[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Ipsec] spam

To: ipsec@lists.tislabs.com
Subject: Re: [Ipsec] spam
From: Chris Trobridge <chris.trobridge@aepsystems.com>
Date: Mon, 07 Jun 2004 17:31:33 +0100
Cc:
In-reply-to: <874qpnz8cf.fsf@snark.piermont.com>
List-help: <mailto:ipsec-request@ietf.org?subject=help>
List-id: IP Security <ipsec.ietf.org>
List-post: <mailto:ipsec@ietf.org>
List-subscribe: <https://www1.ietf.org/mailman/listinfo/ipsec>,<mailto:ipsec-request@ietf.org?subject=subscribe>
List-unsubscribe: <https://www1.ietf.org/mailman/listinfo/ipsec>,<mailto:ipsec-request@ietf.org?subject=unsubscribe>
References: <87pt8fysjy.fsf@snark.piermont.com> <6B5C5093-B7DF-11D8-8E09-000393AD410A@netvision.net.il> <877juknh3b.fsf@snark.piermont.com> <16580.30484.622649.604495@gargle.gargle.HOWL> <874qpnz8cf.fsf@snark.piermont.com>
Sender: ipsec-bounces@ietf.org
User-agent: Mozilla Thunderbird 0.5 (Windows/20040207)

Perry E. Metzger wrote:

Paul Koning <pkoning@equallogic.com> writes:

 Perry> However, those of us who run mailing lists find that although
 Perry> anyone "can" forge a list member's address, it is almost
 Perry> unheard of that it actually happens. Restricting my lists to
 Perry> subscribers only has eliminated 100% of the spam going to
 Perry> them.

That certainly would not be true for the IPsec list -- I've looked
over enough IPsec message headers to say that.  FOr IPsec, the
percentage of forged addresses is clearly quite large.


Not if you exclude viruses. The amount of spam from forged addresses
is nil -- the virus activity is separate.

However, the viruses are trivially blocked with a rule matching a
regular expression like this:

/^Content-(Type|Disposition):.*(file)?name=.*\.(asd|bat|chm|cmd|com|cpl|dll|exe|hlp|hta|js|jse|lnk|ocx|pif|rar|scr|shb|shm|shs|vb|vbe|vbs|vbx|vxd|wsf|wsh|zip)/

My machines block all email matching that regexps and as a result I
see no viruses at all.

What I'm seeing is that all the virused emails are being detected (by a Gauntlet firewall) and I'm just getting reports about the virus being removed. IT says we don't run the firewall. My guess is that it's been checked before it reaches the IETF list server. The emails I've looked at are coming from valid addresses and are addressed to the tislab list address.

All the 'spam' I've seen is addressed from ipsec@lists.tislabs.com to the same address.

Chris

**********************************************************************
This email and any files transmitted with it are confidential and
intended solely for the use of the individual or entity to whom they
are addressed. If you have received this email in error please notify
the system manager.

This footnote also confirms that this email message has been swept for the presence of computer viruses.
*****************************************************************************

_______________________________________________
Ipsec mailing list
Ipsec@ietf.org
https://www1.ietf.org/mailman/listinfo/ipsec

Follow-Ups:
- END OF DISCUSSION: Re: [Ipsec] spam
  - From: Paul Hoffman / VPNC <paul.hoffman@vpnc.org>

References:
- [Ipsec] spam
  - From: "Perry E. Metzger" <perry@piermont.com>
- Re: [Ipsec] spam
  - From: Yoav Nir <ynir@netvision.net.il>
- Re: [Ipsec] spam
  - From: "Perry E. Metzger" <perry@piermont.com>
- Re: [Ipsec] spam
  - From: Paul Koning <pkoning@equallogic.com>
- Re: [Ipsec] spam
  - From: "Perry E. Metzger" <perry@piermont.com>

Prev by Date: Re: [Ipsec] Qos issue related to rfc2401bis
Next by Date: END OF DISCUSSION: Re: [Ipsec] spam
Previous by thread: Re: [Ipsec] spam
Next by thread: END OF DISCUSSION: Re: [Ipsec] spam
Index(es):
- Date
- Thread