One thing I noticed recently that these spammers seem to be doing is
they will send you an e-mail, no links in it, with some random message
in it - sometimes it's just a series of numbers. What they are doing
by doing this is determining if your e-mail address returns to them or
not. If not, they know it's possibly a valid e-mail address and they
can now use your domain to send more e-mail.
Usually they've hijacked some SMTP server/open relay elsewhere when
they do this, and they keep it just long enough to harvest some good
domain names. Now they can use your domain, you get all the returned
e-mails from the spam, and they get all the money from the spam!
One thing you could do is find some of those no-link e-mails. Chances
are some of them are from actual valid e-mail addresses. If the
spammer hasn't left the hijacked server (or is on a real server),
start forwarding all your mail but the exact addresses you know people
send to to those addresses. I haven't confirmed if this actually
works or has an effect not yet, but the thought is amusing at least.
Jesse
On 1/18/07, Derek Davis <[EMAIL PROTECTED]> wrote:
I own the domain name dnadavis.net. I set up a catch all mx entry, so
that all email that I don't specifically account for gets forwarded to
my gmail address. This way, I can make up email addresses on the
spot, which I like doing. Like using [EMAIL PROTECTED] if I shop
at Old Navy, so I know if they sell my email address to spammers. :)
I have my home computer setup with postfix, but it's not configured
for receiving mail. At least not intentionally. Recently, I started
periodically receiving bounced or rejected messages, maybe 1 or 2 per
week. However, I didn't send out those messages, I don't know the
intended recipient, and they are spam. I looked through
/var/log/messages, and I didn't see any entries that looked like these
messages were sent from here, but I don't know where else to look.
So, here are my questions:
1) How can I determine if people are relaying spam through my machine?
If they are, I think I can wade through the postfix config and figure
out how to stop it. Any other suggestions?
2) If they aren't, but they are just sending mail spoofing my domain,
what can I do about it? What should I do?
Thanks. I'd hate for people to think that I've turned into a spammer.
--
Derek M Davis [EMAIL PROTECTED]
-------------------------------------------------------------------
"Man has no choice about his need for self-esteem.
He can only choose by what standard to gauge it."
/*
PLUG: http://plug.org, #utah on irc.freenode.net
Unsubscribe: http://plug.org/mailman/options/plug
Don't fear the penguin.
*/
--
#!/usr/bin/perl
$^=q;@!>~|{>krw>yn{u<$$<Sn||n<|}j=<$$<Yn{u<Qjltn{ > 0gFzD gD, 00Fz,
0,,( 0hF 0g)F/=, 0> "L$/GEIFewe{,$/ 0C$~> "@=,m,|,(e 0.), 01,pnn,y{
rw} >;,$0=q,$,,($_=$^)=~y,$/ C-~><@=\n\r,-~$:-u/
#y,d,s,(\$.),$1,gee,print
/*
PLUG: http://plug.org, #utah on irc.freenode.net
Unsubscribe: http://plug.org/mailman/options/plug
Don't fear the penguin.
*/
