spams prevention on linux

  • jide.usman
  • Born
  • Born
  • jide.usman
  • Posts: 1
  • Loc: Engleand

Post 3+ Months Ago

[color=red]hello
i am new in the forum. could any one tell me how to hide my ip address on my linux box so crackers and hacker can stop sending me spams and scams

thanks
[/color]
  • Anonymous
  • Bot
  • No Avatar
  • Posts: ?
  • Loc: Ozzuland
  • Status: Online

Post 3+ Months Ago

  • meman
  • Web Master
  • Web Master
  • User avatar
  • Posts: 3432
  • Loc: London Town , Apples and pears and all that crap

Post 3+ Months Ago

lol i don't think you know what you are talking about.... no offence. But none of that makes any sense.
  • Daemonguy
  • Moderator
  • Web Master
  • User avatar
  • Posts: 2700
  • Loc: Somewhere outside the box in Sarasota, FL.

Post 3+ Months Ago

Be nice meman.

Your IP has nothing to do with the email you receive.

If you want to slow the barrage, install an anti-spam tool on your side such as;
http://www.spambutcher.com/anti-spam-software/
or
http://www.netsilencer.com/mailmate-antispam.html
etc, et al.

Google for it, there's tons.

The best best is to get a new email address, and STOP giving it to everyone on the internet.

Get a Hotmail or Yahoo to fill out forms online, and use your (new) regular address for friends and relatives.

As for scams -- don't fall for it. If it sounds too good to be true, it is.
  • SJP
  • Beginner
  • Beginner
  • User avatar
  • Posts: 47
  • Loc: Washington, USA

Post 3+ Months Ago

Before you pay for anti-spam software check out my fix. It is 100% successful providing spammers don't come to your website and manually send the junk mail which no spammer out to make a profit has the time or patience to do. Filters are not perfect and there is a chance a legitimate email will be misidentified. For this reason filters stick suspicious email in a seperate folder necessitating you look at whatever gets put in it if you want to be absolutely sure this didn't happen. Spam filters can also be resource hogs. My software is free.

http://www.sanjuanpersonals.com/ContactManager.html

I presume you have ProcMail and some dabbling with it is required. I provide all that is necessary.

SJP
  • Daemonguy
  • Moderator
  • Web Master
  • User avatar
  • Posts: 2700
  • Loc: Somewhere outside the box in Sarasota, FL.

Post 3+ Months Ago

First, while I appreciate that your "option" is free, it is still copyrighted, or so you say. As such, this is mild spam -- an effort to push *your* product and or service; self-aggrandizing if you will.

I am willing to look past that, however I note several other flaws with your "better approach".
It assumes the user is running procmail; I assumed no such thing, in fact I gathered from the remarks the user was just that, and end user who receives an inordinate amount of spam to their inbox.

Secondly, anyone who would ask such a question, is most probably unaware -- even if they DO run a mail server -- what or how to drop in a new MDA (Mail Delivery Agent) for those of you who are now going, "huh?".

It only runs under Unix. Somehow I get the impression this person is sitting at a Windows box; call me crazy, but the lack of mastery of the [] codes gives it away.

This person needs, IMHO, a client-side spam preprocessor, such as the two I mentioned (one of which *IS* free, had you actually looked) or the reference to the thousands more on Google.

*IF* this person ran their own mail server, I would still not suggest a hack to procmail which is nothing more than an MDA, I would suggest a real preprocessor, such as SpamAssassin.

I will leave your link for now; perhaps another mod will remove it... I cannot speak for all of them.

Good day.
  • SJP
  • Beginner
  • Beginner
  • User avatar
  • Posts: 47
  • Loc: Washington, USA

Post 3+ Months Ago

Yeah, it is copyrighted. So what? How is it spam? I'm not making any money off it. The software is mine to give away. ProcMail is normally a standard feature on Linux Web Servers. At least on mine - WestHost.com. If this person is running a Windows box why are they posting their question in a Linux forum? Even if the person were to use SpamAssassin they'd still have to dabble with ProcMail, because that is how it is wired in. This is not a hack! I don't know if this suits the person or not. That's why I did my best to offer a comprehensive write-up. You won't find any software package on google or elsewhere that uses the method I do. Before I decided to go public I investigated obtaining a software patent. I even went as far to have an extended patent search performed. I didn't follow through, because I didn't have the money. Patent attorneys are not cheap. Copyrights are a piss poor way to preserve intellectual property rights especially when the guts are written in Perl and any jack that knows the language can tell what you're doing from the get-go. Change a few things here and there and voila! It's an original artwork in the eyes of the LITERAL Copyright Office. If my name on the software bothers anyone - remove it. No one except the person that initially installs the software would see it anyhow and nothing is put in outgoing email messages to identify the source. And lastly, anyone who posts in this forum including you is self-aggrandizing .

SJP
  • Daemonguy
  • Moderator
  • Web Master
  • User avatar
  • Posts: 2700
  • Loc: Somewhere outside the box in Sarasota, FL.

Post 3+ Months Ago

One does not need to "make money" for the message to be considered spam. You want people to believe you are doing this for the good of mankind? Request Sourceforge distribution instead of a URI branched from your commercial site.
When you install SpamAssassin you do NOT need to run procmail, there are classes that make it extensible to function within the MDA, however it is not required. It interoperates just fine using qmail or postfix.
Frankly, if it's Perl, it's a hack. That's just my opinion -- the opinion of someone who loves Perl I might add -- but still a hack. Not multi-threaded, not low level. Not to say that Perl hacks don't work, they most certainly can.
I know the patent process all too well; I also know people can patent anything, even something as ridiculous as "Text area input for customer data".
I fail to see how *anyone* who posts in the forum is self-aggrandizing, if they have no intention of ever publicizing their own interests, directly or indirectly how can they elevate their status to a position of greater wealth and power?

I did make one error though; the original poster did query -- albeit in dark blue font -- about his client linux machine. They also asked how to mask the IP in order to stop receiving spam... does this sound like someone up to the task of configuring an MDA?

Regardless, there have been similar precedents with the posturing of homegrown tools offered for free via commercial base URL's.

My intention remains to leave it, for now.
  • SJP
  • Beginner
  • Beginner
  • User avatar
  • Posts: 47
  • Loc: Washington, USA

Post 3+ Months Ago

For the good of mankind. Hard to believe I know. So little of that these days. My website is not commercial. There are no ads. It's 100% free. I don't spam. If sourceforge or whoever wants to distribute my software or better yet adapt it to other platforms then I give my full consent. I've already made the software available on my web server's forum, apprised various other parties and that's all I am doing here. I understand your caution and I assure you I'm not pulling any funny business. If anything written in Perl is a hack in your opinion then SpamAssassin must be too. My web host is in the process of upgrading Perl from 5.6 to 5.8.7 so they can utilize the newest version. I'm not for hire. I haven't put myself out there and this escapade is not to flaunt my skills to gain an edge over the competition. If SpamAssassin can be wired differentlly I don't know it. But, I do know SpamAssassin has drawbacks including being a resource hog and susceptible to spammers finding ways to trick it. IMO my way is better. It is high time to beat spammers at their own game. The software doesn't need to be multi-threaded because ProcMail fires up a seperate instance for each email processed. I lock the database to ensure there is no chance of corruption. And not low level? How did you reach that conclusion? Agreed some software patents are absurd, people shouldn't be able to get them for unproven ideas or silly brain dead applications and so broadly enforceable as to deter people from building better mouse traps. I'm sorry to learn software patents were never about ingenuity, but plain and simple greed! Perhaps I'm a fool for not making a killing or maybe this is my way of thumbing my nose at the software industry and this incredibly assnine practice! You are acting in the best interests of all concerned and so am I.
  • Daemonguy
  • Moderator
  • Web Master
  • User avatar
  • Posts: 2700
  • Loc: Somewhere outside the box in Sarasota, FL.

Post 3+ Months Ago

Understand, my goal was to ferret out your intentions.
We do need to be careful as there are a great many unscrupulous people flitting about the Internet offering deals that appear too good to be true; normally they are.

It's our job here to figure out which ones are honest and forthright, and that is not always an easy or pleasant task.

Yes, I am aware that SA is a collection of perl programs used in concert... I am also aware that you know it as well. It's still a hack, but as I alluded to, one I can live with.

I apologize if I seemed somewhat suspect; I was. For some reason, I believe your intentions are exactly as you claim. You'll hear no more about this from me.

Though I still believe that a multi-threaded environment would save the resource cost of building up and tearing down a new process for every mail, instead spawning a thread for each mail under the same process context and address space... but that's me. ;)
  • this213
  • Guru
  • Guru
  • User avatar
  • Posts: 1260
  • Loc: ./

Post 3+ Months Ago

Thanks for the good read you two, I think poor jide got lost in all this though.

jide, you can't hide the ip address on your linux box unless your linux box is being NATed (Network address Translation) by a router/firewall between the linux box and the internet. The reason for this is that without your IP address, requests you make to the internet would not be able to find their way back.

If you're looking for a way to stop spam from getting to your inbox, take a look at the options Daemonguy posted.

If you're looking for a way to stop spam being delivered to that linux system (after which you log in to that system using POP3, IMAP or HTTP) SpamAssassin is your friend - at least as a start. I'd also install Clam Antivirus at least.

While I'm not going to give you a full blown tutorial on setting up an email server here, I will be nice enough to tell you that there are plenty of full blown tutorials out there, for practically every mail system there is (I'm partial to qmail).

Having that linux box configured to receive your mail will (by far) give you the most control over what gets through to your inbox. It may take some time learning the controls for whatever system you choose, but it will be well worth the effort - if for no other reason than you'll at the very least learn something of Linux system internals in the process.

SJP, that's an interesting idea and I can see something like that being worthwhile to quite a few people. However, I believe that most *people* aren't going to take the time to go to a website (even their own) to create an email when they have the option of opening hotmail. People are lazy by nature (I'm a prime example) and will take the option that is right in front of them. I can't see how everyone who wants to send any particular person an email would want to have to go to that person's site to do it.

I'm of the firm opinion that spam and virus control need to be performed at the server level. Distributing any application that an end user has to install, configure and so on is most likely not going to see much use - and therefore not block much spam. For those of us who are running mail servers, spam equates into wasted bandwidth, which means money. By the time the spam gets to the end-user's system to get blocked, that piece has already stolen the bandwidth from the upstream provider to get there. While this may not seem like a big deal with twenty or so 10k files, it does turn into a big deal when you start processing a few hundred thousand of those.

Every mail server out there *should* be closed as an open relay, have virus scanning and some level of spam filtering. Sadly this is simply not the case and it took ILOVEYOU to even get ISP's to wake up to the extent of the problem to begin with. Having said that, I'll point out that if you are going to set up a system capable of receiving and (especially) send mail, do some reading first on how that system should be configured securely.

I'm not saying that the end-user should be defenseless either, I'm saying that people are too lazy and/or ignorant of the need to do anything about it.

Sorry this post was so long, spam is an area in which I spend quite a bit of time (and money)

THIS
  • SJP
  • Beginner
  • Beginner
  • User avatar
  • Posts: 47
  • Loc: Washington, USA

Post 3+ Months Ago

Quote:
Having that linux box configured to receive your mail will (by far) give you the most control over what gets through to your inbox. It may take some time learning the controls for whatever system you choose, but it will be well worth the effort - if for no other reason than you'll at the very least learn something of Linux system internals in the process.


No sooner than you justify having to catchup on the learning curve for SA do you condemn any other solution that requires energy to get going as not viable.

And when you say:

Quote:
However, I believe that most *people* aren't going to take the time to go to a website (even their own) to create an email when they have the option of opening hotmail. People are lazy


I say exactly! I'm not interested in receiving email that has nothing to do with my website. Why would I? If bandwidth is money then is the time you spend getting rid of email that isn't going to make you any worthless?

SJP
  • this213
  • Guru
  • Guru
  • User avatar
  • Posts: 1260
  • Loc: ./

Post 3+ Months Ago

SJP wrote:
No sooner than you justify having to catchup on the learning curve for SA do you condemn any other solution that requires energy to get going as not viable.

Actually, I point out that *people* are lazy, this doesn't automatically mean that everyone is, and the point that I was trying to make is that one *should* try learn the tools they're going to be using.

Take a look at SPF records - they're perfectly viable, there's absolutely nothing wrong with using them and, if they were properly adopted, the amount of spam crossing the networks would be significantly reduced. But they're not implemented enough today to rely on: Why? Because most people are too lazy to go update their DNS with a one line record - and the people I'm talking about (corporations and such) have either the expertise to do this in 3 minutes, or the resources to get someone who can. Now, I'll also tell you that by implementing them, you can award yourself at least some modicum of protection from having your own address spoofed anyway. However, informing someone that they *should* implement them still doesn't detract from the statement that they're not widely used. Whether or not they actually implement them is their business. Having said that, I’ll reiterate – most people are too lazy to set up a system like yours when they can either just do nothing (which is usually what they do) or buy a product that they just install and it does everything for them. If you come up with a product like that, it would have far more marketability.

SJP wrote:
I say exactly! I'm not interested in receiving email that has nothing to do with my website. Why would I? If bandwidth is money then is the time you spend getting rid of email that isn't going to make you any worthless?

To your first question, most people don't have a website, and most people who do have a web site receive email from many places that aren't going to go to their web site to send them an email. While these emails may or may not be related to the website itself, they are most certainly related to running the business that keeps the web site online. However, if you want to only receive email from people who visit your site that’s your business.

Your second question is circular; by definition if bandwidth is money then the time I’m spending getting rid of email that isn’t making me any money is actually generating money for me. Therefore, the time I spend getting rid of that email is worth as much to me as the bandwidth it would have cost to deliver that email to its destination. This was basically my point.

My interest in this subject deals with configuring mail servers to deliver only the email to the end user that the end user actually wants. This has the effect of actually saving me the money on the bandwidth that would have been used to deliver the email the end user didn’t want. My interest in this subject also deals with prompting other users with capable systems to take the same interest in the subject, which eventually will make a real dent in the spam situation.

Another point on the “learning curve for SA” as you put it: IMHO if you’re running a Linux system, you should know something about it. There are few things on the internet as dangerous as a chrooted linux system in the hands of someone who knows what they’re doing. That’s not to say that people shouldn’t use Linux, just that they should have some idea of what their system is doing – and what it should be doing, which applies to any OS. Also, most people aren’t going to just go get a *nix system, so the fact that jide even has one indicates at least some interest or requirement in configuring it.

Having said all of that, I digress. The intention of my first post (or this one) was not to dissuade you from using a system that works for you, but to point out that if you’re routing mail though a linux system, you have complete (or nearly complete) control over what gets through it.
  • SJP
  • Beginner
  • Beginner
  • User avatar
  • Posts: 47
  • Loc: Washington, USA

Post 3+ Months Ago

Quote:
To your first question, most people don't have a website, and most people who do have a web site receive email from many places that aren't going to go to their web site to send them an email. While these emails may or may not be related to the website itself, they are most certainly related to running the business that keeps the web site online.


No, tell me it isn't true. Everybody does not a website? When you admitted being lazy I had no idea it included not checking out the document I placed online describing my software, because if you had you would have noticed the title explicitly states that it is for websites. And something else. This forum is for webmasters. It should not be necessary to tell people I am talking about websites since that ought to be a natural conclusion.

How do emails that are not related to a website have any relation to the business of having one? My website has been online for over three years and its continued operation has not been dependant on these mysterious emails you speak of. Can you provide examples?



Quote:
our second question is circular; by definition if bandwidth is money then the time I’m spending getting rid of email that isn’t making me any money is actually generating money for me. Therefore, the time I spend getting rid of that email is worth as much to me as the bandwidth it would have cost to deliver that email to its destination. This was basically my point.


This makes no sense. Spammers don't have to pay for the bandwidth consumed. They send it and you have to deal with it.

Quote:
Take a look at SPF records - they're perfectly viable, there's absolutely nothing wrong with using them and, if they were properly adopted, the amount of spam crossing the networks would be significantly reduced. But they're not implemented enough today to rely on: Why? Because most people are too lazy to go update their DNS with a one line record - and the people I'm talking about (corporations and such) have either the expertise to do this in 3 minutes, or the resources to get someone who can


SPF would be a good counter measure and why it hasn't been readily adopted mesmerizes me. I think there is more at play here than people being too lazy to make a simple DNS change. Seems like there's very little done for the website operators screaming about being inundated with spam and the immense resources being consumed to combat it. Almost like there are vested interests in keeping spam alive since I understand it is a multimillion dollar business. Perhaps there are lobbyist pumping politicians full of money to take no action since when has what's good for the people ever been able to top selfish interests? But, apart from my political speculations that greed prevails there is no good reason why I shouldn't offer an interim fix. The industry can drag their feet until hell freezes over, but that doesn't mean that I or anyone that wants a solution now can't have one.

Perhaps the government making a stand against spam won't happen until someone uses it against them. Why spend millions of dollars on television spots or other kinds of media to get a point accross and the potential hardships of having the material you want disseminated looked poorly on and probably refused by tight wads who are under the spell of greed when one could potentially spend far less and get their politically charged message into most every household? Who cares about the old folks who resist technology? Computers are very popular with the younger generation and since they are the presidents, statesmen of tommorrow it is them you would want to influence.

SJP
  • this213
  • Guru
  • Guru
  • User avatar
  • Posts: 1260
  • Loc: ./

Post 3+ Months Ago

I think you’re just trying to be argumentative now, but I’ll bite.
SJP wrote:
No, tell me it isn't true. Everybody does not a website? When you admitted being lazy I had no idea it included not checking out the document I placed online describing my software, because if you had you would have noticed the title explicitly states that it is for websites. And something else. This forum is for webmasters. It should not be necessary to tell people I am talking about websites since that ought to be a natural conclusion.

As I previously wrote:
My interest in this subject deals with configuring mail servers to deliver only the email to the end user that the end user actually wants.

And

SJP, that's an interesting idea and I can see something like that being worthwhile to quite a few people. However, I believe that most *people* aren't going to take the time to go to a website (even their own) to create an email when they have the option of opening hotmail. <~~ meant to say “outlook” here – I have a habit of equating the two.


SJP wrote:
How do emails that are not related to a website have any relation to the business of having one? My website has been online for over three years and its continued operation has not been dependant on these mysterious emails you speak of. Can you provide examples?

I receive email dealing with payment gateways, marketing venues, bank accounts, orders, email from clients and email from developers just to name a few. If any of these people/companies had to go through my site to send me an email, I’d most likely be out of business. Aside from that, many of the people I receive email from have never even been to one of my web sites – but communication with those people supports the site(s) in some way or another.

As a side note, there are quite a few members here who are not webmasters.

SJP wrote:
This makes no sense. Spammers don't have to pay for the bandwidth consumed. They send it and you have to deal with it.

That’s absolutely right, so it’s in all of our best interest to stop that spam at the earliest possible point. While I can’t do anything about the mail that comes into the mail server on the receiving side, I can filter that mail so the server isn’t putting out garbage on the sending side, which frees up bandwidth between that server and any subsequent servers or clients that receive mail from that server.

SJP wrote:
Almost like there are vested interests in keeping spam alive since I understand it is a multimillion dollar business. Perhaps there are lobbyist pumping politicians full of money to take no action since when has what's good for the people ever been able to top selfish interests?

You’re probably dead on there. I wrote a small filter in a couple hours that practically eliminates spam (when used in conjunction with SA). If I can do that, there’s no reason the “big boys” can’t.
  • desertland
  • Graduate
  • Graduate
  • desertland
  • Posts: 206

Post 3+ Months Ago

This thread has diverged quite a bit from its original purpose :) For the sake of anyone else reading the thread and actually looking for mail prevention software, I've had significant success using DSPAM ( GPL; http://www.nuclearelephant.com/projects/dspam/ ) on the server, and SpamBayes ( http://spambayes.sourceforge.net/ ) as a plugin to MS Outlook at work.

As deamonguy mentioned, it's very important not to give your email address out to people... don't publish it on websites either. Spam harvesting bots (bots that spider the internet looking for email addresses) are fairly common. If you can't put a CGI form on your website, mask your email address somehow using something like spamgourmet (http://www.spamgourmet.com)

Post Information

  • Total Posts in this topic: 15 posts
  • Users browsing this forum: No registered users and 50 guests
  • You cannot post new topics in this forum
  • You cannot reply to topics in this forum
  • You cannot edit your posts in this forum
  • You cannot delete your posts in this forum
  • You cannot post attachments in this forum
 
 

© 1998-2014. Ozzu® is a registered trademark of Unmelted, LLC.