[BUGS] incoming mail since about begining of april
Sh4d03
mlists at shadow-security.net
Tue Apr 8 15:58:59 EST 2008
Andrew Reilly wrote:
> Hi Jonathan,
>
> On Tue, Apr 08, 2008 at 03:03:26PM +1000, jonathan michaels wrote:
>
>> i have noticed an increase of incoming "spam" reports, stuff
>> addressed to mailer-deamon, postmaster etc, etc, a whole lot of
>> similar type 'admin' addresses.
>>
>> it is like somebody turned on a mains faucet, many, many, hundreds
>> per day .. grrr.
>>
>> is anybody else seeing something like this ?? it started as a
>> small trickle on teh 1st april and by teh 3rd/4th it was
>> flooding in.
>>
>
> Yep, me too. My spam has bumped up to about 10000/day, and most
> annoyingly, about five or six an hour are getting past my spam
> filter and into my inbox.
>
> Most of it that I'm seeing seems to be bounce messages from
> badly configured (even though it would have been "correctly
> configured" ten years ago) MTAs, to spam messages with one of my
> e-mail addresses as the forged sender and/or From address.
>
> It's very annoying. In the past, this sort of thing just went
> away by itself after a while, but it doesn't seem to be slowing
> down this time.
>
>
>> it looks like i'm going to have to find a decent bit of
>> hardware that is freebsd v7 compliant and enough grunt to run
>> some sort of a spam trap/stutering/rfc-2??? to stop this from
>> getting here at all.
>>
>
> Your current mail system isn't up to it?
>
>
>> comments/ideas/pointers appreciated.
>>
>
> I'm open to suggestions myself, but I don't fancy changing my
> mail addresses and domain names just to get off someone's spam
> list. That's not a long-term solution.
>
> Cheers,
>
>
My two cents,
While I've not yet experienced this storm on my own mail server, the
server at work copped a wash of it and is only just beginning to settle
down again.
On the rare occasion I do receive such E-mail on my own server they
rarely manage to get through my filter. I will check when I next receive
some regarding which filtering rules/techniques are preventing them. In
the interest of helping is there a method by which a
mailer-daemon/failure message can be cross checked to sent E-mails? The
biggest complication with this is that an E-mail can be sent via any
server(s) and (most often) the POP3 server for the sending address is
*not* the SMTP server for the same as SMTP is generally configured as
the user's ISP.
As a temporary measure, blocking all failure-like E-mails would prevent
the 1000+ messages you unfortunate souls are receiving, but is hardly
practical long term.
SPF needs to be configured on *all* servers involved in the transmission
and so isn't really an option in your case either.
I guess I don't really have much to suggest until I can provide
information on why such E-mails are blocked at my filter, yet the
legitimate bounces still flow in.
Reading back over the original message, perhaps you're not referring to
bounce-back notifications, rather false reports sent to theoretical
Admin personnel - a type of Spam I've not yet experienced.
Kind Regards,
Sh4d03
More information about the BUGS
mailing list