On Thursday 02 October 2003 08:25 pm, [EMAIL PROTECTED] wrote: > lorne said: > > On Thursday 02 October 2003 11:48 am, HaywireMac wrote: > >> On Thu, 2 Oct 2003 11:30:50 -0700 (PDT) > >> > >> [EMAIL PROTECTED] uttered: > >> > I want to be able to setup an email 'bounce' from my server. > >> > >> I > >> > >> > want to be able to setup a black list which would reside on > >> > >> the > >> > >> > server and contain certain email addresses or domains which > >> > >> upon > >> > >> > receipt, would bounce right back to them with a custom > >> > >> message. > >> > >> and generate even *more* unnecessary traffic on the 'net! Yeeha! > > > > A friend of mine has set up a tar pit type system. When he gets a > > message > > identified as spam, he holds them open and responds one character > > at a time > > telling them to do things to themselves and after 15 minutes it > > finally lets > > them go. So he is stopping/slowing the turd from sending out > > probably a > > thousand messages each time he attaches. I thought this was very > > cool. > > ok, I'd REALLY like to know more about this
Well here is what he said in part. I must have deleted the other one about the 15 minutes per attempt.: http://www.benzedrine.cx/relaydb.html I was going to set up the China/Korea RBL on my system like I did on xxxxxxx but I rememberd OpenBSD having some firewall anti-spam capability so I checked it out. OpenBSD's spamd is a teergrube mail daemon that doesn't accept mail; rather it dicks with SMTP connections that come from spammers. By comparison, rblsmtpd prints a code and immediately drops the connection. The hope is that by wasting spammers' time/resources they will eventually blacklist YOUR IP address so as to avoid getting stuck in your tarpit. Anyway, I wanted to set up spamd with the China/Korea lists, and lo and behold OpenBSD's spamd.conf comes with them configured by default! china:\ :black:\ :msg="SPAM. Your address %A appears to be from China\n\ See http://www.okean.com/asianspamblocks.html for more details":\ :method=http:\ :file=www.okean.com/chinacidr.txt: korea:\ :black:\ :msg="SPAM. Your address %A appears to be from Korea\n\ See http://www.okean.com/asianspamblocks.html for more details":\ :method=http:\ :file=www.okean.com/koreacidr.txt: So, I added three lines to my firewall rules, fired up the spamd daemon, and... Sep 30 04:23:03 fw spamd[12638]: 216.68.x.xxx: <[EMAIL PROTECTED]> -> xxxxxxxxxxxxxxx> Sep 30 04:35:23 fw sp138amd[12638]: 216.68.x.xx: <[EMAIL PROTECTED]> -> <xxxxxxxxxxxxx> Sep 30 04:42:41 fw spamd[12638]: 216.68.x.xxx: <[EMAIL PROTECTED]> -> <xxxxxxxxxxxxx> Sep 30 04:45:08 fw spamd[12638]: 61.149.xx.xxx: -> Sep 30 05:05:56 fw spamd[12638]: 216.68.x.xx: <[EMAIL PROTECTED]> -> <xxxxxxxxxxxxx> Sep 30 05:11:16 fw spamd[12638]: 216.68.x.xx: <[EMAIL PROTECTED]> -> <xxxxxxxxxxxxx> Sep 30 05:12:46 fw spamd[12638]: 216.68.x.xxx: <[EMAIL PROTECTED]> -> <xxxxxxxxxxxxx> Sep 30 05:37:42 fw spamd[12638]: 216.68.x.xx: <[EMAIL PROTECTED]> -> <xxxxxxxxxxxxxx> Sep 30 05:42:37 fw spamd[12638]: 164.115.x.x: <[EMAIL PROTECTED]> -> <xxxxxxxxxxxxx> Sep 30 09:30:48 fw spamd[12638]: 212.131.xxx.xxx: -> Sep 30 10:42:10 fw spamd[12638]: 202.99.xx.xx: <xxxxxxxxxxr> -> <xxxxxxxxxx> Sep 30 12:31:14 fw spamd[12638]: 164.115.x.xxx: <xxxxxxxxxxxxx> -> <xxxxxxxxxxxxxxxx> I suspect that the connections from 61.149.xx.xxx and 212.131.xxx.xxx recognize that they're being dicked with (no e-mail addresses). Hopefully they'll blacklist me. I also suspect that 216.68.x.xx is an idiot. Keep tryin' pal! :)
Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
