Mailinglist Archive: opensuse-security (685 mails)

< Previous Next >
Re: [suse-security] Spamming ...
  • From: Peter van den Heuvel <peter@xxxxxxxxxxxxxxxx>
  • Date: Fri, 01 Mar 2002 11:44:19 +0100
  • Message-id: <3C7F5B83.331E60B8@xxxxxxxxxxxxxxxx>
Yo!

> whois <ip-address> is your friend, here.
Sometimes, but APNIC is a total disaster. More often than not no usefull
info will turn up, including a closer look the apnic.net and (most
notoriousl spammers) nic.or.kr sites, leading to nothing or small
private owned ranges that seem to be completely outta control. A
traceroute is a very laborious method as reverse DNS is (almost?)
non-existent in the pacific rim. It would be nice if the community could
press those reaches of the internet to make some effort to get things
straight.

> > 2) What can I do to stop those spammers ...
I complain quite regularly about spam (if I can find the responsible
parties, am bored and in a faul mood) (note that the text is always
friendly, brief and informative) and what I have got is this:
- Complain to the open relay itself: mostly bounces about
"postmaster@xxxxxxxx mailbox is full", "mailbox does not exist" or
simply no reply.
- Complain to real netblock owner or the upstream provider of an open
relay: have only recently started do do that because of the previous
experience (mostly with cc to relay itself), first results are not too
hopefull.
- Complain to provider of spam sender: mostly auto replies with no
follow-up, but I do get some of those rewarding "we located and
disconnected the offending accounts"; there ARE quite some very decent
providers out there.
- Complain to the provider or real netblock owner of the company that is
being promoted in the spam: here I get the best results, mainly
(guessing) cause the evidence is soo clear. I've already had quite a few
web-sites knocked over, always giving ye that "make my day" feeling :>)

Lets all promise to make at least one serious complaint a week! There's
obviously not enough people that do...

Some things I found out while complaining: be friendly, brief, do
include the full headers, skip all the traceroute and whois info (them
are professional folk and are probably better than yourself), have your
servers NTP synchronized and tell them that and which timezone you're in
(so they can cross-reference their logs).

I think any form of auto complain or auto reject will remain largely a
dream.

One very cool tool I found recently (though I did not use it myself
yet):
http://software.libertine.org/tmda/

< Previous Next >