A lot of newsgroups are being spammed lately from Google Groups.

When I "Rightclick -> Scoring & actions -> Add plonk rule" on a message in 40tude dialog, it only catches the "From:" but not the message-id which,
for google groups messages ends with "@googlegroups.com"

What's the way to get a filter based on the googlegroups message id?
I noticed they also come from "User-Agent: G2/1.0" so that would work too.

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On Sun, 3 Dec 2023 14:55:10 -0500, rocco portelli wrote:

[Dialog] Filter needed to get rid of Google Groups spam by Message-ID or by User-Agent

A lot of newsgroups are being spammed lately from Google Groups.

When I "Rightclick -> Scoring & actions -> Add plonk rule" on a message in 40tude dialog, it only catches the "From:" but not the message-id which,
for google groups messages ends with "@googlegroups.com"

What's the way to get a filter based on the googlegroups message id?
I noticed they also come from "User-Agent: G2/1.0" so that would work too.

For Dialog, see <http://twovoyagers.com/improve-usenet.org/filters_ex3.html>

The Usenet Improvement Project has filters for many newsreaders to
get rid of Google Groups spam.


--
Kind regards
Ralph Fox
🦊

ζητεῖτε καὶ εὑρήσετε

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

Hi,

rocco portelli a tapoté le 03/12/2023 20:55:

I noticed they also come from "User-Agent: G2/1.0" so that would work too.

If possible, the best way is the Injection-Info which contains : google-groups.googlegroups.com

But the User-Agent G2/1.0 seems to be only used by google-groups...


--
Stéphane

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On Sun, 3rd Dec 2023 21:46:56 +0100, yamo' wrote:

If possible, the best way is the Injection-Info which contains : google-groups.googlegroups.com

This could be done this way in 40tude Dialog:

!markread,ignore Header {^(Injection-Info: [^.]*.googlegroups.com; posting-host=[0-9.]*; posting-account=)}

By filling out the posting-account in the above example, this filter can be adjusted to a single Googlegroups user.

But the User-Agent G2/1.0 seems to be only used by google-groups...

!move(SPAM) Header Header: "User-Agent: G2/1.0"

This example shows another filter method for 40tude Dialog. It would move fetched messages into a (prior created) SPAM folder. This way, any false positive would stay accessible, if need be.

Bernd

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On Sun, 3rd Dec 2023 14:55:10 -0500, rocco portelli wrote:

A lot of newsgroups are being spammed lately from Google Groups.

When I "Rightclick -> Scoring & actions -> Add plonk rule" on a message in 40tude dialog, it only catches the "From:" but not the message-id which,
for google groups messages ends with "@googlegroups.com"

What's the way to get a filter based on the googlegroups message id?
I noticed they also come from "User-Agent: G2/1.0" so that would work too.

The Scoring&Actions sub-window can be opened from Settings menu as well as
from right mouse menu. It has a "Samples" tab, which (among others) shows
how to filter on Message-ID. The help file has additional information.

Filters can be rather simple ones or more advanced combinations. A bit
more restrictive than filtering everything with Googlegroups Message-ID
would (for example) be:

!markread,ignore From gmail.com +@Message-ID: googlegroups.com

You can (of course) replace "!markread,ignore" with "!delete". The filter
being this broad, it is bound to fetch articles from authors you might wish
to read, though...

Bernd

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On Sun, 3rd Dec 2023 21:46:56 +0100, yamo' wrote:

If possible, the best way is the Injection-Info which contains : google-groups.googlegroups.com

This could be done this way in 40tude Dialog:

!markread,ignore Header {^(Injection-Info: [^.]*.googlegroups.com; posting-host=[0-9.]*; posting-account=)}

By filling out the posting-account in the above example, this filter can be adjusted to a single Googlegroups user.

But the User-Agent G2/1.0 seems to be only used by google-groups...

!move(SPAM) Header "User-Agent: G2/1.0"

This example shows another filter method for 40tude Dialog. It would move fetched messages into a (prior created) SPAM folder. This way, any false positive would stay accessible, if need be.

Bernd

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

yamo' <yamo@beurdin.invalid> wrote:

If possible, the best way is the Injection-Info which contains : google-groups.googlegroups.com

But the User-Agent G2/1.0 seems to be only used by google-groups...

Thank you for suggestiong Dialog filter on the Injection-Info.
This is a typical Injection-Info which has what you said it did.

Injection-Info: google-groups.googlegroups.com; posting-host=202.46.68.61

So that makes three ways:
Message-ID has "@googlegroups.com" in it.
Injection-Info has "google-groups.googlegroups.com" in it.
User-Agent is "G2/1.0" for some reason.

Here is a typical header from a spam just now which seems to be coming from Google (which is then peered by giganews or highwinds who should not peer it).

X-Received: by 2002:ac8:4894:0:b0:423:f359:fba0 with SMTP id i20-20020ac84894000000b00423f359fba0mr347995qtq.6.1701653831937; Sun, 03 Dec 2023 17:37:11 -0800 (PST)
X-Received: by 2002:a05:6870:e9a2:b0:1fa:af89:4072 with SMTP id r34-20020a056870e9a200b001faaf894072mr2538998oao.4.1701653831612; Sun, 03 Dec 2023 17:37:11 -0800 (PST)
Path: sewer!news.mixmin.net!border-2.nntp.ord.giganews.com!nntp.giganews.com!news-out.google.com!nntp.google.com!postnews.google.com!google-groups.googlegroups.com!not-for-mail
Newsgroups: comp.mobile.android
Date: Sun, 3 Dec 2023 17:37:11 -0800 (PST)
Injection-Info: google-groups.googlegroups.com; posting-host=2001:448a:3046:8422:4419:4d88:4e7a:119d; posting-account=m3MsPQoAAACYDDw7X2OqoNHFSUGceIL9
NNTP-Posting-Host: 2001:448a:3046:8422:4419:4d88:4e7a:119d
User-Agent: G2/1.0
MIME-Version: 1.0
Message-ID: <8ced237d-9e18-482e-bc5a-90e8eebe2242n@googlegroups.com>
Subject: [WATCH]! FIVE NIGHTS AT FREDDY'S {2023} FULLMOVIE ONLINE FREE ON STREAMINGS
From: Olar Makin <olarmakin@gmail.com>
Injection-Date: Mon, 04 Dec 2023 01:37:11 +0000
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Lines: 229

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

rocco portelli <roccoportelli@nospam.it> wrote:

[news.software.readers]
!markread,ignore Header {^(Injection-Info: [^.]*.googlegroups.com;posting-host=[0-9.]*; posting-account=)}

I made a mistake.

I thought I had written what I was thinking so let me try again
on only this first section of the previous post (which was missing
what I was thinking to ask).

Can this be used to whitelist people?

[news.software.readers]
!markread,ignore Header {^(Injection-Info: [^.]*.googlegroups.com;posting-host=[0-9.]*; posting-account=)}

If the posting account is in the whitelist, let them through.
Otherwise plonk them.

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

Bernd Rose <b.rose.tmpbox@arcor.de> wrote:

This could be done this way in 40tude Dialog:

!markread,ignore Header {^(Injection-Info: [^.]*.googlegroups.com; posting-host=[0-9.]*; posting-account=)}
By filling out the posting-account in the above example, this filter can be adjusted to a single Googlegroups user.

[news.software.readers]
!markread,ignore Header {^(Injection-Info: [^.]*.googlegroups.com;posting-host=[0-9.]*; posting-account=)}

But the User-Agent G2/1.0 seems to be only used by google-groups...

!move(SPAM) Header "User-Agent: G2/1.0"

I created a folder in the same directory as dialog.exe was in.
mkdir SPAM

I added this to Dialog's "Settings | Scoring & actions" & pressed OK.
[comp.mobile.android]
!move(SPAM) Header "User-Agent: G2/1.0"

Then I opened up to that newsgroup and the SPAM folder was empty.
But spam of the Google Groups type came in so I need to do something more.
But what?

This example shows another filter method for 40tude Dialog. It would move fetched messages into a (prior created) SPAM folder. This way, any false positive would stay accessible, if need be.

Bernd

Is there a way to view those SPAM messages from Dialog or only from Windows?

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On Sun, 3rd Dec 2023 21:34:14 -0500, rocco portelli wrote:

I created a folder in the same directory as dialog.exe was in.
mkdir SPAM

I added this to Dialog's "Settings | Scoring & actions" & pressed OK.
[comp.mobile.android]
!move(SPAM) Header "User-Agent: G2/1.0"

Then I opened up to that newsgroup and the SPAM folder was empty.
But spam of the Google Groups type came in so I need to do something more. But what?

The "SPAM" folder in the above command does /not/ refer to a folder in the
file system, but to a Dialog internal folder. If any message was a hit when
you last checked messages for comp.mobile.android, then this folder should
have been created, automatically. It will appear in last position on the "Subscribed" tab of the groups pane, but can be moved to any other position
and be assigned to any category you may have created.

Folder is a third container object type - alongside mailboxes and groups.
The latter two will usually be filled by receiving/loading messages from
a server. Folders are mostly filled by copy/move operations and therefore
can be used for structured (archive) storage.

That no message went to a folder SPAM in your example has a different
reason, though. The header "User-Agent" is not part of the "Overview"
received when checking for new messages. Therefore, the above filter will
only trigger when loading the bodies of the messages, as well. (Which most likely will /not/ be your intention.)

My first suggestion for your question /will/ work on Overview headers,
though (Message-Id: <1nb97rxoqr2zn.dlg@b.rose.tmpbox.news.arcor.de>).
It therefore does /not/ require loading of bodies. You can alter it to
move suspicious messages to a SPAM folder instead of the suggested "markread,ignore":

!move(SPAM) From gmail.com +@Message-ID: googlegroups.com

The third variant, will only will work when loading bodies, again:

!move(SPAM) Header {^(Injection-Info: [^.]*.googlegroups.com; posting-host=[0-9.]*; posting-account=)}

HTH.
Bernd

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On Sun, 3rd Dec 2023 21:38:12 -0500, rocco portelli wrote:

Can this be used to whitelist people?

[news.software.readers]
!markread,ignore Header {^(Injection-Info: [^.]*.googlegroups.com;posting-host=[0-9.]*; posting-account=)}

If the posting account is in the whitelist, let them through.
Otherwise plonk them.

There are several possible approaches to this matter. They will fail the
most important point, though, as long as they are based on Injection-Info, because this requires the body to be loaded...

A few pointers:

This example will move any message from gmail.com if it has not the
injection info for poster 1234abcd:
!move(SPAM) From gmail.com -@Header: {^(Injection-Info: [^.]*.googlegroups.com; posting-host=[0-9.]*; posting-account=1234abcd)}

It will only work for one (or very few) whitelist entries, though. With a larger whitelist, it would be better to use scoring first:

-10 From gmail.com +@Message-ID: googlegroups.com
+100 Header {^(Injection-Info: .*; posting-account=1234abcd)}
+100 Header {^(Injection-Info: .*; posting-account=9876zyxw)}
!move(SPAM) Score %<0

To use this without loading the bodies, you'd need to find a different
method to identify whitelist posters. (Not injection info, because it
is not part of the basic Overview headers, as I already wrote...)

Bernd

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On Mon, 4th Dec 2023 23:03:51 +0000, Sn!pe wrote:

-10 From gmail.com +@Message-ID: googlegroups.com
+100 Header {^(Injection-Info: .*; posting-account=1234abcd)}
+100 Header {^(Injection-Info: .*; posting-account=9876zyxw)}
!move(SPAM) Score %<0

[...]

There is a basic flaw here: the use of a From: *@gmail address does not necessarily indicate a Google Groups poster. I myself use such an
adddress but I post via Eternal-September. If you killfile on From: in
that way you will get many false positives. IMO it's better to k/f on
Path; Message-ID; Injection-Info; or User-Agent (which last I use successfully).

The filter above only triggers when From is "gmail.com" AND (+@)
Message-Id is "googlegroups.com".

This post is probably futile as I expect that Bernd has me killfiled by
From: address and will not see it.

Apart from the fact, that above filter wouldn't be triggered by your
message, anyway: I don't use that filter, myself. It is just an example
for a possible filter method, that /might/ fit the needs of the OP.

Bernd

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On Mon, 4 Dec 2023 23:03:51 +0000, snipeco.2@gmail.com (Sn!pe) wrote in <1ql8ktj.1sgj62819c82p5N%snipeco.2@gmail.com>:

Bernd Rose <b.rose.tmpbox@arcor.de> wrote:

On Sun, 3rd Dec 2023 21:38:12 -0500, rocco portelli wrote:

Can this be used to whitelist people?

[news.software.readers]
!markread,ignore Header {^(Injection-Info:

[^.]*.googlegroups.com;posting-host=[0-9.]*; posting-account=)}

If the posting account is in the whitelist, let them through.
Otherwise plonk them.

There are several possible approaches to this matter. They will fail
the most important point, though, as long as they are based on
Injection-Info,
because this requires the body to be loaded...

A few pointers:

This example will move any message from gmail.com if it has not the
injection info for poster 1234abcd:
!move(SPAM) From gmail.com -@Header: {^(Injection-Info:

[^.]*.googlegroups.com; posting-host=[0-9.]*; posting-account=1234abcd)}

It will only work for one (or very few) whitelist entries, though. With
a larger whitelist, it would be better to use scoring first:

-10 From gmail.com +@Message-ID: googlegroups.com +100 Header
{^(Injection-Info: .*; posting-account=1234abcd)}
+100 Header {^(Injection-Info: .*; posting-account=9876zyxw)}
!move(SPAM) Score %<0

To use this without loading the bodies, you'd need to find a different
method to identify whitelist posters. (Not injection info, because it
is not part of the basic Overview headers, as I already wrote...)

Bernd

There is a basic flaw here: the use of a From: *@gmail address does not necessarily indicate a Google Groups poster. I myself use such an
adddress but I post via Eternal-September. If you killfile on From: in
that way you will get many false positives. IMO it's better to k/f on
Path; Message-ID; Injection-Info; or User-Agent (which last I use successfully).

This post is probably futile as I expect that Bernd has me killfiled by
From: address and will not see it. Perhaps some kind reader might
followup to this article so he can see it. TIA

I kill on the message-id, because that's in the overview.

--
-v

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On Tue, 5 Dec 2023 06:15:05 +0100, Bernd Rose wrote:

This post is probably futile as I expect that Bernd has me killfiled by
From: address and will not see it.

Apart from the fact, that above filter wouldn't be triggered by your
message, anyway: I don't use that filter, myself. It is just an example
for a possible filter method, that /might/ fit the needs of the OP.

I have to admit, I was shocked that Snipe's post seemed like it came from a normal adult person - as I can't remember the last time he didn't act like
a child on Usenet; so I'd not be surprised if everyone doesn't have him and Snit and Dustin Cook and Rod Speed all in the same shortlist killfile.

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

Bernd Rose <b.rose.tmpbox@arcor.de> wrote:

On Mon, 4th Dec 2023 23:03:51 +0000, Sn!pe wrote:

-10 From gmail.com +@Message-ID: googlegroups.com
+100 Header {^(Injection-Info: .*; posting-account=1234abcd)}
+100 Header {^(Injection-Info: .*; posting-account=9876zyxw)}
!move(SPAM) Score %<0

[...]

There is a basic flaw here: the use of a From: *@gmail address does not necessarily indicate a Google Groups poster. I myself use such an
adddress but I post via Eternal-September. If you killfile on From: in that way you will get many false positives. IMO it's better to k/f on Path; Message-ID; Injection-Info; or User-Agent (which last I use successfully).

The filter above only triggers when From is "gmail.com" AND (+@)
Message-Id is "googlegroups.com".

A user might want to filter on only Message-Id is "googlegroups.com",
because AFAIK one can use a non-gmail.com address to post from Google
Groups. While such a combination is probably not common, it is (AFAIK) possible.

[...]

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

Sn!pe <snipeco.2@gmail.com> wrote:
[...]

Alas, my antediluvian News reader doesn't offer filtration on M-ID or Injection-Info so I must rely on Path or User-Agent. The latter works
well for me and has the effect of a 'mark as read' rule so that it's
easy to backspace up the thread to read it if appropriate.

Bear in mind that I'm a humble luser who lacks the skills to hack what
is otherwise my perfect News reader in the cause of expanding its
filtration capability.

In the past, Stefan Haller (the author of MacSOUP) has been kind enough
to implement a couple of my suggestions. Alas, since MacOS went 64-bit, MacSOUP will no longer run and Stefan has understandably decided not
rewrite it, so it's abandonware. I'm wedded to MacSOUP so I keep a
legacy machine going for the sole purpose of running it.

Perhaps others can comment on whether Leafnode[2] or/and slrn or/and
some other proxy/cache server offer extra filtering functionality which
you could use.

I use Hamster as a proxy/'cache' News server between my newsreader
(tin) and my NSP (News Service Provider). Hamster has Dialog-like and
largely Dialog-compatible scoring/filtering. But Hamster runs on (MS)
Windows, not on a Unix-like OS like your macOS.

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On 5th Dec 2023 14:17:03 GMT, Frank Slootweg wrote:

Hamster has Dialog-like and largely Dialog-compatible scoring/filtering.

Actually, it is the other way round: Hamster predates Dialog. The author
of 40tude Dialog (Marcus Moennig) explicitly based the scoring/filtering
system on the one introduced with Hamster. ;-)

Bernd

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On 5th Dec 2023 14:01:16 GMT, Frank Slootweg wrote:

-10 From gmail.com +@Message-ID: googlegroups.com

[...]

The filter above only triggers when From is "gmail.com" AND (+@)
Message-Id is "googlegroups.com".

A user might want to filter on only Message-Id is "googlegroups.com", because AFAIK one can use a non-gmail.com address to post from Google
Groups. While such a combination is probably not common, it is (AFAIK) possible.

The reasoning behind above filter was two-fold:
1) Higher likelihood for a person /not/ being a Google Groups spammer,
when taking the effort to configure a non-gmail From. (Mind: This
is just a hunch and not an observation based on data-analysis.)
2) Show the OP (and other interested readers) a more advanced filter
example. Simplifying it should be easy. But it may give an idea for
cases, that cannot be solved by the simplest approach.

Bernd

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

Bernd Rose <b.rose.tmpbox@arcor.de> wrote:

On 5th Dec 2023 14:17:03 GMT, Frank Slootweg wrote:

Hamster has Dialog-like and largely Dialog-compatible scoring/filtering.

Actually, it is the other way round: Hamster predates Dialog. The author
of 40tude Dialog (Marcus Moennig) explicitly based the scoring/filtering system on the one introduced with Hamster. ;-)

Thanks for the correction. Makes me even more fond of Hamster! :-)

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On Wed, 6 Dec 2023 17:40:08 +0000, Sn!pe wrote:

Do I know you by a different name, perhaps in another place, Oscar?

Does a cat ring a bell?
Or a pooh bear perhaps?

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)