Re: AW: Uptick in spam

2015-10-28 Thread Octavio Alvarez
On 10/27/2015 05:09 AM, Ian Smith wrote: On Mon, Oct 26, 2015 at 9:40 PM, Octavio Alvarez > wrote: On 26/10/15 11:38, Jürgen Jaritsch wrote: But it is originating all from different IP addresses. Who knows if this is

Re: AW: Uptick in spam

2015-10-28 Thread Jim Popovitch
On Wed, Oct 28, 2015 at 3:44 AM, Octavio Alvarez wrote: > > > On 10/27/2015 05:09 AM, Ian Smith wrote: >> >> On Mon, Oct 26, 2015 at 9:40 PM, Octavio Alvarez >> > wrote: >> >> On 26/10/15 11:38, Jürgen Jaritsch

Re: AW: Uptick in spam

2015-10-27 Thread Rich Kulawiec
On Tue, Oct 27, 2015 at 08:09:00AM -0400, Ian Smith wrote: > This is the part that's been bugging me. Doesn't the NANOG server > implement SPF checking on inbound list mail? Don't know, but it doesn't matter: SPF has zero anti-spam value. (I know. I've studied this in ridiculous detail using a

Re: AW: Uptick in spam

2015-10-27 Thread Ian Smith
On Mon, Oct 26, 2015 at 9:40 PM, Octavio Alvarez wrote: > On 26/10/15 11:38, Jürgen Jaritsch wrote: > > But it is originating all from different IP addresses. Who knows if this > is an attack to get *@jdlabs.fr blocked from NANOG and is just getting > its goal

Re: AW: Uptick in spam

2015-10-27 Thread Geoffrey Keating
Rich Kulawiec writes: > On Tue, Oct 27, 2015 at 08:09:00AM -0400, Ian Smith wrote: > > This is the part that's been bugging me. Doesn't the NANOG server > > implement SPF checking on inbound list mail? > > Don't know, but it doesn't matter: SPF has zero anti-spam value. > (I

Re: AW: Uptick in spam

2015-10-27 Thread Hunter Fuller
The trouble is that this is not the NAMSOG (North American Mail Server Operators Group). ;) On Tue, Oct 27, 2015 at 4:59 PM, Peter Beckman wrote: > Wouldn't that be interesting -- you can't join NANOG unless your email > domain publishes an SPF record with a -all rule. > >

Re: AW: Uptick in spam

2015-10-27 Thread John Levine
In article you write: >Wouldn't that be interesting -- you can't join NANOG unless your email >domain publishes an SPF record with a -all rule. > >That would raise the bar AND prevent the kind of thing that happened this >weekend. That's OK.

Re: AW: Uptick in spam

2015-10-27 Thread Peter Beckman
Wouldn't that be interesting -- you can't join NANOG unless your email domain publishes an SPF record with a -all rule. That would raise the bar AND prevent the kind of thing that happened this weekend. On Tue, 27 Oct 2015, Geoffrey Keating wrote: ... and thus a suitable topic for NANOG, I

Re: AW: Uptick in spam

2015-10-27 Thread Valdis . Kletnieks
On Tue, 27 Oct 2015 17:59:29 -0400, Peter Beckman said: > Wouldn't that be interesting -- you can't join NANOG unless your email > domain publishes an SPF record with a -all rule. > > That would raise the bar AND prevent the kind of thing that happened this > weekend. And make a number of

AW: Uptick in spam

2015-10-26 Thread Gunther Stammwitz
The spam is real. You can tune your own spamassassin-installation by adding these lines to local.cf: #Custom Rule for SPAMCOP header SUBJECT_FW_NEWMESSAGE Subject =~ /(Fw: new message)/ describe SUBJECT_FW_NEWMESSAGE subject fw new message score SUBJECT_FW_NEWMESSAGE 10.0 I caught hundreds

AW: Uptick in spam

2015-10-26 Thread Jürgen Jaritsch
Hi, I added this two lines to our postfix header checks: /mike@sentex\.net/ DISCARD /jdenoy@jdlabs\.fr/ DISCARD Worked very well: # grep -i discard /var/log/mail.log | grep -iE "@jdlabs|@sentex" | wc -l 408 Best regards Jürgen Jaritsch Head of Network & Infrastructure ANEXIA

Re: AW: Uptick in spam

2015-10-26 Thread Octavio Alvarez
On 26/10/15 11:38, Jürgen Jaritsch wrote: > Hi, > > I added this two lines to our postfix header checks: > > /mike@sentex\.net/ DISCARD > /jdenoy@jdlabs\.fr/ DISCARD > > Worked very well: > > # grep -i discard /var/log/mail.log | grep -iE "@jdlabs|@sentex" | wc -l > 408 But it is originating