[CentOS] please block user

Wed Aug 26 21:07:32 UTC 2015
Valeri Galtsev <galtsev at kicp.uchicago.edu>

On Wed, August 26, 2015 2:29 pm, Alice Wonder wrote:
>
>
> On 08/26/2015 12:11 PM, g wrote:
>> On 08/26/15 13:11, Valeri Galtsev wrote:
>>> On Wed, August 26, 2015 12:55 pm, James A. Peltier wrote:
>> <<>>
>> something no one seems to have mentioned, so i will..
>>>> | >> Received: from mx2.loverhearts.com (mx2.loverhearts.com
>> loverhearts.com is a single page that seems to do nothing. and there is
nothing in page source to do anything.
>> validator.w3.org shows 1 error and 1 warning showing that page was
poorly written.
>> so the only harm is spam, which i now have going to my Junk folder. so,
to all of you, i pass along a much more loving 'love' link;
>>    http://lovehearts.com
>> enjoy.
>
> If you look at the SPF record for loverhearts.com (where they are coming
from for me) there are a whole slew of servers permitted to send on
their behalf.

This way you may block good people. SPF records you used are owned by bad
guys: loverhearts.com allows others resend e-mail for themselves, but they
do not need permissions of whomever they add to their SPF records to do
so. In other words, one shouldn't trust anything what is in the records
created by bad guys.

I did nasty thing myself, but what I did at least IMHO is more or less
justified. As I received bad e-mail after Fabian contacted IP block owner
(digitalocean.com; 45.55.0.0/16), then I concluded IP block owner didn't
act promptly on abuse complaint, so I blocked e-mail from this whole block
owned by digitalocean.com IPs. This way their other clients will start
asking their provider questions why their e-mail is being blocked (by
some...)

Just my $0.02

Valeri

>
> So I took all those IP addresses specified and added them to my
> blacklist, it appears spammers are learning that SPF records can be a
path to filter avoidance.
>
> Maybe I'll start blocking any server with an SPF record that includes
more than 5 IP addresses, or servers where any host in the SPF record is
in a DNS blacklist.
> _______________________________________________
> CentOS mailing list
> CentOS at centos.org
> http://lists.centos.org/mailman/listinfo/centos
>


++++++++++++++++++++++++++++++++++++++++
Valeri Galtsev
Sr System Administrator
Department of Astronomy and Astrophysics
Kavli Institute for Cosmological Physics
University of Chicago
Phone: 773-702-4247
++++++++++++++++++++++++++++++++++++++++