[CentOS] please block user

Thu Aug 27 15:35:45 UTC 2015
Valeri Galtsev <galtsev at kicp.uchicago.edu>

On Thu, August 27, 2015 9:29 am, m.roth at 5-cent.us wrote:
> Gary Stainburn wrote:
>> Bad news Guys, they've just moved the emails to somewhere else and have
started again:
> <snip>
>
> A suggestion: there should be a way to filter using *domain* AND
mailhost;
> that is, if emails come from a domain, and through one mailhost, then
block the domain. If many domains, and the same mailhost, only then
block
> the mailhost.

Me too: I started receiving them from different IP (with much longer
delay, so they do add "improvements" to their setup). This IP, has neither
DNS A record nor DNS PTR record, but has DNS MX record. One can use these
(have your MX stop talking to anything having broken DNS records). I
however am tempted to block digitalocean's whole blocks of IP addresses
again (after all, I bet I've seen the whole collection of these images
already ;-). This is not trouble with their customer IMHO. This is trouble
with themselves: how come the IP that is not registered in DNS can have
DNS MX record, and can be accessed by somebody?!

>
> I've been thinking about this since yesterday, when I got back from
vacation, to hear from my manager that he had to screw with mailman,
because we were getting a lot of emails from elsewhere, subscribing to
one
> or more of our lists... and having the target be one of three gmail
accounts - a DDoS against them (and we assume that they're doing it to a
lot of other places).

That is another side of you being famous ;-) We are not, so no one is
trying to abuse somebody else by means of subscribing them to our mail
lists (that said, it would be our list admins who would be abused as all
lists - based on mailman - require approval and confirmation, the last
comes after approval if I remember correctly).

Thanks.
Valeri

>
> Anyway, given the number of times I've been blocked by nixspam (which I
found is run by IX, a German IT mag, and that they don't answer emails
to
> *them*, either), I've been trying to think of a *reasonable* way to
block
> that doesn't do collective punishment to the many domains of a huge
hosting provider, and that's my best thought so far.
>
>          mark
>
> _______________________________________________
> CentOS mailing list
> CentOS at centos.org
> https://lists.centos.org/mailman/listinfo/centos
>


++++++++++++++++++++++++++++++++++++++++
Valeri Galtsev
Sr System Administrator
Department of Astronomy and Astrophysics
Kavli Institute for Cosmological Physics
University of Chicago
Phone: 773-702-4247
++++++++++++++++++++++++++++++++++++++++