Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Spam attacks 1

Status
Not open for further replies.
Zathros

Zathros

MIS
Dec 29, 2000
115
US
I just realized someone was spaming our system - to the tune of 7000 emails to one user. I went to /usr/spool/mail and issued a >[user] to erase the file which was .[user].pop. instead of just the user name.

This may not have been the thing to do, but it was all I could think of. Is there a better way to control this?
 
Sort by date Sort by votes
If the spammer has a legit domain name (big IF) you can use your access file
spammer.com DISCARD
Or install SpamAssassin

Cogito Ergo Sum - Non Compos Mentis
 
Upvote 0 Downvote
Thanks! I took a look at spamassasin. I'll need to learn a bit more aobut the installation though. It does look good.

So far, no more emails. The visible domain was yahoo.com, I didn't have time to get into the guts of the header which Im sure would have turned about another domain that still probably wasn't the real one.
 
Upvote 0 Downvote
spamAssassin is not that hard to install esp. if you are running a curent RedHat distro. If you decide to install it here is my .procmailrc recipe I use for spamassassin. There are two basic parts to SpamAssassin, the daemon and the client. (If you are using procmail as your LDA you can use the script below to filter spam email).

SHELL=/bin/sh
FORMAIL=/usr/bin/formail
SENDMAIL=/usr/sbin/sendmail
MAILDIR=/var/spool/mail/username
SPAMC=/usr/bin/spamc

### Invoke 1 instance of spamassassin at a time ###
### Only screen messages smaller than 256k ###
### This will ensure system performance ###
:0fw: spamassassin.lock
* < 256000
| spamc

### Mail scoring rules ###
:0:
* ^X-Spam-Level: \*\*\*\*\*\*\*\*\*\*\*\*\*\*\*
/var/spool/mail/spam

### Tag all mail as spam with a score higher than the set threshold ###
:0:
* ^X-Spam-Status: Yes
/var/spool/mail/spam

### Procmail bug: Any output on stderr will cause the F in From to be dropped. ###
### This will re-add it. ###
:0
* ^^rom [ ]
{
LOG="*** Dropped F off From_ header! Fixing up. "

:0 fhw
| sed -e 'ls/^/F/'
}

### Check for multipart header ###
:0 H
* ^Content-Type: multipart
### Check body for banned attachments ###
{
:0 B
* .*\/name=.*\.(scr|vbs|com|bat|pif|mmc|exe)(")?(\ *|\t*)$
/tmp/filter
}

This recipe will invoke SpamAssassin and place mail tagged as spam in a maildir for evaluation at a later time.
The bottom part of the recipe strips malicious attachments (*.scr, *.vbs etc) and stores them in another directory.

Works well for me.

Cogito Ergo Sum - Non Compos Mentis
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

kabayo
  • Locked
  • Question
newbie question of spam in sendmail
Replies
0
Views
60
kabayo
kabayo
poetimp
  • Locked
  • Question
Trouble with HTo: rule to block spam
Replies
0
Views
41
poetimp
poetimp
spillo3000
  • Locked
  • Question
Spam Block only with sendmail
Replies
3
Views
53
normntwrk
normntwrk
Albion
  • Locked
  • Question
Sendmail Spam Woes 1
Replies
5
Views
46
gb0mb
gb0mb
fzx5v0
  • Locked
  • Question
sendmail and spam assassin
Replies
2
Views
42
fzx5v0
fzx5v0

Part and Inventory Search

Sponsor

Back
Top