[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[cobalt-users] Spam
- Subject: [cobalt-users] Spam
- From: Jerry Jackson <worryfreemail@xxxxxxxxx>
- Date: Fri Mar 8 14:45:07 2002
- List-id: Mailing list for users to share thoughts on Cobalt products. <cobalt-users.list.cobalt.com>
We are receiving SPAM addressed to Undisclosed.Recipient @DomainName.com. Is
there a way to stop this?
Ron
--__--__--
Ron, here's what I do. Reveal headers on the SPAM and note the IP
address(s) and domain name(s) of the source and relay server. These are
listed on the lines beginning with "Received:". The source is on the
bottom, in this case 63.10.156.132 and it was relayed through wanadoo.fr
217.109.166.8. You can block these sources and relay points and even entire
networks by adding entries to the file "/etc/mail/access" . Also note that
the real sources are always in parentheses and brackets while forged
sources, like in this case "arabia.com" and "outblaze.com" may not be.
Received: from server02.wanadoo.fr ([217.109.166.8])
by www.rons-domain.net (8.10.2/8.10.2) with ESMTP id g278mSW04880
for <ron@xxxxxxxxxxxxxxx>; Thu, 7 Mar 2002 03:48:28 -0500
Received: from mail.corp.arabia.com (1Cust132.tnt1.lafayette.la.da.uu.net
[63.10.156.132]) by server02.wanadoo.fr with SMTP (Microsoft Exchange
Internet Mail Service Version 5.5.2650.21)
id 1PFZ84KH; Thu, 7 Mar 2002 09:40:10 +0100
Message-ID: <000051fc60d0$00003cfc$00002cfb@xxxxxxxxxxxxxxxxxxxxxxxx>
To: <Undisclosed.Recipients>
Make your additions as root to "access" at the bottom of the file. In this
case, you may want to make entries like this...
wanadoo.fr 550 Mail Rejected Due To SPAM
217.109.166.8 550 Mail Rejected Due To SPAM
You can put any message you want after the "550". Then set back and monitor
your "/var/log/maillog" and see your special message every time some vermin
was rejected.
Note that you can also block out huge IP blocks by using partial IPs. I use
arin.net to refine how deep I want to cut...
217.1 550 We Don't Accept Spam From Your Chunk of Europe!
217. 550 Oops, we're blocking a lot of Americans now too.
After you edit "access" and save your changes, you need to makemap access...
makemap hash /etc/mail/access < /etc/mail/access
--
Jerry Jackson
worryfreemail@xxxxxxxxx
_________________________________________________________
Do You Yahoo!?
Get your free @yahoo.com address at http://mail.yahoo.com