On Wed, August 26, 2015 1:12 am, Fabian Arrotin wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > On 25/08/15 23:09, Fabian Arrotin wrote: >> On 25/08/15 20:39, Alice Wonder wrote: >>> julie70773 [at] loverhearts.com >> >>> Responded off-list to message on the list, spam with content >>> that is not suitable for minors. >> >>> It is possible subscribed under different address. >> >>> IP of offending spam : >> >>> Received: from mx2.loverhearts.com (mx2.loverhearts.com >>> [45.55.128.151]) (using TLSv1.2 with cipher >>> ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client >>> certificate requested) by mail.domblogger.net (Postfix) with >>> ESMTPS id C4871C5B for <alice at domblogger.net>; Tue, 25 Aug 2015 >>> 18:29:11 +0000 (UTC) >> >> Thanks for the notification, and for not having forwarded the mail >> to the list (which some people did on other lists ...) Please note >> that such user (or multiple ones from that domain) isn't/aren't >> subscribed to the list. In fact, I see a bunch of mails rejected at >> our level, from that domain, but from a *bunch* of different IP >> addresses, and so directly bounced back .. It seems someone/some >> bot is tracking the mail lists and answering to both the reply-to >> *and* the originator (but bounced by mailman, so no mail on the >> list[s]) >> >> Under investigation to see how to help stopping the flood, even if >> not originating from/passing through the centos.org servers ... >> > > Just a quick status update : we've identified (from the mails > bounced/rejected by our server) 14 IPs addresses used to send those > mails. All those IPs are originating from DigitalOcean, so we reported > the abuse so that they can investigate on their side. > Thanks a lot! The most difficult part of this I noticed is to make sure they responded with report of what discovered and which actions were taken, and if this didn't happen to have the whole block of IPs registered to them blocked off (at least this is what I am doing where I can). Valeri ++++++++++++++++++++++++++++++++++++++++ Valeri Galtsev Sr System Administrator Department of Astronomy and Astrophysics Kavli Institute for Cosmological Physics University of Chicago Phone: 773-702-4247 ++++++++++++++++++++++++++++++++++++++++