[CentOS] my spammer list

Fri Mar 30 18:38:54 UTC 2012
Nataraj <incoming-centos at rjl.com>

On 03/30/2012 04:48 AM, Markus Falb wrote:
> On 30.3.2012 05:26, Nataraj wrote:
>
>> The way that I finally got rid of all the residual spam that makes it
>> through greylisting, SPF, spamassassin, clamav is to handout unique mail
>> addresses and use black/whitelists.  So for example if I assign an email
>> address for incoming mail from a mailing list and then setup a whitelist
>> entry that only allows that address to receive email from the
>> mailservers that serve that mailing list and then blacklist all other
>> incoming mail to that address it is very effective.
> But how to tell which mailservers are "serving" that mailing list?
> That's the thing SPF or similar is supposed to do, isn't it? Don't tell
> me you are looking at the MX Records! Incoming and Outgoing Mailservers
> are not the same necessarily.
>
>
> _______________________________________________
> CentOS mailing list
> CentOS at centos.org
> http://lists.centos.org/mailman/listinfo/centos

My white/blacklisting software happens to allow regular expressions as
well as IP addresses and has the capability to match on one or more of
the following fields in the message:

envelope sender
envelope recipient
helo name
remote IP address
Remote hostname


When it matches on remote hostname, it does a reverse dns lookup.  I
already have my mailserver configured so that It will not accept mail
from any site for which the forward and reverse dns entries do not
match.  So I can create a whitelist entry which allows  .*\.centos\.org
or .*@centos\.org.

Yes, it limits the ability for people to contact me off list, but people
that need to reach me seem to find a way.  There is a price for
everything.  If you happen to own a 3 letter domain name that was around
from the days of the original arpanet, and you have had a bad enough
spam problem, then it may be worthwhile to pay that price.  I am on a
fair number of mailing lists and find that spammers do harvest addresses
on these lists.

Generally when I join a new list, I just create the unique email
address, but don't do the whitelist/blacklist thing until I start seeing
spam to that address, so I can tell which lists or people that I gave my
email address too was harvested or leaked.

I've see my email address leaked to spammers from presumably secure
sites like major banks and financial institutions, various websites
where I've made online purchases, etc.  It is unbelievable how insecure
these supposedly secure sites are.  On two occasions I reported to a
major financial institution that they had leaked my email address and
after several months got back a notice that they had found that the
security of their systems had been compromised, but assured me that it
affected only my email address and not my bank account or other personal
information.

Yes it is the case that I generally do not recommend this technique to
inexperienced user.  For my users I do the best I can with greylisting,
spamassassin, etc.  For users who do not highly publicize their email
address this is usually enough.  I have one client though that
advertises their customer service email address and has a massive spam
problem.  I told them that the best way to solve that was to create a
properly designed web page for customer service requests that was
protected from automated submission methods.

There are also tools that implement auto-whitelisting, that will send
out an auto-response requiring the user to send back a confirmation or
click on a web page and be automatically whitelisted.  Some people are
strongly opposed to this method because it will generate more spam to
what ever return address is given in the spam that you do receive.  This
would not work so well for things like receiving a confirmation message
for your online purchase from amazon.com.

Nataraj




Nataraj