[CentOS] my spammer list

Fri Mar 30 03:26:45 UTC 2012
Nataraj <incoming-centos at rjl.com>

On 03/29/2012 03:00 PM, Bob Hoffman wrote:
> Hello,
> Thanks to some nice people on here and other forums I have pretty much 
> finalized my whole mail system on centos 6.x.
>
> With all the checks, greylisting, dev/null of any 8+ spam level SA, I 
> still get a few mails.
>
> It seems like everytime I enable a new protectant, the mail stops 
> spamming for a few hours...then the spammers decide I am worthy of using 
> better methods against me..and more come. LOL.
>
> I am down to just 10-15 a day.
> Anything that gets through all that I set up now goes to a spammers list 
> that I add to the access file of postfix.
>
> http://bobhoffman.com/spammers.html
>
> that is the link to my list. I am trying to sort them out into 
> political, real estate, bulk spammers, etc.
> The worst part is the bulk emailers are not on any black list. It is 
> very hard to find their mail MX until they actually send you one.
> Many will be blocked, then a new alternate of theirs comes through.
>
> I could not find a list of bulk commercial spammers so I thought I would 
> start one. As I progress it will become more defined, but right now a 
> big list with some categories after it.
>
> Hope it helps.
> _______________________________________________
> CentOS mailing list
> CentOS at centos.org
> http://lists.centos.org/mailman/listinfo/centos
You won't be able to track them easily because they hop around from
network to network.  Sometimes I can recognize them by seeing the same
spams repeatedly, also, different IP addresses connecting and guessing
passwords for the same list of users.  But I rarely get those anymore
since I have blocked pop/imap logins from outside of the US.

You can report them to spamcop.net and that may help to provide some
incentive for ISPs to kick spammers off their network.

The way that I finally got rid of all the residual spam that makes it
through greylisting, SPF, spamassassin, clamav is to handout unique mail
addresses and use black/whitelists.  So for example if I assign an email
address for incoming mail from a mailing list and then setup a whitelist
entry that only allows that address to receive email from the
mailservers that serve that mailing list and then blacklist all other
incoming mail to that address it is very effective.  With a decent
whitelist/blacklist tool it's fairly easy to implement.  I used to get
literally hundreds of spams a day and now I probably average about 2 per
week.

You can also get on the spamassassin mailing list and add more plugins
and work on tuning the spamassassin config.   You can also play with
sa-learn.  For me though the black/whitelisting works quite well.


Nataraj