On Fri, August 28, 2015 4:28 pm, John R Pierce wrote:
On 8/28/2015 2:21 PM, Tim Dunphy wrote:
Here's the headers for one of the spam responses I got from the list:
from:Tracytracy12614@safeloves.comreply-to:tracy12614@safeloves.com to:Tim Dunphybluethundr@gmail.com date:Fri, Aug 28, 2015 at 2:19 PMsubject:Re: [CentOS] apache mysterious 404 errormailed-by:safeloves.comsigned-by:safeloves.com:Important mainly because it was sent directly to you.
Please let me know if that's not what you're looking for!
typically, you need the 'recieved from' headers so we can tell where it entered your mail system to block spammers.
Well, this is second discussion on this subject during last fortnight, and I felt to stay away from it... But I just would add one thing. Blocking originator of messages as John suggests, will work. The only thing about it is: these are single IP domains, and one can easily keep registering new ones, and this is all doable withing the frame digitalocean's (the IP block owner) business model. Attempting to fight on per one case basis with something that can be scripted on the bad guys' side I found counter productive. The only way I've found in the past that is not total waste of my time is: block e-mail from the whole block of IPs of that provider.
This can be done on the side of those being abused. Nothing as a mater of fact can be done on the side of CentOS, and I really regret us wasting Fabian's precious time on this. This is however really serious decision, as you may block some of domains hosted at digitalocean your users may need to communicate with. So, use your own judgement and caution. Grepping your mail logs for long time back is advisable, but by no means can be sufficient for sane decision. Contacting digitalocean with complaints, hm..., though is right thing to do, but quite unlikely will lead to them identifying the "person" and dealing with that person with whole seriousness. IMHO, this last doesn't fit into their business model.
Just my $0.02
Valeri
++++++++++++++++++++++++++++++++++++++++ Valeri Galtsev Sr System Administrator Department of Astronomy and Astrophysics Kavli Institute for Cosmological Physics University of Chicago Phone: 773-702-4247 ++++++++++++++++++++++++++++++++++++++++