Tales from the Machine Room


Home Page | Comments | Articles | Faq | Documents | Search | Archive | Tales from the Machine Room | Contribute | Login/Register

Hard, harder, hardest

Ok, this is not a "tale", but is something I wanted to put down in writing.

I got a mail from one of our user from the Finance Department, she was lamenting the fact that the mails from one of their "consulting" companies (from Germany, of course, 'cause they have to bend to the Great German Owner) keeps being stuffed in the 'quarantine' box by the antispam, despite repeated attempt at training the antispam that no, those mails are legit. And the user is kinda tired to fish them out of the quarantine box.

These kind of problems would be the realm of "user support" and as such my colleague should deal with them, but apparently he couldn't figure it out and the standard solution of "click on the 'this is not spam' link" in the mail didn't worked very well.

He also explained (twice, with drawings) how to configure outlook to auto-fish the mails and put them in the right box but she doesn't seems to get it.

And now, the colleague is in holiday, so I decide to have a crack at it. Fish out the mail from the box and take a look.

So...

The "From" address contains randoms numbers, letters and stuff.
The "Subject" also seems to contains random numbers and letters.
The "User-Agent" says "Drupal v1"
The "Content-Type" is obviously "multipart/html" because why not?
It does contains a bunch of images, logos and crap.
It does have embedded documents.
Plain text is less than 10% of the total.
The server that started the whole thing was called "localhost.locadomain" sure.
The server had also an ip address in the 192.168.x.y range. Obviously.
The fishy-looking relay server was named "webserver081094"
The fishy-looking relay server doesn't have a reverse-IP.
The fishy-looking relay server is hosted on AWS/Google/Whatthefuck.

If I was the antispam, I'd say this is most probably spam.

At this point I go checking the "whitelist" and, as expected, it contains already 79 entries related to these peoples, since every time there is a random "from" address and a different "source" IP.

After checking around (for as much as I can check without using truth serum or torture) that these mail are actually legit, I zap all the existing entries and then add a blanket entry for the whole domain, in the hope that whoever is managing that crap can actually keep its drupal thing clean of more junk. But if I have to judge by how they send mail we have less chances than a fart in a tornado.

But this made me think...

We're in 2020 (or will be when you're going to read this stuff), is not that spam happened yesterday, it's about 30 years we're wading through it, how is that there are still peoples that does this kind of stuff?

I mean, even the real spammers have figured out that the best way is to at least try to look legit, while those peoples, that are probably well paid to do... whatever they're doing, aren't event trying. If they are, they are trying the opposite.

Is it so fucking difficult to give that piece of crap machine a decent-sounding name? Can't they add a reverse-ip for the relay? And can't they actually use a real relay instead of whatever is that thing? And do they really need to send this garbage by mail instead of using any of the thousands of "document sharing" system? And how about using SMTP instead of Drupal to send mail?

And since they are sending stuff like this, the users are complaining and then the admins are forced to use "blanket" pass rules that ends up letting actual spam through.

There should be a punishment for these kind of behavior, that lower the general 'security' level for everybody else. I mean, we do have fines for "wreckless driving" already, when you do shit that is not completely illegal but still kinda dangerous, why there isn't a fine for "wreckless sysadminning"?

Davide
17/07/2020 09:54

Previous Next

Comments are added when and more important if I have the time to review them and after removing Spam, Crap, Phishing and the like. So don't hold your breath. And if your comment doesn't appear, is probably becuase it wasn't worth it.

12 messages post new
Messer Franz By Messer Franz - posted 17/08/2020 07:39 - reply

Dai, che lo sai anche tu: la guida pericolosa il politico la vede come tale perchè rischia di finire sotto una macchina, mentre il "sysadmin rischioso" non lo capiscono, non li riguarda (che se hanno problemi gli basta frignare dal sysadmin del posto che ci pensi lui con loro che intanto lo insultano) e di base un politico è un manager della legge, quindi non farà MAI qualcosa di positivo!

Ed i manager sono la forza cosmica che tiene in equilibrio l'universo rispetto ai lavoratori competenti...ricordo che una cosa in equilibrio non cambia, e difatti il mondo d'oggi va costantemente a remengo...

--
Messer Franz


Davide Bianchi@ Messer Franz By Davide Bianchi - posted 17/08/2020 07:42 - reply

Dai, che lo sai anche tu: la guida pericolosa il politico la vede come tale perchè rischia di finire sotto una macchina

Il "politico" che va  piedi invece che in una macchina ultrablindata? Ma dove vivi? In Olanda?

 

--
Davide Bianchi


Anonymous coward By Anonymous coward - posted 17/08/2020 09:57 - reply

> There should be a punishment for these kind of behavior

 

well yeah, the punishment is for the user to have to fish the email from the junk folder every time.

the missing step is avoid providing solutions and to redirect all the user frustration to the owner of the other email system, forwarding all user tickets to them, and Postel 'be liberal in what you accept' be damned.

--
Anonymous coward


SistemistaDisperato By SistemistaDisperato - posted 17/08/2020 10:01 - reply

Da ex utente smanettone trovatosi, dopo essere stato assunto (e pagato) oltre 8 anni fa come tecnico hardware, a fare il tecnico harware/software/sistemista/ufficioacquistiinformatici/tuttoquellocheserve e che gestisce una rete di oltre 300 negozi sparsi per il mondo più sede da oltre 100 impiegati e 3 magazzini, ho dovuto presto imparare come l'internet aziendale sia utile, oltre che per il porno, per imparare le cose che non so. E, quando sono proprio tanto complicate, uso persino la mia internet casalinga, oltre che per il porno, per imparare altre cose che non so. E quando, dopo oltre 8 anni ho chiesto al responsabile dell'ufficio del personale se non fosse il caso di equiparare il mio livello al lavoro che faccio, mi ha risposto che non ci vede nulla di strano, sono un tecnico hardware ed il software gira su di un hardware, i server sono hardware, tutta l'informatica è hardware, perché mi sembra si essere sovramansionato se faccio quello per cui mi pagano?

 

Tutto questo per dire che quello stupido sono io che cerco di fare le cose come si deve, ed i furbi sono quelli che lavorano come quello che ha configurato la posta al tuo cliente, dagli quello per cui ti pagano e vivi felice nella tua ignoranza.

--
SistemistaDisperato


Anonymous coward@ SistemistaDisperato By Anonymous coward - posted 17/08/2020 23:04 - reply

@SistemistaDisperato cambia lavoro, fatti un favore. Dopo 8 anni anche uno sfigato come me aveva già avuto 3 aumenti. Te li meriti.

--
Anonymous coward


Massimo M. By Massimo M. - posted 17/08/2020 16:06 - reply

Ciao Davide, bentornato dalle ferie!

Una cosa: in https://www.soft-land.org/storie/10/story01 parlavi di $succhiasangue. Quando racconterai questa storia? Me la immagino molto succosa!

--
Massimo M.


Davide Bianchi@ Massimo M. By Davide Bianchi - posted 18/08/2020 07:45 - reply

Quando racconterai questa storia? Me la immagino molto succosa!

Perche' vuoi farmi ritornare gli incubi?

 

--
Davide Bianchi


Anonymous coward@ Davide Bianchi By Anonymous coward - posted 18/08/2020 11:04 - reply

 

Quando racconterai questa storia? Me la immagino molto succosa!

Perche' vuoi farmi ritornare gli incubi?

 

Perché ce l'hai accennata

 

--
Anonymous coward


Davide Bianchi@ Anonymous coward By Davide Bianchi - posted 19/08/2020 12:08 - reply

Perche' vuoi farmi ritornare gli incubi?

Perché ce l'hai accennata

...me e la mia fottuta bocca...

 

 

--
Davide Bianchi


Anonymous coward@ Davide Bianchi By Anonymous coward - posted 20/08/2020 11:53 - reply

...me e la mia fottuta bocca...

 

Dita, baboon coder, dita

 

 

 

 

--
Anonymous coward


sistemistanondivertente@ Anonymous coward By sistemistanondivertente - posted 20/08/2020 19:37 - reply

 

... me e la mia fottuta bocca ...

 

Dita, babbuino codificatore, dita

 

non può parlarvi di quella storia, perchè è......... sanguinosa.

ok, questa era pessima ma mi sono annunciato adeguatamente.

 

 

 

 

 

--
sistemistanondivertente


Massimo M.@ Davide Bianchi By Massimo M. - posted 20/08/2020 15:26 - reply

>Perche' vuoi farmi ritornare gli incubi?

>Perché ce l'hai accennata

>...me e la mia fottuta bocca...

 

Guarda che raccontarla potrebbe essere terapeutico!

Mettila cosi': e' come andare dallo "spicologo" ma, invece che pagare $bigbucks, vieni pure ringraziato.

 

 

 

--
Massimo M.


12 messages post new

Previous Next


This site is made by me with blood, sweat and gunpowder, if you want to republish or redistribute any part of it, please drop me (or the author of the article if is not me) a mail.


This site was composed with VIM, now is composed with VIM and the (in)famous CMS FdT.

This site isn't optimized for vision with any specific browser, nor it requires special fonts or resolution.
You're free to see it as you wish.

Web Interoperability Pleadge Support This Project
Powered By Gojira