[CentOS] camgirl spam on the list

Fri Aug 28 22:00:29 UTC 2015
Valeri Galtsev <galtsev at kicp.uchicago.edu>

On Fri, August 28, 2015 4:28 pm, John R Pierce wrote:
> On 8/28/2015 2:21 PM, Tim Dunphy wrote:
>> Here's the headers for one of the spam responses I got from the list:
>>
>> from:Tracy<tracy12614 at safeloves.com>reply-to:tracy12614 at safeloves.com
>> to:Tim Dunphy<bluethundr at gmail.com>
>> date:Fri, Aug 28, 2015 at 2:19 PMsubject:Re: [CentOS] apache mysterious
>> 404
>> errormailed-by:safeloves.comsigned-by:safeloves.com:Important mainly
>> because it was sent directly to you.
>>
>> Please let me know if that's not what you're looking for!
>
> typically, you need the 'recieved from' headers so we can tell where it
> entered your mail system to block spammers.
>

Well, this is second discussion on this subject during last fortnight, and
I felt to stay away from it... But I just would add one thing. Blocking
originator of messages as John suggests, will work. The only thing about
it is: these are single IP domains, and one can easily keep registering
new ones, and this is all doable withing the frame digitalocean's (the IP
block owner) business model. Attempting to fight on per one case basis
with something that can be scripted on the bad guys' side I found counter
productive. The only way I've found in the past that is not total waste of
my time is: block e-mail from the whole block of IPs of that provider.

This can be done on the side of those being abused. Nothing as a mater of
fact can be done on the side of CentOS, and I really regret us wasting
Fabian's precious time on this. This is however really serious decision,
as you may block some of domains hosted at digitalocean your users may
need to communicate with. So, use your own judgement and caution. Grepping
your mail logs for long time back is advisable, but by no means can be
sufficient for sane decision. Contacting digitalocean with complaints,
hm..., though is right thing to do, but quite unlikely will lead to them
identifying the "person" and dealing with that person with whole
seriousness. IMHO, this last doesn't fit into their business model.

Just my $0.02

Valeri

++++++++++++++++++++++++++++++++++++++++
Valeri Galtsev
Sr System Administrator
Department of Astronomy and Astrophysics
Kavli Institute for Cosmological Physics
University of Chicago
Phone: 773-702-4247
++++++++++++++++++++++++++++++++++++++++