Users needed to help test new spam system

We need some users to help us accurately trial a new spam checking filter.

The trial will last around 1-2 weeks. To keep things a bit easier, we require only people that meet the following criteria.

  1. Your spam setting on the Options -> Spam/Virus Protection screen are set to Normal or Aggressive (*not* Basic or Custom), or you’re willing to change to either of those settings
  2. You use the web interface regularly (every day preferably)
  3. Your happy to spend a few minutes each day using the Report spam and Report non-spam actions to report all incorrectly spam checked messages

If you’re interested in helping and meet the above criteria, can you please email your full username (including the @domain part) to spamtrial@fastmail.fm and we’ll send you some more instructions.

Posted in Off Topic. Comments Off

Yahoo SMTP accounts sending spam

It appears some spammer must be signing up masses of yahoo accounts and sending spam via yahoo SMTP. Since yahoo only allow SMTP for paid accounts I believe (their MailPlus keeps mentioning POP, but not SMTP), they must be using a lot of stolen credit cards.

Looking at the emails, they all have a common form for their entry point header:

Received: from unknown (HELO www.microsoft.com) (xyz@121.142.82.139 with login)
  by smtp111.plus.mail.re1.yahoo.com with SMTP; 8 Feb 2008 13:21:53 -0000

The “by smtp111…” server varies of course, but the HELO www.microsoft.com is constant which is a bit strange really, it’s a dead giveaway.

I’ve got a rule to put these on the HOLD queue. Lets do a quick check…

$ mailq | grep ‘!’ | cut -d ‘!’ -f 1 | xargs postcat -q | grep ‘HELO www.microsoft.com’ | perl -lne ‘print /\(([\w\.]+)\@/’ | wc -l
4143
$ mailq | grep ‘!’ | cut -d ‘!’ -f 1 | xargs postcat -q | grep ‘HELO www.microsoft.com’ | perl -lne ‘print /\(([\w\.]+)\@/’ | sort | uniq | wc -l
4060

So on one server it’s caught 4143 emails so far, and of those, there’s 4060 unique yahoo accounts being used.

$ mailq | grep ‘!’ | cut -d ‘!’ -f 1 | xargs postcat -q | grep ‘HELO www.microsoft.com’ | perl -lne ‘print /\@([\d\.]+)/’ | wc -l
4145
$ mailq | grep ‘!’ | cut -d ‘!’ -f 1 | xargs postcat -q | grep ‘HELO www.microsoft.com’ | perl -lne ‘print /\@([\d\.]+)/’ | sort | uniq | wc -l
3600

As expected, lots of separate IP addresses as well (obviously caught another 2 emails in the intervening time).

$ mailq | grep ‘!’ | cut -d ‘!’ -f 1 | xargs postcat -q | grep ‘HELO www.microsoft.com’ | perl -lne ‘print /\@([\d\.]+)/’ | sort | uniq | perl -lne ‘print join “.”, reverse(split /\./), “xbl.spamhaus.org”‘ | xargs dig +short | sort | uniq -c
   3180 127.0.0.4

At least most are on the XBL it seems, so SpamAssassin rules will be catching them.

Obviously trying to get your spam into the world by relaying through a trusted provider is going to be a more and more common way of trying to do things. The interesting thing here was I don’t think I’ve seen anything on this scale before with regard to the number of different accounts being used. Given we’re not the largest provider in the world and this is just one machine, so our email capture rate must be low, whoever is doing this must have a HUGE number of spamming accounts to send from.

Posted in Technical. Comments Off

New version of FastCheck fixes folder bug

There is a bug in the current version of FastCheck that means recently created folders will not be checked correctly. Eric has released a new version of FastCheck that corrects this bug. You can download it here:

http://www.fastcheck.org/download/FastCheck_1_0_13_5.exe

After downloading and running this new version, you have to go to the Options page, and to the Accounts list, double click on your account and enter your password twice to force a refresh of the folder list.

Posted in Technical. Comments Off
Follow

Get every new post delivered to your Inbox.

Join 5,554 other followers