Re: txucom.com

To: Debian ISP <debian-isp@lists.debian.org>
Subject: Re: txucom.com
From: Russell Coker <russell@coker.com.au>
Date: Wed, 24 Dec 2003 02:34:43 +1100
Message-id: <[🔎] 200312240234.43231.russell@coker.com.au>
Reply-to: russell@coker.com.au
In-reply-to: <[🔎] 20031223152322.87FB9B57F5@lyta.coker.com.au>
References: <[🔎] 20031223152322.87FB9B57F5@lyta.coker.com.au>

Bummer, kmail has a bug.  Pasting the name in caused a new-line in the subject 
which made half the header into message body...

On Wed, 24 Dec 2003 02:23, Russell Coker <russell@coker.com.au> wrote:
> domain is run by morons
> Date: Wed, 24 Dec 2003 02:23:22 +1100
> User-Agent: KMail/1.5.4
> MIME-Version: 1.0
> Content-Type: text/plain;
>   charset="us-ascii"
> Content-Transfer-Encoding: 7bit
> Content-Disposition: inline
> Message-Id: <200312240223.22027.russell@coker.com.au>
> Status: RO
> X-Status: Q
> X-KMail-EncryptionState:
> X-KMail-SignatureState:
>
> They have a filter that stops naughty language.  Their filter replies to
> the apparent sender of all messages (including mailing list messages). 
> They have an address for discussion of the filter but it applies the same
> filter (so if you forward their complaint message to discuss why it should
> not be blocked then you get even more of their messages).
>
> If you CC multiple addresses in their domain then you get multiple
> responses.
>
> Here are some ways that txucom.com can be abused:
> Send a number of messages appearing to come from someone you don't like
> that are CC'd to many addresses at txycom.com (ITOne@TXUCOM.COM and
> postmaster@txycom.com are two that I know of).  The number of messages sent
> to the person you don't like will be N*M (where N is the number of messages
> and M is the number of names on the CC list).
>
> The "Wall Alarm" program that they use contains a paragraph of text which
> contains the "naughty" word.  So a three line message about p****
> enlargement with the P word in the middle line can be transmitted in the
> bounce message, thus getting around some spam filters (in effect an
> open-relay).
>
> There are probably ways of making the "Wall Alarm" program reply to it's
> own messages and kill itself, but I didn't bother figuring it out.
>
>
> This "Wall Alarm" program is evil and should not be allowed on the
> Internet. I recommend that everyone configure their mail server to reject
> messages who's header match the regex "^Subject: Wall Alarm", in Postfix
> you can do this by adding the following line to /etc/postfix/reject:
> /^Subject: Wall Alarm/i REJECT
>
> You also need the following in main.cf:
> header_checks = regexp:/etc/postfix/reject
>
>
> PS  I would appreciate it if the person from txucom.com would use
> hotmail.com to read this mailing list.
>
> --
> http://www.coker.com.au/selinux/   My NSA Security Enhanced Linux packages
> http://www.coker.com.au/bonnie++/  Bonnie++ hard drive benchmark
> http://www.coker.com.au/postal/    Postal SMTP/POP benchmark
> http://www.coker.com.au/~russell/  My home page

-- 
http://www.coker.com.au/selinux/   My NSA Security Enhanced Linux packages
http://www.coker.com.au/bonnie++/  Bonnie++ hard drive benchmark
http://www.coker.com.au/postal/    Postal SMTP/POP benchmark
http://www.coker.com.au/~russell/  My home page

Reply to:

References:
- txucom.com
  - From: Russell Coker <russell@coker.com.au>

Prev by Date: txucom.com
Next by Date: Re: Attempts to poison bayesian systems
Previous by thread: txucom.com
Next by thread: gary@Computer-Essence.com
Index(es):
- Date
- Thread