Re: [Exim] A pattern of collateral spam

Top Page
Delete this message
Reply to this message
Author: Jez Hancock
Date:  
To: 'Exim users list'
Subject: Re: [Exim] A pattern of collateral spam
On Wed, Aug 13, 2003 at 08:19:14AM -0700, Kevin Reed wrote:
>
> Jez Hancock Said...
>
> > I'm also having a fine time with just a single domain which I
> > no longer use much but still accept mail for a few local
> > users on the domain. It appears the domain has been used on
> > a large scale in forged From: headers and I'm now seeing a
> > massive number of bounces from systems who don't try too hard
> > to check how reliable the mail they accept is - a dozen or so
> > bounces a minute.
>
> I had the same thing happen to a domain that I had which basically made the
> domain useless. There really weren't any users using it at the time but I
> knew I was in for some problems when one morning I got a couple thousand
> bounced messages coming back from messages the spammer had sent using forged
> headers using that domain in them. The bounces were the prelude to what
> ended up to be a bombardment.

My domain is going this way:

116 /var/log/exim/reject.20030805.log:2003-08-05
344 /var/log/exim/reject.20030806.log:2003-08-06
353 /var/log/exim/reject.20030807.log:2003-08-07
250 /var/log/exim/reject.20030808.log:2003-08-08
435 /var/log/exim/reject.20030809.log:2003-08-09
548 /var/log/exim/reject.20030810.log:2003-08-10
3466 /var/log/exim/reject.20030811.log:2003-08-11
419 /var/log/exim/reject.20030812.log:2003-08-12
398 /var/log/exim/reject.20030813.log:2003-08-13

busy day on the 11th :(

> To make matters worse.. The spam was for ... Anti-Spamming software. There
> is no quicker way to piss someone off than to spam them with an ad for
> anti-spamming software.. I started actually getting phone calls from
> people pissed off about the spam all of whom had no idea what Received
> headers were or a clue where mail really comes from.

Luckily this is only a personal domain and only a dyndns domain at that
which I kept on after I got a static connection.

> Since the domain really only had some web stuff attached to it, I made the
> decision to turn off all mail support for it and removed the MX record as
> well. On the main web page I posted a notice about the spam and directed
> vistors to a page that basically explained the story and stated there were
> no valid mail services for the domain. That was about June of last year.
> About 10 days before Christmas, I was approached by a company that was
> interested in the domain for an email campaign... :-) SOLD! Never heard
> back if they had any problems using the domain... Was a good Xmas though.

I think I'm going to go for this actually, I'm fed up with this now,
such a waste of bandwidth. Now I just need to work out how to get
someone to buy it off me for Christmas - any takers??? :P


--
Jez

http://www.munk.nu/