On Tue, Feb 17, 2015 at 07:39:22AM +0000, Ultramedia Libertad wrote: > How can I stop this spammer?, you have filled my /var/log/maillog with your > logs > > > Feb 17 01:28:41 hosting-openbsd smtpd[10574]: smtp-out: Connecting to > smtp+tls://173.194.65.27:25 (ee-in-f27.1e100.net) on session > 9c66add9434290d1... > Feb 17 01:28:41 hosting-openbsd smtpd[10574]: smtp-out: Connected on > session 9c66add9434290d1 > Feb 17 01:28:42 hosting-openbsd smtpd[10574]: smtp-out: Started TLS on > session 9c66add9434290d1: version=TLSv1/SSLv3, > cipher=ECDHE-RSA-AES128-GCM-SHA256, bits=128 > Feb 17 01:28:42 hosting-openbsd smtpd[10574]: smtp-out: Server > certificate verification succeeded on session 9c66add9434290d1 > Feb 17 01:28:42 hosting-openbsd smtpd[10574]: smtp-in: Failed command > on session 9c66add4c2fd6a1e: "RCPT TO: <get3...@yahoo.com.tw>" => 550 > Invalid recipient
Assuming you're not actually running yahoo.com.tw's mail service and you run on a reasonably recent OpenBSD version, you could do worse than try to use spamd(8)'s mechanism for dealing with attempted relay-raping. Some ways down the spamd man page in the GREYTRAPPING section, you have The file /etc/mail/spamd.alloweddomains can be used to specify a list of domainname suffixes, one per line, one of which must match each destination email address in the greylist. Any destination address which does not match one of the suffixes listed in spamd.alloweddomains will be trapped, exactly as if it were sent to a spamtrap address. Comment lines beginning with `#' and empty lines are ignored. followed by some enlightening examples which contains some strings that have provoked comment by the so-inclined. TL;DR: list the domains you actually serve, one per line, any attemtped deliveries to other domains incoming on the interface where spamd listens will be greytrapped (blacklisted, stuttered at). It's a very useful addition to your spamd config if you're already using it, otherwise it's a good starting point. (for more fun & games with spamd and greytrapping, you can check out my blog - main url in the .signature). - Peter -- Peter N. M. Hansteen, member of the first RFC 1149 implementation team http://bsdly.blogspot.com/ http://www.bsdly.net/ http://www.nuug.no/ "Remember to set the evil bit on all malicious network traffic" delilah spamd[29949]: 85.152.224.147: disconnected after 42673 seconds. -- You received this mail because you are subscribed to misc@opensmtpd.org To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org