From: "Sandy Drobic"
david rankin wrote:
Guys,
How are you handling all of the spam that is being sent to postmaster@
addresses. In order to be RFC compliant, you are supposed to have
postmaster
active, but since the spammers have now made this a favorite address, how
do
you handle it? I'm considering blocking it temporarily to generate
rejects
to see if that helps. Any other thoughts?
Stopping Spam for valid and needed accounts is one of the more difficult
challenges of spam fighting.
First you have to analyse what kind of Spam you are inflicted with.
Is is spam from Zombies with dynamic addresses?
-> Use according blacklists and greylisting
Is it Spam send from free accounts on Webmailers yahoo, msn etc.?
much more difficult, that would have to be handled with care.
Is it spam send in great numbers from a few clients?
-> Use Anvil, policy-restrictions on mail flow.
Uhh. Ok, Sandy, how do I do that? Do you have any good links that I can look
out to try and classify where the spam is coming from? Here are the headers
of 2 received over night:
Return-Path:
X-Original-To: postmaster@rankin-bertin.com
Delivered-To: david@rbpllc.com
Received: from PC01 (unknown [219.142.253.248])
by bonza.rbpllc.com (Postfix) with ESMTP id 08D6C6BF90
for ; Tue, 4 Apr 2006 03:13:52 -0500 (CDT)
Received: from unknown (HELO alt1.gmail-smtp-in.l.google.com)
(64.233.167.27)
by PC01 with SMTP; Tue, 4 Apr 2006 16:13:59 -0800
From: "Major Woodruff"
To:
Subject: Hey man, you ever try pheromones?
Date: Tue, 4 Apr 2006 16:13:59 -0800
MIME-Version: 1.0
X-Mailer: Microsoft Office Outlook, Build 11.0.5510
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1106
Thread-Index: Mz4gTwmlyK4kQJ55DfPHGZmw8Bne8S0ktDPV
Content-Type: text/html;
charset="Windows-1252"
Content-Transfer-Encoding: 7bit
Message-Id: <20060404081352.08D6C6BF90@bonza.rbpllc.com>
Return-Path:
X-Original-To: postmaster@rankinlawfirm.com
Delivered-To: david@rbpllc.com
Received: from CHINESE-3483D2B.yiya4.com (unknown [220.180.234.95])
by bonza.rbpllc.com (Postfix) with ESMTP id A603F6BF90;
Tue, 4 Apr 2006 03:14:00 -0500 (CDT)
Received: from unknown (HELO gsmtp163.google.com) (64.233.163.27)
by CHINESE-3483D2B.yiya4.com with SMTP; Tue, 4 Apr 2006
16:14:00 -0800
From: "Rob Hollis"
To:
Subject: Have you ever tried pheromones?
Date: Tue, 4 Apr 2006 16:14:00 -0800
MIME-Version: 1.0
X-Mailer: Microsoft Office Outlook, Build 11.0.5510
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1106
Thread-Index: T2EkBj7smbvzsTxIZz8XCB1K7yo5nJwgbsFv
Content-Type: text/html;
charset="Windows-1252"
Content-Transfer-Encoding: 7bit
Message-Id: <20060404081400.A603F6BF90@bonza.rbpllc.com>
Looks like the from line is spoofed and that the mail originated from
the Chinese site yiya4.com (I'm not an expert at deciphering headers). So
how do I approach stopping this stuff? As always, thank you in advance for
your insight.
--
David C. Rankin, J.D., P.E.
RANKIN LAW FIRM, PLLC
510 Ochiltree Street
Nacogdoches, Texas 75961
(936) 715-9333
(936) 715-9339 fax
www.rankinlawfirm.com
--