HPE Community
Operating System - Linux
1829163 Members
2424 Online
109986 Solutions
New Discussion

Skatter load email spam

 
SOLVED
Go to solution
Vernon Brown_4
Trusted Contributor

‎02-11-2004 04:53 PM

‎02-11-2004 04:53 PM

Skatter load email spam

I'm getting email spam addressed to xxx.myserver.com where xxx equals a simple name like ann, or joe, or bin etc, and myserver is my email server's domain name. Most of the names are not valid users, but some of the names eventually match a valid user.

Now I'm starting to get "email rejected" emails from upstream email servers indicating that emails from these non-existant users was rejected due to various things, among them "file size overflow" etc.

So now the puzzle is:

How does a none user get email relayed when I have relay turned off for anybody who is not a valid user from the local net.

I have set up a virual user named Trash; I have made aliases for each of the email attempts I see coming in directing them to the valid user "trash". Question: Is it better to collect the trash this way or is it better to simply let the "User Unknown" reject happen ???

Thanks for any thoughts or experience !!
0 Kudos
Reply
7 REPLIES 7
Steven E. Protter
Exalted Contributor

‎02-11-2004 05:14 PM

‎02-11-2004 05:14 PM

Solution

Re: Skatter load email spam

Your best bet for a quick drop in incoming spam is to start rejecting mail by not hitting the right name.

To do this you cut down aliases to the bare minimum you need to run your system/domain whatever it is you are doing.

I still get rejects on steven.protter@investmenttool.com in my logs a year after turning it off. It gives me warm feeling inside.

I have an account called spam.

I forward all spam to it and use the scripts I gave you in your other thread to process every IP address in the spam account into access database so they can't email any more.

I'm attaching a copy of the script again.

SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
Reply
Vernon Brown_4
Trusted Contributor

‎02-12-2004 01:33 AM

‎02-12-2004 01:33 AM

Re: Skatter load email spam

Thanks for your response Steven; I'm using your scripts, modified for my environment. Works great !!

Now I'm pondering whether I should collect the spam addressed to non users or reject it as user unknown. If someone were fishing for valid users they could use the user-unknown rejects to polish their list until it contained only valid users.

But after rejecting unknown users for about a week, I didn't see any change in the user-names they tried. Same names; same sequence.

I'll keep working on it.

0 Kudos
Reply
Jerome Henry
Honored Contributor

‎02-12-2004 01:42 AM

‎02-12-2004 01:42 AM

Re: Skatter load email spam

Can be that this time the spam is a robot, not taking into consideration your domain name or users, or an automated worm like mydoom.
But next time ? The less information you give back, the better.
AFAIK

J
You can lean only on what resists you...
Reply
Vernon Brown_4
Trusted Contributor

‎02-12-2004 04:34 AM

‎02-12-2004 04:34 AM

Re: Skatter load email spam

I'm thinking that I might try adding to my aliases the spam names and point them back to domains that they come from. Has anyone tried that ??
0 Kudos
Reply
Steven E. Protter
Exalted Contributor

‎02-12-2004 04:49 AM

‎02-12-2004 04:49 AM

Re: Skatter load email spam

Yes, you should configure all incoming mail that does not have a valid user on your system to bounce with a User unknown.

with proper entries in:

/etc/aliases
/etc/mail/genericstable # no @domainname
/etc/mail/virtusertable # no @domainname

This should be automatic.

Still btw working on the aol problem. I have a whitelist script that detects port 25 violations and puts the user on temporary hold while I research whether or not they should go on the permanent hold list.

I'll post that system up when its ready, though it requires enhanced iptables firewall logging.

SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
Reply
K.C. Chan
Trusted Contributor

‎02-13-2004 02:50 PM

‎02-13-2004 02:50 PM

Re: Skatter load email spam

Have you try spamassassin. I am using and it works great. Herre's the url: http://spamassassin.org
Reputation of a thousand years can be determined by the conduct of an hour
Reply
Vernon Brown_4
Trusted Contributor

‎02-13-2004 03:49 PM

‎02-13-2004 03:49 PM

Re: Skatter load email spam

I downloaded SpamAssassin and will try to get it going tonight.

So far the make went well.

Thanks !!
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.