On 03/15/2013 09:46 PM, Tom Lane wrote:<br /> > > >>> Stefan Kaltenbrunner <stefan@kaltenbrunner.cc>writes:<br /> > > >>>> On 03/15/2013 07:16 PM, Tom Lane wrote:<br /> >> >>>>> (I am only about one or two more spams away from<br /> > > >>>>> summarilyblocking all yahoo traffic from my own mail server, btw.<br /> > > >>>>> They account for easilya third of all the spam I'm seeing lately.)<br /> > ><br /> > > >> However - I still don't thinkwe can seriously consider blocking all of<br /> > > >> yahoo inbound - what do others think about this?<br/> > ><br /> > > > Sooner or later someone has to make a stand.<br /> > ><br /> > > TBHI wasn't (very) seriously suggesting we institute such a block on<br /> > > the project's mailing lists, only remarkingthat I was about ready<br /> > > to do so for my own mail. But I'm well known for having draconian<br />> > filtering in place.<br /> ><br /> > The valid traffic from Yahoo is fairly low -- less than one a day.<br/> ><br /> > It bothers me too that link spam is getting through. We have a great<br /> > record of veryclean traffic. I'm happy to hear that Stefan is working<br /> > more on improving it, thanks.<br /> ><p dir="ltr">Ifit's less than one per day, perhaps we can just auto moderate *all* mail from yahoo, at least as a temporarymeasure? <p dir="ltr">/Magnus
On 03/16/2013 11:56 AM, Tom Lane wrote: > Dave Page <dpage@pgadmin.org> writes: >> On 16 Mar 2013, at 18:34, Stefan Kaltenbrunner <stefan@kaltenbrunner.cc> wrote: > >>> On 03/15/2013 09:46 PM, Tom Lane wrote: >>>> Stefan Kaltenbrunner <stefan@kaltenbrunner.cc> writes: >>>>> On 03/15/2013 07:16 PM, Tom Lane wrote: >>>>>> (I am only about one or two more spams away from >>>>>> summarily blocking all yahoo traffic from my own mail server, btw. >>>>>> They account for easily a third of all the spam I'm seeing lately.) > >>> However - I still don't think we can seriously consider blocking all of >>> yahoo inbound - what do others think about this? > >> Sooner or later someone has to make a stand. > We would lose the occasional post for Jan. JD -- Command Prompt, Inc. - http://www.commandprompt.com/ PostgreSQL Support, Training, Professional Services and Development High Availability, Oracle Conversion, Postgres-XC @cmdpromptinc - 509-416-6579
On 2013-03-17 11:24:50 -0700, Joshua D. Drake wrote: > >>Sooner or later someone has to make a stand. > > > > We would lose the occasional post for Jan. Kevin seems to use some yahoo service as well, judging from the message-ids in his mails. Greetings, Andres Freund -- Andres Freund http://www.2ndQuadrant.com/PostgreSQL Development, 24x7 Support, Training & Services
-----BEGIN PGP SIGNED MESSAGE----- Hash: RIPEMD160 Stefan Kaltenbrunner asked: > However - I still don't think we can seriously consider > blocking all of yahoo inbound - what do others think about this? I think that is a bad idea. Many, many people still use yahoo.com accounts, and yahoo's behavior is certainly not bad enough to warrant punishing all of those people. pgsql-general alone has about 50 subscribers using yahoo accounts. Too big of a hammer for the OP's problem, IMO. Why not have single URL posts get thrown in the moderation queue? - -- Greg Sabino Mullane greg@turnstep.com PGP Key: 0x14964AC8 201303231051 http://biglumber.com/x/web?pk=2529DF6AB8F79407E94445B4BC9B906714964AC8 -----BEGIN PGP SIGNATURE----- iEYEAREDAAYFAlFNwbUACgkQvJuQZxSWSsjYnwCg/XFO2KgBFN8Z58u3k88HoKwI TlwAnjrAPmoQH1zkG5XeuytaTvO4r+Hs =NaRn -----END PGP SIGNATURE-----