From: "Sandy Drobic" <suse-linux-e@japantest.homelinux.com> david rankin wrote:
Guys,
How are you handling all of the spam that is being sent to postmaster@ addresses. In order to be RFC compliant, you are supposed to have postmaster active, but since the spammers have now made this a favorite address, how do you handle it? I'm considering blocking it temporarily to generate rejects to see if that helps. Any other thoughts?
Stopping Spam for valid and needed accounts is one of the more difficult challenges of spam fighting.
First you have to analyse what kind of Spam you are inflicted with.
Is is spam from Zombies with dynamic addresses? -> Use according blacklists and greylisting Is it Spam send from free accounts on Webmailers yahoo, msn etc.? much more difficult, that would have to be handled with care. Is it spam send in great numbers from a few clients? -> Use Anvil, policy-restrictions on mail flow.
Uhh. Ok, Sandy, how do I do that? Do you have any good links that I can look out to try and classify where the spam is coming from? Here are the headers of 2 received over night: Return-Path: <natural900@gmail.com> X-Original-To: postmaster@rankin-bertin.com Delivered-To: david@rbpllc.com Received: from PC01 (unknown [219.142.253.248]) by bonza.rbpllc.com (Postfix) with ESMTP id 08D6C6BF90 for <postmaster@rankin-bertin.com>; Tue, 4 Apr 2006 03:13:52 -0500 (CDT) Received: from unknown (HELO alt1.gmail-smtp-in.l.google.com) (64.233.167.27) by PC01 with SMTP; Tue, 4 Apr 2006 16:13:59 -0800 From: "Major Woodruff" <natural900@gmail.com> To: <majordomo@rankin-bertin.com> Subject: Hey man, you ever try pheromones? Date: Tue, 4 Apr 2006 16:13:59 -0800 MIME-Version: 1.0 X-Mailer: Microsoft Office Outlook, Build 11.0.5510 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1106 Thread-Index: Mz4gTwmlyK4kQJ55DfPHGZmw8Bne8S0ktDPV Content-Type: text/html; charset="Windows-1252" Content-Transfer-Encoding: 7bit Message-Id: <20060404081352.08D6C6BF90@bonza.rbpllc.com> Return-Path: <sims.gilboyt19h@gmail.com> X-Original-To: postmaster@rankinlawfirm.com Delivered-To: david@rbpllc.com Received: from CHINESE-3483D2B.yiya4.com (unknown [220.180.234.95]) by bonza.rbpllc.com (Postfix) with ESMTP id A603F6BF90; Tue, 4 Apr 2006 03:14:00 -0500 (CDT) Received: from unknown (HELO gsmtp163.google.com) (64.233.163.27) by CHINESE-3483D2B.yiya4.com with SMTP; Tue, 4 Apr 2006 16:14:00 -0800 From: "Rob Hollis" <sims.gilboyt19h@gmail.com> To: <info@rankinlawfirm.com> Subject: Have you ever tried pheromones? Date: Tue, 4 Apr 2006 16:14:00 -0800 MIME-Version: 1.0 X-Mailer: Microsoft Office Outlook, Build 11.0.5510 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1106 Thread-Index: T2EkBj7smbvzsTxIZz8XCB1K7yo5nJwgbsFv Content-Type: text/html; charset="Windows-1252" Content-Transfer-Encoding: 7bit Message-Id: <20060404081400.A603F6BF90@bonza.rbpllc.com> Looks like the from line is spoofed and that the mail originated from the Chinese site yiya4.com (I'm not an expert at deciphering headers). So how do I approach stopping this stuff? As always, thank you in advance for your insight. -- David C. Rankin, J.D., P.E. RANKIN LAW FIRM, PLLC 510 Ochiltree Street Nacogdoches, Texas 75961 (936) 715-9333 (936) 715-9339 fax www.rankinlawfirm.com --