DrBacchus' Journal

The .gif attachment spam has reached an absurd level - spam messages embedded in gif images in otherwise blank email messages. Often animated gifs. I'm getting *hundreds* of them a day.

So ...

In /etc/postfix/mime_header_checks.regexp I've added:

/(file)?name=\"?.*\.(gif|GIF)\"?/ REJECT Sorry, I can no longer accept gif file attachments, due to the unscrupulous folks embedding spam in images.

And then in /etc/postfix/main.cf I have:

mime_header_checks = regexp:/etc/postfix/mime_header_checks.regexp

I appear to be dropping one of these every 3-5 seconds.

I really hate spammers.

I looked at a half-dozen Postfix/SpamAssassin howtos today. Unsurprisingly, the simplest one turned out to be the one that worked. Occam wins again.

Starting Tuesday evening, I will be incommunicado for a week, or as long as I can stand to be offline. I'll be going way out into the woods, with no electricity, no internet, and probably out of cell phone range for much of the time, although I imagine I'll find somewhere with cell coverage at least once a day.

I expect that when I come back, I'll have roughly 15,000 email messages, of which perhaps as many as 20 will be something I actually want to read. Ok, I'll be generous. 25.

I've been getting more and more spam lately, and nothing that I do to filter it seems to make any difference at all. I'm currently running SpamAssassin, a plethora of Postfix rules, and client-side Thunderbird filtering. Yet still, more than 90% of everything that winds up in my inbox is spam. I'm finally coming around to believing that email is worthless as a means of communication, but I don't know what can replace it. I keep hoping that spammers will collectively realize that they are killing their golden goose, but clearly they aren't that bright.

Also, I've noticed that the spammers who have succeeded in obfuscating their email so that it can get past my filters have finally reached the point where their messages are completely illegible. I have absolutely no idea what most of them are selling, or how to go about buying it if I did understand. And, I'm told, this makes up more than half of all the traffic on teh intarweb. While it's reasonably clear to me that this is criminal, I can't imagine any way that this could ever be prosecuted. :-(

I don't know why I read the comments on Slashdot. It just depresses me. How can people *be* so stupid?

Yes, most of the time I read slashdot at +5, so that I only get the top-level idiocy. But when the article is about me, I want to see what people had to say. I really should save myself the trouble.

Something like 75% of the comments were complaints about the fact that it was in PDF, or misinformed remarks about the font that I used. It's not Comic Sans, by the way, but I fail to see why it makes so much difference even if it was. Folks need to get over themselves a little bit. Your font preferences are preferences. They are not scripture.

Of the few comments that actually had to do with the presentation itself, probably 2/3 of them completely missed the point. This was a lightning talk. That means that I had 5 minutes to convey a point. The fact that I left out technical details, glossed over some points, made tongue-in-cheek remarks, and told a few half-truths are a side-effect of the presentation medium. The more detailed version of the presentation will come over the next few weeks.

And for the morons who felt the need to make the "then go fix it" remark, if you had paid attention you would have noticed that I have fixed several of the things, and other folks are working on some of the others. And of course if you had been there, you would have heard that as part of the presentation itself.

You are not obliged to make comments on things that you don't understand. It's best to keep your ignorance to yourself.

I have a "four strikes and you're out" policy on spammers. That is, I have a process which watches my mail logs, and if a host sends four messages to invalid recipients at my domains, they get added to my firewall deny list. What amazes me is that this cuts my inbound mail from about 30 messages per minute to about 5 or 6 messages per minute. So not only is the overwhelming of all my inbound email traffic spammy, but 80 or 90+ percent of it is to completely invalid addresses.

Long ago, there seemed to be a lot of people selling lists of valid email addresses that you could send your junk to. Now, it seems sufficient to just make up addresses, in the hopes that a few in a thousand might actually work.

Can you imagine how much faster your network connection would be if there weren't *millions* of pieces of worthless email travelling to completely bogus email addresses per second? And, of course, the return traffic of that message being rejected.

I know, I rant about spam all the time. It just makes me very angry that people are getting away with this, and that many of them seem to think that it's a perfectly legitimate business practice.

Yesterday, at a customer site, I removed 572 items of spyware, adware, viruses, and other malicious code from a desktop machine. While it's likely that some of these things were installed intentionally, most of them installed themseves as a side-effect of various pop-up windows, email messages, advertisements, and network-propagated garbage. This, too, is just not right, and should be labelled criminal. But, since there's absolutely no way to enforce this, let alone regulate it, really the only thing that can be done is to make the operating system a little less open-arms-welcoming about what kind of garbage it is willing to install without out so much as a "if you please."

Meanwhile, as I've been writing this, my mail server has rejected more than 50 messages that were identified as spam, as well as blocking more than 400 messages that were destined to completely invalid addresses.