Spam or Virus mails from Redhat ?

Scot L. Harris webid at cfl.rr.com
Fri Jul 16 14:13:10 UTC 2004 

On Fri, 2004-07-16 at 04:03, Parameshwara Bhat wrote:
> Hello list,
> 
> This week I have been receiving numerous mails from ***@[***]redhat.com 
> all 174 or 173 KB and with chinese looking junk characters in the body and 
> either a zip or pif attachment. I haven't clicked on the attachemnt though 
> I presume these cannot run on my Fedora box.
> 
> I also receive similar mails from various other sites as well all similar 
> in body and attachment. Where could this be coming from ?
> 

You would need to examine the headers of the mail messages to see where
they came from.  However, a lot of the information in the header can be
falsified in order to obscure the sender.  Most likely the messages came
from a windows box that has been taken over and is now a zombie running
mass mailings of spam.  The from information is almost guaranteed to be
bogus.

Ultimately it really does not matter where the messages came from.  The
best thing to do is use a tool to filter them out.

> Does anybody know of a mail-client which can be taught not to download 
> suspicious looking mails ?
> 
> Parameshwara Bhat

I think firefox and the newer mozilla (for windows at least) has built
in spam filtering.  Not sure if that is built in to the Linux version or
not.

You can implement spamassassin on your linux box to filter spam.  On my
home account I get about 150 or 200 spam messages a week.  Only 3 or 4 a
week end up in my inbox.  Depending on the client you use and how you
get your email you can configure spamassassin a couple of different
ways.  The easiest, and the one I used at home, was to configure a
filter in my email client to call spamassassin on messages I download. 
The filter then looks at the results and if it is marked as spam it gets
dumped in a holding folder.  This gives you a chance to review the spam
messages for any false positives.  What is neat with spamassassin is
that you can setup a bayesian database which will learn what you call
spam and ham.  So over time it gets better and better at sorting things
out for your particular email.

Check out their web site and the documentation that comes with
spamassassin.  Highly recommended.

If you are running a full blown mta then I recommend implementing
greylisting as well as spamassassin.


-- 
Scot L. Harris
webid at cfl.rr.com

Writing software is more fun than working.

More information about the users mailing list