Mailinglist Archive: opensuse (3337 mails)

< Previous Next >
Re: [SLE] Stopping spam to postmaster@ account?
From: "Sandy Drobic" <suse-linux-e@xxxxxxxxxxxxxxxxxxxxxxx>
david rankin wrote:
Guys,

How are you handling all of the spam that is being sent to postmaster@
addresses. In order to be RFC compliant, you are supposed to have postmaster
active, but since the spammers have now made this a favorite address, how do
you handle it? I'm considering blocking it temporarily to generate rejects
to see if that helps. Any other thoughts?

Stopping Spam for valid and needed accounts is one of the more difficult challenges of spam fighting.

First you have to analyse what kind of Spam you are inflicted with.

Is is spam from Zombies with dynamic addresses?
-> Use according blacklists and greylisting
Is it Spam send from free accounts on Webmailers yahoo, msn etc.?
much more difficult, that would have to be handled with care.
Is it spam send in great numbers from a few clients?
-> Use Anvil, policy-restrictions on mail flow.


Uhh. Ok, Sandy, how do I do that? Do you have any good links that I can look out to try and classify where the spam is coming from? Here are the headers of 2 received over night:

Return-Path: <natural900@xxxxxxxxx>
X-Original-To: postmaster@xxxxxxxxxxxxxxxxx
Delivered-To: david@xxxxxxxxxx
Received: from PC01 (unknown [219.142.253.248])
by bonza.rbpllc.com (Postfix) with ESMTP id 08D6C6BF90
for <postmaster@xxxxxxxxxxxxxxxxx>; Tue, 4 Apr 2006 03:13:52 -0500 (CDT)
Received: from unknown (HELO alt1.gmail-smtp-in.l.google.com) (64.233.167.27)
by PC01 with SMTP; Tue, 4 Apr 2006 16:13:59 -0800
From: "Major Woodruff" <natural900@xxxxxxxxx>
To: <majordomo@xxxxxxxxxxxxxxxxx>
Subject: Hey man, you ever try pheromones?
Date: Tue, 4 Apr 2006 16:13:59 -0800
MIME-Version: 1.0
X-Mailer: Microsoft Office Outlook, Build 11.0.5510
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1106
Thread-Index: Mz4gTwmlyK4kQJ55DfPHGZmw8Bne8S0ktDPV
Content-Type: text/html;
charset="Windows-1252"
Content-Transfer-Encoding: 7bit
Message-Id: <20060404081352.08D6C6BF90@xxxxxxxxxxxxxxxx>


Return-Path: <sims.gilboyt19h@xxxxxxxxx>
X-Original-To: postmaster@xxxxxxxxxxxxxxxxx
Delivered-To: david@xxxxxxxxxx
Received: from CHINESE-3483D2B.yiya4.com (unknown [220.180.234.95])
by bonza.rbpllc.com (Postfix) with ESMTP id A603F6BF90;
Tue, 4 Apr 2006 03:14:00 -0500 (CDT)
Received: from unknown (HELO gsmtp163.google.com) (64.233.163.27)
by CHINESE-3483D2B.yiya4.com with SMTP; Tue, 4 Apr 2006 16:14:00 -0800
From: "Rob Hollis" <sims.gilboyt19h@xxxxxxxxx>
To: <info@xxxxxxxxxxxxxxxxx>
Subject: Have you ever tried pheromones?
Date: Tue, 4 Apr 2006 16:14:00 -0800
MIME-Version: 1.0
X-Mailer: Microsoft Office Outlook, Build 11.0.5510
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1106
Thread-Index: T2EkBj7smbvzsTxIZz8XCB1K7yo5nJwgbsFv
Content-Type: text/html;
charset="Windows-1252"
Content-Transfer-Encoding: 7bit
Message-Id: <20060404081400.A603F6BF90@xxxxxxxxxxxxxxxx>

Looks like the from line is spoofed and that the mail originated from the Chinese site yiya4.com (I'm not an expert at deciphering headers). So how do I approach stopping this stuff? As always, thank you in advance for your insight.


--
David C. Rankin, J.D., P.E.
RANKIN LAW FIRM, PLLC
510 Ochiltree Street
Nacogdoches, Texas 75961
(936) 715-9333
(936) 715-9339 fax
www.rankinlawfirm.com
--


< Previous Next >
Follow Ups