[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: [cobalt-users] maillog shows email being sent from admin@localhost
- Subject: RE: [cobalt-users] maillog shows email being sent from admin@localhost
- From: "Dan Kriwitsky" <list1@xxxxxxxxxxxxxxxxxxxx>
- Date: Tue Apr 9 03:24:25 2002
- List-id: Mailing list for users to share thoughts on Cobalt products. <cobalt-users.list.cobalt.com>
> I had a situation on a site this past winter where, for
> reasons unknown to me, one or more spammers used non-existent
> addresses at a domain I managed as the <FROM> on their mass
> mailings. While not exploiting/compromising my system, it
> created a HUGE amount of mail. At first there was a defined
> catch-all so that account was getting 20k messages/day. Once
> that was deleted, there was still a traffic penalty with all
> the garbage trying to come back. Since the messages were
> bounce messages, they came from mail servers all over, not
> the spammers! I inspected messages and notified admins where
> I could trace the original message back via the headers, as
> well as contacting the companies in the content of the
> messages (who generally hire someone to do their dirty work)
> and provided the response-code embedded in the links to give
> credit to the spammer for a successful hit. After about a
> week, they moved on...maybe snuffed, maybe satisfied with the
> havoc they had caused, maybe just moved on before I began a
> crusade...AFAIK there is no way to stop this type of
> mischief. Piping to /dev/null still takes a bandwidth
> penalty on your site...
>
One of the best reasons not to have a catch-all. Do a search for spam
and flowers.com. They successfully sued a spammer forging their domain
as the reply.
--
Dan Kriwitsky