Index: [Article Count Order] [Thread]

Date:  Tue, 17 Feb 2009 19:27:17 -0500
From:  "Lucas Peyatt - Ohio Web Hosting & Development" <bluequartz (at mark) ohiowebhosting.net>
Subject:  [coba-e:15102] Re: Spam Problem
To:  coba-e (at mark) bluequartz.org
Message-Id:  <20090218002611.M3116 (at mark) ohiowebhosting.net>
In-Reply-To:  <200902180051.n1I0p6U0020668 (at mark) ana.xnet.com.mx>
References:  <35101.43898.qm (at mark) web65614.mail.ac4.yahoo.com> <200902180051.n1I0p6U0020668 (at mark) ana.xnet.com.mx>
X-Mail-Count: 15102

I was and am still looking for a rule that, if mail is addressed to me and it 
did not originate from x server, then mark it as spam, a SPF record may be of 
use in that case, as mail from myself would only come from the server.

On Tue, 17 Feb 2009 17:06:39 -0700, Rodrigo Ordonez Licona wrote
> Thanks for answering Dan,
> 
> Checked the offending Ips for dnsbl lists on the website,
> 
> The older ones (a week or so) appear on some (3-10 blacklists)
> 
> The newer ones(a day or two) appear in only one, Which is one of the
> spamhaus Blacklist
> 
> Which in my opinion is too strict (blocks legitimate addresses and 
> whole isp blocks)
> 
> I actually have a few of the spamhaus BL al ready configured.
> 
> My problem seems to be a "mano a mano" fight with a single spammer (emails
> are the same)
> 
> Just for everyone to know, that in the current setup:
> 
>  to mail yourself is a possible vector for spam.
> 
> Will meditate your suggestion about living with spam, but I think there
> might be some 
> sendmail.mc rules that might hit a nail or two with this issue...
> 
> I'll do some research and come back for more help for sure...
> 
> Thanks for your patience.
> 
> Regards
> 
> Rodrigo O
> Xnet
> 
> ==========================================
> 
> telnet mydomain.com 25
> ehlo server
> mail from:validuser (at mark) mydomain.com
> 250 2.1.0 validuser (at mark) mydomain.com... Sender ok 
> rcpt to:validuser (at mark) mydomain.com 
> 250 2.1.0 validuser (at mark) mydomain.com... Sender ok 
> data
> 354 Enter mail, end with "." on a line by itself
> 
> Put spam here
> 
> .
> 250 2.0.0 n1GHbxs2003114 Message accepted for delivery
> 
> Where validuser (at mark) mydomain.com is a user created on the server 
> And mydomain.com is a domain hosted on the server.
> ===========================================
> 
> -----Original Message-----
> From: Dan Kriwitsky [mailto:webhosting (at mark) yahoo.com] 
> Sent: Martes, 17 de Febrero de 2009 01:28
> To: coba-e (at mark) bluequartz.org
> Subject: [coba-e:15099] Re: Spam Problem
> 
> --- On Tue, 2/17/09, Rodrigo Ordonez Licona <rodrigo (at mark) xnet.com.mx> wrote:
> 
> > The semi-solution  (I would call it an aspirin) is to remove your own 
> > addresses and domain names from the whitelist,
> 
> Ah, you're running SpamAssassin?
> 
> > 
> >  in which case will trap incoming spam,
> > 
> > but the email would have been received anyhow
> 
> Only blocking during SMTP stops the mail from being received. DNSBL 
> are good for that.
> 
> > DNS BL are not very useful in my case I actually used them to no 
> > avail, I tried to block ISPs Ip adresses blocks from the offending 
> > spammers however their IP/server database seemed to be unlimited (3 
> > weeks of daily blocking new ip ranges and domains-- "maybe try harder 
> > is the suggestion for now" ), and spam from different regions of the 
> > world, from valid companies and valid hosting providers kept coming 
> > in.
> 
> I guess it depends on what DNSBL you use. Run some of the IP's past
> http://www.dnsbl.info/dnsbl-database-check.php and see if there might 
> be a better DNSBL that is catching these spammers before they hit you.
> 
> > So its spamassassin's call now, (the cost on our cpu cycles for now.)
> 
> It's pretty impossible not to receive no spam unless you just unplug 
> the server. Spam is a fact of life.
> 
> --
> Dan Kriwitsky


--
Lucas Peyatt
Ohio Web Hosting & Development
lucas (at mark) ohiowebhosting.net
www.ohiowebhosting.net
937.969.4476 dayton
614.441.8169 columbus
513.258.2376 cincinnati
206.350.1292 facsimile