On Thursday 05 October 2006 10:44, Jim Flanagan wrote:
Hi all,
I'd like some advise on how to handle worm and phishing emails coming to one user on my postfix server. For about 3 weeks now, Clam-AV is advising that emails have been detected and not delivered due to them containing a worm. In this case it is Worm.Mydoom.M. About 8 to 10 a day are arriving, with ClamAV advising that the trace is to 2 different IP addresses. Ripe shows both to be registered thru an outfit in Paris (La Defense). I sent an email to the listed report-to email address but no reply. The worms keep crawling! I do get similar messages about phishing, but not near as many, and not from the same repeated IP addresses.
Short of hiring a hit man and sending him to Paris there is nothing you can do. Sending complaints is a fools errand, since they are largely ignored by over worked admins of legitimate ISPs and laughed at by admins of the ISPs owned by the spammers. Keep your SA and Clam up to date and ignore what gets through or set up bayes training procedures and feed them back to bayes. You already have good defenses up, with SA and Clam. If your SA is not running razor, get that working system wide, and give it a high score. Enable network tests in SA. If your box is serving up mail to windows machines, then they too should run an Anti Virus, because Clam is not fool-proof. If you are serving mail to your family and friends, then you already have a captive audience who you can educate to NEVER click anything they don't understand, and the method to tell when a phish is a phish as opposed to a REAL letter from their bank. Dont chase spammers. Its a waste of time. -- _____________________________________ John Andersen