Thread: Egad, what a lot of spammage
May I suggest that someone shut off the usenet -> PG mail list gateway
until the current forgery attack subsides? Alternatively, has anyone
got a filter that recognizes pseudo-Christian ranting?
regards, tom lane
Tom Lane wrote: > May I suggest that someone shut off the usenet -> PG mail list gateway > until the current forgery attack subsides? Alternatively, has anyone > got a filter that recognizes pseudo-Christian ranting? Did I miss something? I haven't seen anything. Joshua D. Drake > > regards, tom lane > > ---------------------------(end of broadcast)--------------------------- > TIP 2: Don't 'kill -9' the postmaster >
"Joshua D. Drake" <jd@commandprompt.com> writes:
> Did I miss something? I haven't seen anything.
You didn't get a dozen or three variants of the below?
It seems to have subsided now, but I was getting them at the rate of
maybe one a minute for some time there. All forged in the name of
real PG subscribers, which no doubt is how they got through the
filters. I imagine the list moderators will be looking at some
unpleasantly long queues of stuff that didn't get through the filters...
regards, tom lane
Return-Path: pgsql-general-owner+m126954=tgl=sss.pgh.pa.us@postgresql.org
Delivery-Date: Tue Jan 15 23:18:44 2008
Received: from postgresql.org (postgresql.org [200.46.204.71])by sss.pgh.pa.us (8.14.1/8.14.1) with ESMTP id
m0G4Ihis017580for<tgl@sss.pgh.pa.us>; Tue, 15 Jan 2008 23:18:43 -0500 (EST)
Received: from localhost (unknown [200.46.204.182])by postgresql.org (Postfix) with ESMTP id 29DA42E2D3Afor
<tgl@sss.pgh.pa.us>;Wed, 16 Jan 2008 00:18:43 -0400 (AST)
Received: from postgresql.org ([200.46.204.71])by localhost (mx1.hub.org [200.46.204.182]) (amavisd-maia, port
10024)withESMTP id 94174-01-9 for <tgl@sss.pgh.pa.us>;Wed, 16 Jan 2008 00:18:41 -0400 (AST)
Received: from postgresql.org (postgresql.org [200.46.204.71])by postgresql.org (Postfix) with ESMTP id 68C452E4352for
<tgl@sss.pgh.pa.us>;Wed, 16 Jan 2008 00:04:27 -0400 (AST)
Received: from localhost (unknown [200.46.204.187])by postgresql.org (Postfix) with ESMTP id BE30D2E318Afor
<pgsql-general-postgresql.org@postgresql.org>;Tue, 15 Jan 2008 23:53:58 -0400 (AST)
Received: from postgresql.org ([200.46.204.71])by localhost (mx1.hub.org [200.46.204.187]) (amavisd-maia, port
10024)withESMTP id 14192-09 for <pgsql-general-postgresql.org@postgresql.org>;Tue, 15 Jan 2008 23:53:50 -0400 (AST)
Received: from news.hub.org (news.hub.org [200.46.204.72])by postgresql.org (Postfix) with ESMTP id 8F6962E2FA7for
<pgsql-general@postgresql.org>;Tue, 15 Jan 2008 23:53:57 -0400 (AST)
Received: from news.hub.org (news.hub.org [200.46.204.72])by news.hub.org (8.14.1/8.14.1) with ESMTP id
m0G3rna1017353for<pgsql-general@postgresql.org>; Tue, 15 Jan 2008 23:53:50 -0400 (AST)(envelope-from
news@news.hub.org)
Received: (from news@localhost)by news.hub.org (8.14.1/8.14.1/Submit) id m0G3TMim002237for
pgsql-general@postgresql.org;Tue, 15 Jan 2008 23:29:22 -0400 (AST)(envelope-from news)
From: Hannes Dorbath <light@theendofthetunnel.de>
X-Newsgroups: sci.engr.joining.welding,pgsql.general
Subject: Re: [GENERAL] Segmentation fault with 8.3 FTS ISpell
Date: Wed, 16 Jan 2008 00:52:25 GMT
Organization: Hub.Org Networking Services
Lines: 27
Message-ID: <eodwe0$5e8p$5@news.hub.org>
References: <fmi409$7t2$1@news.hub.org> <20080115121647.GB4473@alvh.no-ip.org> <478CB412.3060408@theendofthetunnel.de>
X-Complaints-To: newsadmin@interware.hu
To: pgsql-general@postgresql.org
X-Virus-Scanned: Maia Mailguard 1.0.1
X-Mailing-List: pgsql-general
List-Archive: <http://archives.postgresql.org/pgsql-general>
List-Help: <mailto:majordomo@postgresql.org?body=help>
List-ID: <pgsql-general.postgresql.org>
List-Owner: <mailto:pgsql-general-owner@postgresql.org>
List-Post: <mailto:pgsql-general@postgresql.org>
List-Subscribe: <mailto:majordomo@postgresql.org?body=sub%20pgsql-general>
List-Unsubscribe: <mailto:majordomo@postgresql.org?body=unsub%20pgsql-general>
Precedence: bulk
Sender: pgsql-general-owner@postgresql.org
with
the imagination that it is, therefore, obscure and, on the contrary, that
what is to prove it is clear, and so we understand it easily.
41. Epigrams of Martial.--Man loves malice, but not against one-eyed men nor
the unfortunate, but against the fortunate and proud. People are mistaken in
thinking otherwise.
For lust is the source of all our actions, and humanity, etc. We must please
those who have humane and tender feelings. That epigram about two one-eyed
people is worthless, for it does not console them and only gives a point to
the author's glory. All that is only for the sake of the author is
worthless. Ambitiosa recident ornamenta.[4]
42. To call a king "Prince" is pleasing, because it diminishes his rank.
43. Certain authors, speaking of their works, say: "My book," "My
commentary," "My history," etc. They resemble middle-class people who have a
house of their own and always have "My house" on their tongue. They would do
better to say: "Our book," "Our commentary," "Our history," etc., because
there is in them usually more of other people's than their own.
44. Do you wish people to believe good of you? Don't speak.
45. Languages are
---------------------------(end of broadcast)---------------------------
TIP 3: Have you checked our extensive FAQ?
http://www.postgresql.org/docs/faq
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Wed, 16 Jan 2008 00:25:19 -0500 Tom Lane <tgl@sss.pgh.pa.us> wrote: > "Joshua D. Drake" <jd@commandprompt.com> writes: > > Did I miss something? I haven't seen anything. > > You didn't get a dozen or three variants of the below? Uhh, no and I think I would have remembered ;). That is odd though, because I don't use any spam filtering at all except for grey listing. And I am pretty sure Marc has grey listing setup too so if it didn't get to me it shouldn't have got to you. Sincerely, Joshua D. Drake - -- The PostgreSQL Company: Since 1997, http://www.commandprompt.com/ Sales/Support: +1.503.667.4564 24x7/Emergency: +1.800.492.2240 Donate to the PostgreSQL Project: http://www.postgresql.org/about/donate SELECT 'Training', 'Consulting' FROM vendor WHERE name = 'CMD' -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) iD8DBQFHjZhBATb/zqfZUUQRAp+sAJ9KHZSg+wx4vgczZzkncQKvzgc9iACgkZHi 8QDwql09RZGjKAS+liTOReA= =/U4Q -----END PGP SIGNATURE-----
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Wed, 16 Jan 2008 00:25:19 -0500 Tom Lane <tgl@sss.pgh.pa.us> wrote: > "Joshua D. Drake" <jd@commandprompt.com> writes: > > Did I miss something? I haven't seen anything. > > You didn't get a dozen or three variants of the below? > > It seems to have subsided now, but I was getting them at the rate of > maybe one a minute for some time there. All forged in the name of > real PG subscribers, which no doubt is how they got through the > filters. I imagine the list moderators will be looking at some > unpleasantly long queues of stuff that didn't get through the > filters... I take it back, I found them. A couple came through from a Sim Zacks. I actually wasn't following the thread which is why I didn't see them. Good lord. I wonder if it would be possible to restrict the gateway so that if the only way it gets through is if the post "only" posts to pgsql. groups. The email headers I read show him also posting (not the real Sim Zacks of course) to rec.skydiving and pgsql.general . Sincerely, Joshua D. Drake - -- The PostgreSQL Company: Since 1997, http://www.commandprompt.com/ Sales/Support: +1.503.667.4564 24x7/Emergency: +1.800.492.2240 Donate to the PostgreSQL Project: http://www.postgresql.org/about/donate SELECT 'Training', 'Consulting' FROM vendor WHERE name = 'CMD' -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) iD8DBQFHjZl7ATb/zqfZUUQRAkeuAJ0YsCCRYwy2vVoUQnKbhGqTxSzbZACgintU 1TyCtGZmpIzX9dkrXsQvktg= =NIxH -----END PGP SIGNATURE-----
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - --On Tuesday, January 15, 2008 21:43:23 -0800 "Joshua D. Drake" <jd@commandprompt.com> wrote: > I wonder if it would be possible to restrict the gateway so that if > the only way it gets through is if the post "only" posts to pgsql. > groups. I'll get that setup tonight ... I disabled usenet->mail last night (mail->usenet still active) when Tom paged me ... - ---- Marc G. Fournier Hub.Org Networking Services (http://www.hub.org) Email . scrappy@hub.org MSN . scrappy@hub.org Yahoo . yscrappy Skype: hub.org ICQ . 7615664 -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.4 (FreeBSD) iD8DBQFHjfmb4QvfyHIvDvMRAve+AJ42vG10xZiOmmabLaeXKdUFnI1n0QCfSYUq FvHObg1ehbZgIUA1ejvRLOA= =NgO8 -----END PGP SIGNATURE-----
-----BEGIN PGP SIGNED MESSAGE----- Hash: RIPEMD160 > You didn't get a dozen or three variants of the below? Did not get a single one. Gotta love spam filtering services. It would be nice if we implemented heavier filtering and drop such messages before they even go to the queue (see below). > It seems to have subsided now, but I was getting them at the rate of > maybe one a minute for some time there. All forged in the name of > real PG subscribers, which no doubt is how they got through the > filters. I imagine the list moderators will be looking at some > unpleasantly long queues of stuff that didn't get through the filters... Actually, it wasn't that bad. Only four messages were of that type, while about 90 were the usual viagra/stopsmoking/makemoneynow variety. I'd love to see those dropped unceremoniously before even making it to the queue, as the great majority of them are not 'tricky' and should be picked up by any spam filtering software. I used to be in the camp of leaning towards lenience just so we don't accidentally throw out a legitimate message from a non-subscriber, but at this point, I don't think it is worth the extra hassle. More importantly, the sheer volume of things to moderate probably means that it is more likely that a moderation error will cause a real message to be dropped than a stricter spam filter. - -- Greg Sabino Mullane greg@turnstep.com PGP Key: 0x14964AC8 200801160837 http://biglumber.com/x/web?pk=2529DF6AB8F79407E94445B4BC9B906714964AC8 -----BEGIN PGP SIGNATURE----- iD8DBQFHjgnsvJuQZxSWSsgRA86kAJ0TV4Pp0zc903mwtUaXbrlK7c57cQCeIirH dCXyLUs8btvyz1Od0fYz18Q= =X8Qa -----END PGP SIGNATURE-----
Greg Sabino Mullane wrote: > Actually, it wasn't that bad. Only four messages were of that type, > while about 90 were the usual viagra/stopsmoking/makemoneynow variety. 90? Wow. pgsql-hackers and the other lists I moderate certainly do not get that sort of traffic. As moderator I did not see any of the pseudo-Christian type Tom is complaining about (I did get about a dozen of them as a subscriber of course). > I'd love to see those dropped unceremoniously before even making > it to the queue, as the great majority of them are not 'tricky' and > should be picked up by any spam filtering software. I used to be in > the camp of leaning towards lenience just so we don't accidentally > throw out a legitimate message from a non-subscriber, but at this > point, I don't think it is worth the extra hassle. More importantly, > the sheer volume of things to moderate probably means that it is > more likely that a moderation error will cause a real message to be > dropped than a stricter spam filter. Actually, I have received several complaints from people whose messages are lost in the void. It's annoying because there's no way to figure out why they were discarded. So I vote against making the rules stronger. -- Alvaro Herrera http://www.CommandPrompt.com/ The PostgreSQL Company - Command Prompt, Inc.
On Wed, Jan 16, 2008 at 08:33:31AM -0400, Marc G. Fournier wrote: > > - --On Tuesday, January 15, 2008 21:43:23 -0800 "Joshua D. Drake" > <jd@commandprompt.com> wrote: > > > I wonder if it would be possible to restrict the gateway so that if > > the only way it gets through is if the post "only" posts to pgsql. > > groups. > > I'll get that setup tonight ... I disabled usenet->mail last night > (mail->usenet still active) when Tom paged me ... Do we have any statistics of how many *legitimate* posts actually come thruogh that way? That aren't spam of any kind? //Magnus
Magnus Hagander wrote: > On Wed, Jan 16, 2008 at 08:33:31AM -0400, Marc G. Fournier wrote: >> - --On Tuesday, January 15, 2008 21:43:23 -0800 "Joshua D. Drake" >> <jd@commandprompt.com> wrote: >> >>> I wonder if it would be possible to restrict the gateway so that if >>> the only way it gets through is if the post "only" posts to pgsql. >>> groups. >> I'll get that setup tonight ... I disabled usenet->mail last night >> (mail->usenet still active) when Tom paged me ... > > Do we have any statistics of how many *legitimate* posts actually come > thruogh that way? That aren't spam of any kind? Even if we do it would be easy enough to say.. Hey if you are posting to rec.arts.wannabe.a.bondage.queen and pgsql.general, that the post is likely offtopic. If it is really a concern we could open the filter up to allow pgsql. and any comp. Sincerely, Joshua D. Drake > > //Magnus >
"Joshua D. Drake" <jd@commandprompt.com> writes:
> Magnus Hagander wrote:
>> Do we have any statistics of how many *legitimate* posts actually come
>> thruogh that way? That aren't spam of any kind?
There are quite a number of regular contributors who prefer to read the
lists via usenet. We can't just permanently shut down that link; I only
suggested it as a temporary measure until this spam attack could be
brought under control.
> Even if we do it would be easy enough to say.. Hey if you are posting to
> rec.arts.wannabe.a.bondage.queen and pgsql.general, that the post is
> likely offtopic.
Agreed, though probably stuff in comp.databases.* ought to be allowed.
regards, tom lane
On Wed, Jan 16, 2008 at 10:47:32AM -0500, Tom Lane wrote: > "Joshua D. Drake" <jd@commandprompt.com> writes: > > Magnus Hagander wrote: > >> Do we have any statistics of how many *legitimate* posts actually come > >> thruogh that way? That aren't spam of any kind? > > There are quite a number of regular contributors who prefer to read the > lists via usenet. We can't just permanently shut down that link; I only > suggested it as a temporary measure until this spam attack could be > brought under control. Well, you could still read it there, provided the user agent supported posting through email instead. (No, I have no idea if that's possible, just threw the question out. If people use it, we shuold certainly not just take it away) //Magnus
Greg Sabino Mullane wrote: ... > Actually, it wasn't that bad. Only four messages were of that type, > while about 90 were the usual viagra/stopsmoking/makemoneynow variety. > I'd love to see those dropped unceremoniously before even making > it to the queue, as the great majority of them are not 'tricky' and > should be picked up by any spam filtering software. I used to be in > the camp of leaning towards lenience just so we don't accidentally > throw out a legitimate message from a non-subscriber, but at this > point, I don't think it is worth the extra hassle. More importantly, > the sheer volume of things to moderate probably means that it is > more likely that a moderation error will cause a real message to be > dropped than a stricter spam filter. Personally I'd prefer them to be rejected inband so the legitimate sender learns about the problem and reformulate the message accordingly. Spam filters should never just receive messages and then put them in black hole. Just my 1e-10EUR. Tino
Magnus Hagander wrote: > On Wed, Jan 16, 2008 at 08:33:31AM -0400, Marc G. Fournier wrote: > > > > - --On Tuesday, January 15, 2008 21:43:23 -0800 "Joshua D. Drake" > > <jd@commandprompt.com> wrote: > > > > > I wonder if it would be possible to restrict the gateway so that if > > > the only way it gets through is if the post "only" posts to pgsql. > > > groups. > > > > I'll get that setup tonight ... I disabled usenet->mail last night > > (mail->usenet still active) when Tom paged me ... > > Do we have any statistics of how many *legitimate* posts actually come > thruogh that way? That aren't spam of any kind? I don't know about statistics, but I did a simple search on the headers and there certainly is people using the gateway to post. -- Alvaro Herrera http://www.CommandPrompt.com/ The PostgreSQL Company - Command Prompt, Inc.
On 16/01/2008, Tino Wildenhain <tino@wildenhain.de> wrote: > Personally I'd prefer them to be rejected inband so the legitimate > sender learns about the problem and reformulate the message accordingly. The problem with that is that for 1 legitimate message, there's a dozen or more from harvested addresses, the real owners of which won't have a clue what the bounce message is about. /D
Alvaro Herrera <alvherre@commandprompt.com> writes:
> I don't know about statistics, but I did a simple search on the headers
> and there certainly is people using the gateway to post.
Without the gateway, we'd end up with two separate on-line communities
for Postgres. Doesn't sound like a good idea.
regards, tom lane
Tom Lane wrote: > Alvaro Herrera <alvherre@commandprompt.com> writes: >> I don't know about statistics, but I did a simple search on the headers >> and there certainly is people using the gateway to post. > > Without the gateway, we'd end up with two separate on-line communities > for Postgres. Doesn't sound like a good idea. > I doubt that there is a significant number of users on usenet for PostgreSQL. Sincerely, Joshua D. Drake
On Wed, 16 Jan 2008, Dave Page wrote: > On 16/01/2008, Tino Wildenhain <tino@wildenhain.de> wrote: >> Personally I'd prefer them to be rejected inband so the legitimate >> sender learns about the problem and reformulate the message accordingly. > > The problem with that is that for 1 legitimate message, there's a > dozen or more from harvested addresses, the real owners of which won't > have a clue what the bounce message is about. Same applies to virus' ... most are forged emails, so sending an email back to the Sender saying 'your computer is infect' would both generate alot of traffic, and confuse the hell out of the person that didn't send the message in the first place :(
User Scrappy wrote: > > > On Wed, 16 Jan 2008, Dave Page wrote: > >> On 16/01/2008, Tino Wildenhain <tino@wildenhain.de> wrote: >>> Personally I'd prefer them to be rejected inband so the legitimate >>> sender learns about the problem and reformulate the message accordingly. >> >> The problem with that is that for 1 legitimate message, there's a >> dozen or more from harvested addresses, the real owners of which won't >> have a clue what the bounce message is about. > > Same applies to virus' ... most are forged emails, so sending an email back > to the Sender saying 'your computer is infect' would both generate alot of > traffic, and confuse the hell out of the person that didn't send the > message in the first place :( Perhaps we could reject SPF failures? At least people with SPF-enabled domains would not need to get bogus bounces. -- Alvaro Herrera http://www.CommandPrompt.com/ The PostgreSQL Company - Command Prompt, Inc.
"Joshua D. Drake" <jd@commandprompt.com> writes:
> Tom Lane wrote:
>> Without the gateway, we'd end up with two separate on-line communities
>> for Postgres. Doesn't sound like a good idea.
> I doubt that there is a significant number of users on usenet for
> PostgreSQL.
You're very mistaken, sir. I know because I routinely get email from
people who are using usenet to read the lists. (I can tell because
instead of a cc: to the list, there's a Newsgroup: header. It's fairly
obvious to me because when I reply, I find I have to create a cc:
manually.) One example of a fairly well-known contributor who does it
that way is the guy who posts as Andrew @ Supernews ... you want to cut
him off?
regards, tom lane
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Wed, 16 Jan 2008 12:26:03 -0500 Tom Lane <tgl@sss.pgh.pa.us> wrote: > "Joshua D. Drake" <jd@commandprompt.com> writes: > > Tom Lane wrote: > >> Without the gateway, we'd end up with two separate on-line > >> communities for Postgres. Doesn't sound like a good idea. > > > I doubt that there is a significant number of users on usenet for > > PostgreSQL. > > You're very mistaken, sir. I know because I routinely get email from > people who are using usenet to read the lists. (I can tell because routinely does not equate to significant number of users, which was my point. > instead of a cc: to the list, there's a Newsgroup: header. It's > fairly obvious to me because when I reply, I find I have to create a > cc: manually.) One example of a fairly well-known contributor who > does it that way is the guy who posts as Andrew @ Supernews ... you > want to cut him off? Of course not but I wonder... <linuxpoet> AndrewSN: ping <AndrewSN> linuxpoet: pong <AndrewSN> linuxpoet: what, you mean if the nntp gateway was down? <linuxpoet> right <AndrewSN> linuxpoet: no, I probably wouldn't <linuxpoet> sigh Well obviously that confirms it. So basically we leave the gateway open. Sincerely, Joshua D. Drake - -- The PostgreSQL Company: Since 1997, http://www.commandprompt.com/ Sales/Support: +1.503.667.4564 24x7/Emergency: +1.800.492.2240 Donate to the PostgreSQL Project: http://www.postgresql.org/about/donate SELECT 'Training', 'Consulting' FROM vendor WHERE name = 'CMD' -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) iD8DBQFHjkgsATb/zqfZUUQRAgLGAJ96+dNS2VDlP8ox9zY1+yiMmhwRvQCfZYAN +M4xiGxZCQDnkxiVXMJhxPA= =tTy9 -----END PGP SIGNATURE-----