PGTS PGTS Pty. Ltd.   ACN: 007 008 568               Mobile Version Coming Soon

point Site Navigation







Valid HTML 4.01!






   Brilliant XED lighting!
   Australian XED Lighting

   AXL

   Australia/NZ Distributor of
   Reming XED Lighting Products





Feedback: August 2003, Published: September 2003

Not much spam this month. Nevertheless I have decided to place all the spam that has ever been sent to this domain into a spam register. As it turned out this was not a very large sample. So I will be adding the messages from the sendmail reject log (which also appears on the mailhub console).

Brian has kindly offered to donate large quantities of spam from some of his domains. Together this will be added to a list. And shortly this will be used to generate recommended block lists. These will be in sendmail access_db format. However if someone wants them specified in other formats, just drop me a line.

Feedback:

Hints for this month:

Spam Diaries:


various chatter re spam

Date: Sun, 03 Aug 2003 01:25:27 +1000
From: Dan Byrnes

Ed: The following gives a historical perspective to spam. One that
would only occur to a historian


Dear Gerry,

So I'm just back from a party and feeling mellow, check email and wonder
how you are going with your damage control down there. In principle, you
are probably right re spammers have a right to exist/operate, certainly
under US constitution, on grounds of free speech/right to info etc,
despite the fact they are so "impolite" as you so euphemistically put
it.

In Oz, I wonder what the constitutional rules are/might be - I doubt
they could cope at all. Well, should the Net on your lil ole PC be as
tidy when you see it as you expected the CBD to be on every Tuesday
morning at 8am, no one asked, and so no one knows. They don't want to
know about headers and bodies. "They just want to sit down at their
computer, click on something and not see any spam."

Very true. As for Draconian legal measures about anything at all by way
of an offence, really, the dear old Aussies do go on with their history
books about the dear old Brits and their ever-tightening legal code of
the C18th, and from 20 years of reading such jive, I conclude that
Draconian legal measures against any sort of offence, even rape/murder,
or maybe, especially rape/murder, don't work to reduce the crime rate
for one very simple reason - the people who commit such offences, do not
at the time of the offence, have on their mind the Draconian measures
against the offence, they have on their mind the wish/urge to commit the
offence. I do wonder why in the following 200 and more years of legal
comment in Britain and Oz, the law makers haven't yet woken up to this
empirically-obvious facet of human nature.

In C18th terms, today's spammers most closely resemble the S/E English
smugglers of the 1720s and so on. Guys whose activities were against the
law of the day, but if the average person could get hold of some of the
goods they carried, terrif and no questions asked, black market
continued, olay!

Problem for govt these days is there is no actual model for dealing with
spammers, this is all a bit too new for "govt types". Hence what you
remarked re Harradine, he sees porn on the net and thinks, "Dreadful",
but he don't guess that this time around the delivery system is ALL NEW.
Cyberspace for govt is still a "new concept". Personally I have a
Draconian attitude to spammers - put the bastards in jail and deprive
'em of computer funzies, etc. Here I am of course less forgiving of
spammers than you, and also quite unrealistic; it's all fantasy land
anyway. Spammers today are just like smugglers of old, who if they
believe they can sail well and also outwit, outmanouvre or outguess the
authorities and their lackeys, they can continue to make a profit and
have fun as well. It's a game, and the old English smugglers apart from
noticing changes in English legislation, and their own profits, died out
anyway, by about 1740 except on various islands nearby England. Of
course, English smuggling does not really die out; a century later, up
to the 1840s, the British/Scots were smuggling heaps of guess what into
China - opium!

Spammers are smugglers. The main motivation of the smuggler is the
profit margin available from the buyer of the smuggled goods. Evasion of
the law (usually, the laws of two or more countries), or the rules of
polite society are entirely secondary - mere entertainment value. I
think today's spammers have just reinvented all this - and our lawmakers
as they call themselves are so deficient in history they don't realise
it. I often find Oz an odd place, it began as a dump-depot for convicts,
and our current population fails to discern the interesting lessons to
be derived from:
	(a) the law [and changes to it], and even worse
	(b) human nature in relation to the law.
Something is quite wrong with a country which fails to interpret the
lessons of its own origins. But I've digressed again. Damn!

Cheers, Dan.

Back To Index


bat2pl -- turn a .bat perl script into .pl

Date: Thu, 7 Aug 2003 09:50:00 +1000
From: Gerry Patterson

Ok, it's trivial. Just use Gvim ...

However it you have about twenty of them to do, the following might be
useful:

# -----------------------------------------------------------------

#!/usr/bin/perl
# bat2pl - strip code at start/end of .bat file created with pl2bat
$tgt = $ARGV[0];
unless (open(INPF,$tgt)){
	$tgt .= '.bat';
	open (INPF,"$tgt") || die "Usage $0 File[.bat]\n";
}
$tgt =~ s/\.bat$//i;
open (OUTF,">$tgt.pl") || die "Cannot open output: $tgt.pl\n";
while (<INPF>) {
	$line++ if (/^#!.*perl/ && ($line + 0) == 0);
	next unless $line;
	next if ($line++ == 2);
	last if (/^__END__/);
	print OUTF $prnline if ($line > 2);
	$prnline = $_;
}

# -----------------------------------------------------------------

Back To Index


named check hints: A records for [domain] class 1 do not match hint records

Date: Tue, 19 Aug 2003 16:12:29 +1000
From: Administration user

A message like the following appears on the primary DNS console:
named[135]: check_hints: A records for J.ROOT-SERVERS.NET class 1 do not match hint records

This is caused by the named.root being out of date. This record changes
so slowly that problems can go unnoticed. The most up to date record can
be obtained by FTP from ftp.internic.net Restart named when it has been
downloaded.

Back To Index


SPAM: 221.146.1/24 mail abuse

From bceo_44@erols.com Sun Aug  3 20:53:08 2003
Return-Path: <bceo_44@erols.com>
Received: from patrick ([221.146.1.68])
	by pgts04.xxxx.com.au (8.11.6/8.11.6) with SMTP id h73Ar6Z16627
	for <webmaster@xxxx.com.au>; Sun, 3 Aug 2003 20:53:07 +1000 (EST)
	(envelope-from bceo_44@erols.com)
Message-Id: <200308031053.h73Ar6Z16627@pgts04.xxxx.com.au>
From: bceo_44@erols.com
To: webmaster@xxxx.com.au
Subject: quick q
Sender: bceo_44@erols.com
Mime-Version: 1.0
Content-Type: text/html; charset="iso-8859-1"
Date: Sun, 3 Aug 2003 19:47:13 +0900
X-Mailer: Microsoft Outlook, Build 10.0.2627
Status: RO
Content-Length: 1052
Lines: 31

<html>

<head>

</head>

<body bgcolor="#003333" text="yellow" link="#CCCCCC" vlink="#CCCCCC" alink="#CCCCCC" leftmargin="0" topmargin="0" marginwidth="0" marginheight="0">

<table width="100%" border="0" align="center" cellpadding="0" cellspacing="1">

<tr>

<td align="center"><font size="2" color="white"><b>DON'T LOSE ANY MORE MONEY ON YOUR EXISTING HOME LOAN!<br><br>whats up. I thought you might be interested in this.<br><BR>Only the BANKS k<loppr55y>now about this gggreat offer, now you can too!<BR><br></td>

</tr>

<tr><td align="center"><a href="http://r.aol.com/cgi/redir-complex?url=http://winningsolution@buynow3sx.com/viewso65/index.asp?RefID=198478"><font color="yellow" size="3"><b><u>With the money y<pppaaassrew>ou save, put it towards a new car!</a><br><br></td></tr>

</table>

</body>

</html>

Ed: whois returns following from krnic:
IP Address         : 221.146.0.0-221.146.15.255
Network Name       : KORNET-XDSL-HAENGDANG-REDBACK2-1328
Connect ISP Name   : KORNET
Connect Date       : 20030605
Registration Date  : 20030613

Back To Index


SPAM: 4.61.158/24 mail abuse

From aa004092@hogpa.ho.att.com Fri Aug  8 04:55:09 2003
Return-Path: <aa004092@hogpa.ho.att.com>
Received: from LoNigro (lsanca1-ar41-4-61-158-106.lsanca1.dsl-verizon.net [4.61.158.106])
	by pgts04.xxxx.com.au (8.11.6/8.11.6) with SMTP id h77It7Z50668
	for <webmaster@xxxx.com.au>; Fri, 8 Aug 2003 04:55:07 +1000 (EST)
	(envelope-from aa004092@hogpa.ho.att.com)
Message-Id: <200308071855.h77It7Z50668@pgts04.xxxx.com.au>
From: aa004092@hogpa.ho.att.com
To: webmaster@xxxx.com.au
Subject: help defend your PC against new viruses
Sender: aa004092@hogpa.ho.att.com
Mime-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
Date: Fri, 7 Feb 2003 10:49:33 -0800
X-Mailer: Microsoft Outlook Express 6.00.2600.0000
Content-Length: 512
Lines: 23

DONT BECOME ANOTHER STATISTIC - INSTALL VIRUS PROTECTION NOW
most viruses are received via email
Norton Antivirus will keep you safe from all virus systems, and scans all emails automatically!

btw, you look great today.

For the BEST Anti-virus package, Click here NOW.
http://fpp39@softwaresavings2you.biz/default.asp?id=3000









ps. dont want any more of this shit?
http://f1pp39@softwaresavings2you.biz/remove/remove.html

Ed: Purchase virus-protection from a spammer?
Only if you are truly desperate!

Back To Index


SPAM: 66.17.148.192/27 mail abuse (or is it just ham?)

From baddr-8589981011-3334300-458880193-1S@mx.plaxo.com Sat Aug  9 00:52:31 2003
Return-Path: <baddr-8589981011-3334300-458880193-1S@mx.plaxo.com>
Received: from mx.plaxo.com ([66.17.148.196])
	by pgts04.xxxx.com.au (8.11.6/8.11.6) with SMTP id h78EqTZ56624
	for <gerry@xxxx.com.au>; Sat, 9 Aug 2003 00:52:29 +1000 (EST)
	(envelope-from baddr-8589981011-3334300-458880193-1S@mx.plaxo.com)
Received: (qmail 17478 invoked from network); 8 Aug 2003 14:46:54 -0000
Received: from unknown (10.1.0.2)
  by mx3.plaxo.com with QMQP; 8 Aug 2003 14:46:54 -0000
Received: (from 68.158.169.102 by Plaxo); 8 Aug 2003 14:22:03 -0000
Message-ID: <1060354014.19913.230826.sendUpdate@mx.plaxo.com>
Date: 8 Aug 2003 14:46:54 -0000
From: "Joel B. Rothman" <jrothman@xxxxxx.com>
To: "Gerry Patterson" <gerry@xxxx.com.au>
Reply-to: "Plaxo Contact Update for Joel B. Rothman" <addrupdate-8589981011-3334300-458880193-1SH@mx.plaxo.com>
Precedence: bulk
Subject: Your contact info
MIME-Version: 1.0
Content-Type: multipart/mixed;
 boundary="------------C0302C3E1ADE2168BC4F49CB"
Content-Length: 3387
Lines: 98

This is a multi-part message in MIME format.

--------------C0302C3E1ADE2168BC4F49CB
Content-Type: multipart/alternative;
	boundary="----=_NextPart_001_0028_01C2C189.94CF9E70"

------=_NextPart_001_0028_01C2C189.94CF9E70
Content-Type: text/plain;
	charset="us-ascii"
Content-Transfer-Encoding: 7bit

Gerry,

In my never ending struggle to stay current, I am updating my
address book. Please take a moment to update me with your
latest contact info.


Click the following link to correct or confirm your information: https://www.plaxo.com/edit_contact_info?r=8589981011-3334300-458880193&t=web

Name: Gerry Patterson
Job Title:
Company:
Work E-mail: gerry@xxxx.com.au
Work Phone:
Work Fax:
Work Address Line 1:
Work Address Line 2:
Work City, State, Zip:
Mobile Phone:

Home E-mail:
Home Phone:
Home Fax:
Home Address Line 1:
Home Address Line 2:
Home City, State, Zip:
My current contact information:



P.S. I've included my Plaxo card below so that you have my current information.  I've also attached a copy as a vCard.

 +-----------------
 | Joel B. Rothman
 | jrothman@xxxxxx.com
 | Vice President, Legal and Government Affairs
 |
Ed: The address has been removed -- for now.

 +-------------------------------------

____________________________________________________________
This message was sent to you by jrothman@xxxxxx.com
via Plaxo.  To have Plaxo automatically handle these messages
in the future, go to: http://www.plaxo.com/autoreply

Plaxo's Privacy Policy: http://www.plaxo.com/support/privacy

Ed: There was also a MIME encoded HTML attachment, which has not been
included. At first, I thought that this rather audacious attempt at data
prospecting could be part of an attempt to create electronic profiles of
victims for fraudulent purposes.

However, the headers appear to be genuine but funky. And it appears that
twelve months ago, Joel Rothman did indeed contact me. It was UCE but
not bulk UCE, and he only sent the one message. So that is all perfectly
legit as far as I am concerned. By my own criteria it did not qualify as
spam. I was about to overlook this as a clumsy attempt to update an
address book.

Then some investigation of plaxo.com revealed that hostnames in this
domain are just a little too complex to be fair dinkum.

There is an interesting comment at http://www.pcmag.com/article2/0,4149,905467,00.asp
This explains how the plaxo thing spreads. Suffice to say, "It's a
Microsoft Thing". Which of course makes me a little suspicious. Joel
introduced himself as a US-based developer of Linux Security Systems.
The question does arise about his continuing use of the world's most
insecure MUA (Microsoft Outlook).

Last and by no means least, plaxo.com get an honorable mention in
SpamCop. They have been registered by Network Solutions, Inc., who
lately seem to be one of the spammers' registrars of choice. According
to whois the registrant details are as follows:

Parker, Sean (UUTNYYADTD)
   1975 Landings Drive
   Mountian View, CA 94043
   US

   Domain Name: PLAXO.COM

All of these details and the Adminstration and other contacts seemed
above board. So you can make up your own mind as to whether it qualifies
as spam. Sean Parker was once a co-founder of Napster. How the mighty
have fallen. It seems he now sails his vessle very close to the edge ...
of the black hole of spam. Let's hope he doesn't fall in ...

Back To Index