I used to have some pretty coarse geographic rules on my IPTables ruleset
that helped.
Basically every time I spotted a lot of spam coming in, I would check to
see if the IP was from China, Taiwan, Russia etc, if it was, I just
blackholed the entire class A network :)
Worth considering..... You can download list of geopgraphic IP space from
various sources as well
Stuart
On 20 February 2013 16:06, Max B <txtmax(a)yahoo.ca> wrote:
Hi All,
recently I've been receiving some spam which is designed to target the
intelligence of a 10-year old (as compared with the 'Nigerian'
spammers-of-yore approach to a pre-schooler level).
The spam looks to have been proofed by a GSCE-level reader.
This fraudulent forgery concerns me.
The trojan horse payload (not attached) is invariably wrapped up in a zip
archive. I've archived recent trojan payloads in case anyone is interested.
Domain
hinet.net points to a Chinese host. Domains also included in the
route are presumably Russian.
Does anyone have a means to hinder or otherwise block this spam with a
procmail script? Something like a geographic filter for any email
associated with China? I don't deal with China. Why would I wish to
receive email that originates in China? So I favour, at first glance,
penning the Chinese behind a bespoke Great Wall.
I'm beyond fed up with these turds.
http://www.nytimes.com/2013/02/21/business/global/china-says-army-not-behin…
http://www.fastcompany.com/3006018/fast-feed/china-dismisses-new-york-times…
Does HMG collect spam in order to address this sort of denial at a
diplomatic level?
The plausible deniability afforded the Chinese by this type of dynamic-ip
attack is simply unacceptable.
---------- Forwarded message ----------
Return-Path: <horsy7(a)regallager.com>
Received: from
114-41-160-224.dynamic.hinet.net
(
114-41-160-224.dynamic.hinet.net [114.41.160.224])
Received: from [149.116.61.55] (helo=zrnrzypdry.kqfrfyskubrj.ua)
by
114-41-160-224.dynamic.hinet.net with esmtpa (Exim 4.69)
(envelope-from )
id 1MMNDI-3322kk-MJ
From: "SendSecure Support" <SendSecure.Support(a)bankofamerica.com>
Subject: You have received a secure message from Bank Of America
Date: Wed, 20 Feb 2013 23:10:06 +0800
MIME-Version: 1.0
X-Priority: 3
X-Mailer: dwaitmwd.17
Message-ID: <3505121578.7AYSQSSK276767(a)rmoombwfwfc.ngayzodde.ru>
Content-Type: multipart/mixed;
boundary="----=a__fcrap_85_52_22"
You have received a secure message.
Read your secure message by opening the attachment. You will be prompted
to open (view) the file or save (download) it to your computer. For best
results, save the file first, then open it.
If you have concerns about the validity of this message, please contact
the sender directly.
First time users - will need to register after opening the attachment.
Help -
https://securemail.bankofamerica.com/websafe/help?topic=Envelope
_______________________________________________
users mailing list
users(a)lists.bitfolk.com
https://lists.bitfolk.com/mailman/listinfo/users