On Tue, Feb 17, 2015 at 07:39:22AM +0000, Ultramedia Libertad wrote:
> How can I stop this spammer?, you have filled my /var/log/maillog with your
> logs
>
>
> Feb 17 01:28:41 hosting-openbsd smtpd[10574]: smtp-out: Connecting to
> smtp+tls://173.194.65.27:25 (ee-in-f27.1e100.net) on session
> 9c66add9434290d1...
> Feb 17 01:28:41 hosting-openbsd smtpd[10574]: smtp-out: Connected on
> session 9c66add9434290d1
> Feb 17 01:28:42 hosting-openbsd smtpd[10574]: smtp-out: Started TLS on
> session 9c66add9434290d1: version=TLSv1/SSLv3,
> cipher=ECDHE-RSA-AES128-GCM-SHA256, bits=128
> Feb 17 01:28:42 hosting-openbsd smtpd[10574]: smtp-out: Server
> certificate verification succeeded on session 9c66add9434290d1
> Feb 17 01:28:42 hosting-openbsd smtpd[10574]: smtp-in: Failed command
> on session 9c66add4c2fd6a1e: "RCPT TO: <get3...@yahoo.com.tw>" => 550
> Invalid recipient
Assuming you're not actually running yahoo.com.tw's mail service and you run on
a reasonably recent OpenBSD version, you could do worse than try to use
spamd(8)'s
mechanism for dealing with attempted relay-raping. Some ways down the spamd man
page
in the GREYTRAPPING section, you have
The file /etc/mail/spamd.alloweddomains can be used to specify a list of
domainname suffixes, one per line, one of which must match each
destination email address in the greylist. Any destination address which
does not match one of the suffixes listed in spamd.alloweddomains will be
trapped, exactly as if it were sent to a spamtrap address. Comment lines
beginning with `#' and empty lines are ignored.
followed by some enlightening examples which contains some strings that have
provoked comment by the so-inclined. TL;DR: list the domains you actually serve,
one per line, any attemtped deliveries to other domains incoming on the
interface
where spamd listens will be greytrapped (blacklisted, stuttered at).
It's a very useful addition to your spamd config if you're already using it,
otherwise it's a good starting point. (for more fun & games with spamd and
greytrapping, you can check out my blog - main url in the .signature).
- Peter
--
Peter N. M. Hansteen, member of the first RFC 1149 implementation team
http://bsdly.blogspot.com/ http://www.bsdly.net/ http://www.nuug.no/
"Remember to set the evil bit on all malicious network traffic"
delilah spamd[29949]: 85.152.224.147: disconnected after 42673 seconds.
--
You received this mail because you are subscribed to misc@opensmtpd.org
To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org
