The ..... worm

Running mozilla on linux and having my mail processed by postini,
_http://www.postini.com_, I haven't had any problems other that lots of
quarantined mail at postini. Having the mail quarantined off site saves
bandwith as well.

I work at an ISP and we use postini for all email that ends up on our
mail servers.

We used to run Spam Assassin for all our mail, but since we moved to
postini our bandwith savings have been great. I still have Spam Assassin
running for my account but postini is so good that I only get about 1%
of the UE {unsolicited email} that makes it through and Spam Assassin
usualy catches about half of the ones that make it through. In a week I
usaualy get about one UE to my inbox, 5 into my Spam Assassin mail box
and about 500 quarantined at postini. Now that I ahve my white lists
setup at postine I only get one or two legitimate messages captured per
week. I normaly get around 5000-10,000 messages a week, so the time
savings of having all UE quarantined off site where I can delete them
without downloading them save a lot of time and bandwidth.

I don't work for, or get kick backs for, Postini. They are worth while
looking into especialy for medium to large organizations, because they
keep their virus checkers and UE algorithms up to date and most large to
medium sized organizations can recoup their postini costs with their
savings in bandwidth, and lost productivity of staff having to download
and pick out the UE from the real mail, possibly getting infected by a
virus while doing so.

NOTE: I use UE so that Hormel {http://www.spam.com/} doesn't get upset
with me ;-)

Guy

PS Keep your worm to your self :-D

Dennis Gearon wrote:

On 22/08/2003 22:18 Dennis Gearon wrote:

<OT about the worm>
Jeessh, a lot of people have my email address.

I have received about 500 copies of the worm in the last 24 hours. My
mail spool at work was sooooo full I couldn't get out or relay or
anything. The wierd part is that it's my work address, and I'm
subscribed to almost all my lists through the address above or my
previous home address. YEARS ago I was using the work address for lists,
but not for a LOOOOOOOOOOOONG time.
</OT about the worm>

Asuming you mean Sobig-9...

From what I've read, the US seems to have suffered the major hit with
this email virus although it it must be spreading to the UK today as it's
now officially news over here.

I had about 5 or 6 copies sent on Tuesday but nothing since. I used to be
paranoid but now I know everybody hates me :)

OTOH, the Blaster worm seems to be doing a positive social service as I've
noticed a massive drop in Code Red "get default.ida.." requests to the web
server on my DSL line.

-- 
Paul Thomas
+------------------------------+---------------------------------------------+
| Thomas Micro Systems Limited | Software Solutions for the Smaller 
Business |
| Computer Consultants         | 
http://www.thomas-micro-systems-ltd.co.uk   |
+------------------------------+---------------------------------------------+

Thing is, in my case it wasn't due to that many people, most were mainly
from one guy at rr.com

Common header:

Received: from LANCE (cs6711150-130.satx.rr.com [67.11.150.130])

And he was the source of 260 in one day, total so far = 609!

Really not sure why that happened - shouldn't the worm be sending to many
and not blast just one address. Is it blasting 500 copies to each person on
all the lists- but how's that going to make it spread faster.

At 02:18 PM 8/22/2003 -0700, Dennis Gearon wrote:

Lincoln Yeoh <lyeoh@pop.jaring.my> writes:

Thing is, in my case it wasn't due to that many people, most were
mainly from one guy at rr.com

Common header:

Received: from LANCE (cs6711150-130.satx.rr.com [67.11.150.130])

^^^^^

You should filter on this string (which MUST contain a dot according
to RFC 2821). You can do this by rejecting HELO/EHLO commands which
lack a ".". Be sure to activate this filter only for mail received
from the Internet; your local Windows clients might generate it, too.

On Fri, 22 Aug 2003 14:18:19 -0700
Dennis Gearon <gearond@fireserve.net> wrote:

I don't have it, but I did get a spam from gearond@oit.edu or was that
real?

Why does this list even use real addresses? Why not have From and To the same?
i.e. pgsql-general@postgresql.org

Is it a social issue or technical? I'd be surprised if it was the latter.

On Wed, Aug 27, 2003 at 15:49:26 -0700,
expect <expect@ihubbell.com> wrote:

Why does this list even use real addresses? Why not have From and To the same?
i.e. pgsql-general@postgresql.org

Is it a social issue or technical? I'd be surprised if it was the latter.

As you have been told previously, not everyone who posts to these lists
are on the lists and their address is needed to get replies.

On Wed, 27 Aug 2003 22:35:17 -0500
Bruno Wolff III <bruno@wolff.to> wrote:

On Wed, Aug 27, 2003 at 15:49:26 -0700,
expect <expect@ihubbell.com> wrote:

Why does this list even use real addresses? Why not have From and To the same?
i.e. pgsql-general@postgresql.org

Is it a social issue or technical? I'd be surprised if it was the latter.

As you have been told previously, not everyone who posts to these lists
are on the lists and their address is needed to get replies.

Really? I don't remember anyone pointing that out.
Anyway it's a social issue then...it's unfortunate. Since signing on to the
list my inbox is looking a lot worse than I've ever seen it.

Other lists I subscribe to do not suffer from the spam plague in the way this
list does. I wish I'd known that before signing on rather than after.
<shrug>

expect <expect@ihubbell.com> writes:

Other lists I subscribe to do not suffer from the spam plague in the way this
list does. I wish I'd known that before signing on rather than after.

[ raised eyebrow ] I subscribe to many mailing lists. On most of the
other lists I have to apply spam filtering to what arrives, but the PG
lists are very nearly spam-free (thanks to Marc's hard work). I dunno
what you are complaining about.

regards, tom lane

On Thu, Aug 28, 2003 at 12:17:21AM -0400, Tom Lane wrote:

expect <expect@ihubbell.com> writes:

Other lists I subscribe to do not suffer from the spam plague in the way this
list does. I wish I'd known that before signing on rather than after.

[ raised eyebrow ] I subscribe to many mailing lists. On most of the
other lists I have to apply spam filtering to what arrives, but the PG
lists are very nearly spam-free (thanks to Marc's hard work). I dunno
what you are complaining about.

It is a valid complaint. The fact was that the archives (at least on
archives.postgresql.org) kept the email addresses verbatim, right in front
of the eyes of any spammer's web crawler.

Fortunately, Cristoph Dalitz's repeated complaints have finally caused
Marc to reconfigure MHonArc so it won't publish the addresses.

You are right in that there is very little spam coming from the lists
themselves...

--
Alvaro Herrera (<alvherre[a]dcc.uchile.cl>)
We take risks not to escape from life, but to prevent life escaping from us.

Tom Lane wrote:

expect <expect@ihubbell.com> writes:

Other lists I subscribe to do not suffer from the spam plague in the way this
list does. I wish I'd known that before signing on rather than after.

[ raised eyebrow ] I subscribe to many mailing lists. On most of the
other lists I have to apply spam filtering to what arrives, but the PG
lists are very nearly spam-free (thanks to Marc's hard work). I dunno
what you are complaining about.

regards, tom lane

---------------------------(end of broadcast)---------------------------
TIP 8: explain analyze is your friend

I get no spam or worms from the email I use on this list.

On Thu, 28 Aug 2003, Alvaro Herrera wrote:

Fortunately, Cristoph Dalitz's repeated complaints have finally caused
Marc to reconfigure MHonArc so it won't publish the addresses.

Actually, someone finally providing me with a means to 'mangle' the
addresses caused me to reconfigure it ... Christoph could complain until
his face turned blue, but if I didn't have a means to do it, it would
never have been done *shrug*