[svlug] Bad email

Karsten M. Self kmself at ix.netcom.com
Wed Mar 30 03:25:29 PST 2005


on Tue, Mar 29, 2005 at 12:57:05PM -0500, Skip Evans (skip at venomouspenguin.com) wrote:
> Robert Hajime Lanning wrote:
> ><quote who="Skip Evans">

[Getting lots of spam]

> >Grep for the queue ID. "j2RC8ORJ030415"
> >
> >Sendmail puts different information in different log entries.
> >The only real way to match them up is via the queue ID.

> I am now under the impression this could be worm-spam from a very
> large number of infected machines out there.

Again:  if you can find some source IPs, you can get a better idea of
what you're dealing with.

In particular, there are numerous DNSBLs which deal with email abuse,
including open proxy / open relay lists.  Which may or may not catch the
particular spam you're dealing with.  But given a set of IPs, you can
test against several of the major lists.  Google will turn up several
pages you can enter this into, or a short shell script will do the
trick.
 
> If so, isn't it kind of impossible to block it? This server answers
> email for diamond dealers in NYC and can get legitimate email from
> anyone in the world, so how would you go about sorting out the spam
> from the real?

If you don't mind ingesting it, spamassassin will kill this sort of
thing pretty reliably.


Peace.

-- 
Karsten M. Self <kmself at ix.netcom.com>        http://kmself.home.netcom.com/
 What Part of "Gestalt" don't you understand?
    You're not a user, nitwit.
    - Jeff Waugh, describing GNOME users.
      http://zgp.org/pipermail/linux-elitists/2004-January/008588.html
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : http://lists.svlug.org/archives/svlug/attachments/20050330/35de0138/attachment.bin


More information about the svlug mailing list