Expired domain and SPAM!!!

**DimPrawn** · 25 April 2006, 08:19

Yes, 1st step is turn of the catch all email forwarding.

Spammers should be killed. Slowly and painfully.

**MrsGoof** · 25 April 2006, 08:33

Originally posted by cswd

I think dropping them in a pit of broken glass filled with brine should do the trick.

that should apply to all those open relay servers as well.

**DimPrawn** · 25 April 2006, 09:20

Looking at the email (receiving about 100 per minute

)

They all originate from hijacked machines:

Received: from localhost (unknown [222.252.48.134])

Everytime a different IP address from localhost. Reverse DNS puts them all over the world.

**NoddY** · 25 April 2006, 11:09

Originally posted by DimPrawn

Looking at the email (receiving about 100 per minute

)

They all originate from hijacked machines:

Received: from localhost (unknown [222.252.48.134])

Everytime a different IP address from localhost. Reverse DNS puts them all over the world.

There's not much you can do. The email system was designed in a more civilised era. It's trivial to rewrite "From:" fields and "Reply-To:" fields. With regard to the "localhost" issue, it's not really your localhost (127.0.0.X) so it's unlikely you're an open relay.

"Received:" headers in SMTP are 'backwards', so the lowermost ones tell you the relays nearest the source of the spam. Some ISP's put "X-Originating-IP", which should match the lowermost "Received:" header. That will be the source of the spam.

**Cowboy Bob** · 25 April 2006, 11:28

The answer is to run your own mail server/DNS off your office broadband rather than rely on someone else's setup. I find a Linux/Postfix/TinyDNS solution to be the most pain free and its easy on the wallet.

Then just set up Postfix to look up against your choice of DNS blacklists. I find that the one that returns all the dynamic IP addresses kills 95% of spam (most seems to be sent from compromised machines). You can grab the info from http://www.nl.sorbs.net/

The instructions I followed to set this system up are here - http://www.securitysage.com/antispam/intro.html

The best bit is you can specifically block certain domains from ever e-mailing you, e.g. computerpeople.co.uk

**DimPrawn** · 25 April 2006, 15:31

Cowboy Bob.

I think you misunderstand my problem.

My problem is 100's of zombie machines posting spam out to other people with a reply-to that is my domain.

Hence I receive 100's of bounced emails.

It has nothing to do with Linux (yuck - spit - vile crap) and all to do with Joe Jobs (look it up http://www.g4tv.com/techtvvault/feat...e_Joe_Job.html)

PS. As an aside I can't run my own mail server anyway (tried that) as my IP address from my ISP is on a spam list, and any emails I send are bounced back with a report saying I must use my ISP's mail server.

**Cowboy Bob** · 25 April 2006, 16:18

Originally posted by DimPrawn

Cowboy Bob.

I think you misunderstand my problem.

My problem is 100's of zombie machines posting spam out to other people with a reply-to that is my domain.

Hence I receive 100's of bounced emails.

It has nothing to do with Linux (yuck - spit - vile crap) and all to do with Joe Jobs (look it up http://www.g4tv.com/techtvvault/feat...e_Joe_Job.html)

PS. As an aside I can't run my own mail server anyway (tried that) as my IP address from my ISP is on a spam list, and any emails I send are bounced back with a report saying I must use my ISP's mail server.

I think you misunderstand too. You can filter out anything with a suitable regex at the mail server - including bounce messages. Once the storm is over, you can accept bounces again. I've been Joe Jobbed before (after posting to NANAE with a recognisable e-mail address) and that's the course of action I followed.

The only reason I mentioned Linux is because it's cheap and easy to set up - I'm not sure you could follow an MS solution without opening your wallet, and as contractors we both know that spending any money should be a last resort.

As for having a tainted IP address - complain to your ISP. You do have a business broadband package, yes? If they don't do anything, change ISPs.

**DimPrawn** · 25 April 2006, 16:34

I'm being sent bounced emails at a rate of over 100 per minute and it is 24/7

A major spammer is using my domain name.

Here's a sample of my inbox after just a few minutes after clearing it down.

I don't want to change ISP.

It's easier to ditch the domain.

**NoddY** · 25 April 2006, 21:54

Originally posted by DimPrawn

I'm being sent bounced emails at a rate of over 100 per minute and it is 24/7

A major spammer is using my domain name.

....

I don't want to change ISP.

It's easier to ditch the domain.

I don't think you need to ditch the whole domain?

As mentioned before, you'll want to get rid of the catch-all functionality of *.mydomain.com; essentially block all addresses and allow only those you know to be untainted.

Examine carefully which addresses the spammer is masquerading as. For example, if he's setting his forged "Reply-To:" to [email protected] and [email protected] then get your mail server to bounce only those (bouncing the bounces usually) with a 550 (Invalid recipient). Write off those specific addresses. The rest of your domain 'namespace' should be clean and ready to use e.g. [email protected] and [email protected]

Expired domain and SPAM!!!