[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [cobalt-users] Raq2 / any cobalt Sendmail Spam

Subject: Re: [cobalt-users] Raq2 / any cobalt Sendmail Spam
From: "Edward Bishop" <eddie@xxxxxxxxxxxxxxxx>
Date: Sun Jan 27 06:14:03 2002
List-id: Mailing list for users to share thoughts on Cobalt products. <cobalt-users.list.cobalt.com>

> "William Moore" <bmoore@xxxxxxxxxxxxxxxxx> wrote:
> > my customers on a few machines have been recieving a lot of email porn
> spam.
> > They are on a Raq2, is there anyway to filter it out before it gets to
> thier
> > email boxes ?
>
> There are a lot of solutions.  I'll name a few.  You can check IP
addresses
> against an ORBS-derivative database (there are plenty of them like ordb,
> orbz, etc.).  These databases maintain lists of machines by IP that act as
> open SMTP relays.  Open SMTP relays are used by the bulk of spammers.  You
> can setup procmail rules to filter out messages that match rules so they
> don't end up in your users' in-box.  SpamBouncer is an open source program
> that consists of already established procmail rules and is a product I
> recommend.  See http://www.spambouncer.org/.
>
> --
> Steve Werby

Further to Steve's definitive answer, I thought it might be worth mentioning
the best-known "quick fix" approach.

Find the domain the spam is coming from (in maillog) and add a line to the
bottom of /etc/mail/access to reject it. Here are a few example lines from
my file:

goldenpalace.com          500 Spam rejected
yesmail.com                   500 Get stuffed spammer
optin-offers.net               DISCARD

(Use a single tab between the two sides, not spaces)

Then do

makemap hash /etc/mail/access < /etc/mail/access
newaliases

The first two include the message ("Spam rejected") in the reject message
sent back to the source server. The last one just dumps it and the other
server thinks it's been delivered.

Every time I see a spam I add a line like this. It makes me feel better
looking at maillog and seeing them all getting bounced. Only trouble is it
doesn't put them off - they just keep coming, and of course spammers give
addresses to other spammers so my file is growing steadily.

Another worthy activity is to see to what address the spammer is asking
spammed users to reply. A lot of the worst low-life spammers use yahoo or
hotmail addresses etc. If so, send the whole spam including headers to eg
abuse@xxxxxxxxx and they will delete that address making the spammer's life
a little more difficult.

This whole subject is well covered elsewhere (www.spamcop.com is a good
starting point) but I thought a very basic intro might be helpful to the
original poster and other newbies (and maybe start a useful
discussion/argument!)

--
Eddie Bishop

Follow-Ups:
- Re: [cobalt-users] Raq2 / any cobalt Sendmail Spam
  - From: BT
- [cobalt-users] CMU - RaQ 4 to RaQ 3
  - From: Shailes

References:
- Re: [cobalt-users] remove slash
  - From: E.B. Dreger
- [cobalt-users] Raq2 / any cobalt Sendmail Spam
  - From: William Moore
- Re: [cobalt-users] Raq2 / any cobalt Sendmail Spam
  - From: Steve Werby

Prev by Date: [cobalt-users] PHP3.0.16 on RaQ2
Next by Date: Re: [cobalt-users] Raq2 / any cobalt Sendmail Spam
Previous by thread: Re: [cobalt-users] Raq2 / any cobalt Sendmail Spam
Next by thread: Re: [cobalt-users] Raq2 / any cobalt Sendmail Spam

Sun Cobalt Users Message Index

Sun Cobalt Users Thread Index