"Curtis L. Olson" said:

> David Megginson wrote:
> > I'm under a serious spam attack from an infected computer of someone 
> > on the list.  Here is where the spam is originating:
> >
> >   user-24-214-247-18.knology.net
> >
> > Many of the spams are arriving with Curt's e-mail address spoofed on 
> > them, and unfortunately, baron.me.umn.edu seems happy to relay them 
> > for the infected computer.  In fact, baron is relaying *all* of the 
> > spam, even the stuff return addresses like [EMAIL PROTECTED]
> Going on the defensive here.  mail.flightgear.org is *not* an open 
> relay.  It only accepts mail for addresses @flightgear.org.  It does 
> *not* accept email from an arbitrary location and forward to any other 
> arbitrary location.
> The big problem is that these viruses can leverage the user's address 
> book to spoof plausible to/from addresses and they get lucky far too often.
> The spammers/viruses are nearly making email useless.... :-(
> I average receiving a new spam mesage about every 5 minutes.

We're getting creamed here but not seeing most of it.  SpamCop which we've
been using for a while, does a good job of blocking those idiot virus spams
from misconfigured mail servers.  Of course this has started producing some (a
very small number) complaints as "legit" servers get listed.  It is currently
getting 25 per hour (based on prior 5 weeks average) and that is double what
it was a month ago.

Also I've added a slew of procmail rules to filter out the stupid subjects
they use (e.g. "re: Thank You!").  After all that I still end up manually
clearing about 25 a day.

On the Postgres list someone mentioned that he discovered a signature in the
HELO that he was able to use to trap most virus emails.



Flightgear-devel mailing list

Reply via email to