[prev in list] [next in list] [prev in thread] [next in thread] 

List:       freebsd-isp
Subject:    Re: Spam
From:       David Babler <dbabler () Rigel ! orionsys ! com>
Date:       2000-04-01 2:18:35
[Download RAW message or body]



On Fri, 31 Mar 2000, Robert Hough wrote:

> 	I'm trying to figure out how to stop some spam from hitting my site, and 
> have yet to figure it out. From the looks of things, it's like the spam 
> generator being used is basically hitting a mass bulk of my users in an 
> alphabetic approach.

It's usually called a dictionary attack if they're just guessing names and
is pretty inefficient (but hey, the contact is probably a raped Open Relay
anyway, so what does the spammer care?). If the spammed addresses *are*
real, then the list of recipients came either from one of those "5,000,000
Fresh Email Address" CD-ROMs or possibly a previous scan (connect to your
sendmail and issue thousands of guessed VRFY usernames if you have that
enabled).

As to how to stop them, there's a couple of ways. One is to keep on top of
your logs and when you see this start, ban the connecting IP either with
an entry in sendmail's access database or in your firewall rules. The
various realtime blackhole lists, vix.com, mail-abuse.org, orbs.org and so
on can be used if the attacker is a known spam source or open relay, but
that often takes a day or so to get new ones listed.

> Any help would be appreciated in this matter, as this is getting really 
> annoying, and I'm not sure what the deal is. We are running sendmail 8.9.3 
> currently, and yes, and upgrade is on my todo list.

Sendmail 8.9.3 is perfectly capable of blocking this sort of thing using
the access database feature or custom rules. You're also running sendmail
8.9.1 and 8.9.2 on your other mail hosts - sure they didn't relay the spam
through one of your secondary hosts?

-Dave



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-isp" in the body of the message

[prev in list] [next in list] [prev in thread] [next in thread]