Camgirl Spam On The List

Home » CentOS » Camgirl Spam On The List
CentOS 11 Comments

Hey guys,

I just noticed this recently in my latest posts to the list. But I’ve noticed that every time I mail the list for some advice, I get hit with spam from a camgirl site like every other message. Kinda funny actually. But also annoying!! Anyone else experience this?

Maybe this is something the admins/moderators can take care of!

Thanks, Tim

11 thoughts on - Camgirl Spam On The List

  • I haven’t seen any since I put the sending domain with a ‘DISCARD’ in my
    /etc/mail/access database (using sendmail here)

  • Tim Dunphy wrote:
    I would guess that someone, or a bot, joined the list for the sole purpose of harvesting email addresses, and I can’t see how the admins can possibly block that.

    And, btw, this is where I mostly post using this email address, and no, I’m not sending spam to France, or southeast Asia, or…. (as in, they put my email as their Reply-To:).

    mark “ah, for the old days of fair use”

    mark

  • Well, is there another domain involved now ? It seems the previous spammer (using multiple VMs on DigitalOcean network) had been blocked. As nothing is sent through the mailman/CentOS.org server, I can’t even look at logs, but if you have useful informations (like some headers), feel free to forward those to me (and not on the list).

    Cheers,

  • Hey Fabian,

    Here’s the headers for one of the spam responses I got from the list:

    from:Tracy reply-to:tracy12614@safeloves.com to:Tim Dunphy
    date:Fri, Aug 28, 2015 at 2:19 PMsubject:Re: [CentOS] apache mysterious 404
    errormailed-by:safeloves.comsigned-by:safeloves.com:Important mainly because it was sent directly to you.

    Please let me know if that’s not what you’re looking for!

    Thanks, Tim

  • typically, you need the ‘recieved from’ headers so we can tell where it entered your mail system to block spammers.

  • Well, this is second discussion on this subject during last fortnight, and I felt to stay away from it… But I just would add one thing. Blocking originator of messages as John suggests, will work. The only thing about it is: these are single IP domains, and one can easily keep registering new ones, and this is all doable withing the frame digitalocean’s (the IP
    block owner) business model. Attempting to fight on per one case basis with something that can be scripted on the bad guys’ side I found counter productive. The only way I’ve found in the past that is not total waste of my time is: block e-mail from the whole block of IPs of that provider.

    This can be done on the side of those being abused. Nothing as a mater of fact can be done on the side of CentOS, and I really regret us wasting Fabian’s precious time on this. This is however really serious decision, as you may block some of domains hosted at digitalocean your users may need to communicate with. So, use your own judgement and caution. Grepping your mail logs for long time back is advisable, but by no means can be sufficient for sane decision. Contacting digitalocean with complaints, hm…, though is right thing to do, but quite unlikely will lead to them identifying the “person” and dealing with that person with whole seriousness. IMHO, this last doesn’t fit into their business model.

    Just my $0.02

    Valeri

    ++++++++++++++++++++++++++++++++++++++++
    Valeri Galtsev Sr System Administrator Department of Astronomy and Astrophysics Kavli Institute for Cosmological Physics University of Chicago Phone: 773-702-4247
    ++++++++++++++++++++++++++++++++++++++++

  • Blocking all of digitalocean.com?

    I guess that’s fine if you don’t mind having mostly false negatives. You’d be better off teaching your antispam system to treat the netblock with more suspicion. The spam I got had enough other rules that it was already in the “maybe spam” score, I bet if I created a spamassasin rule for it, it’d push it over the top.


    Jonathan Billings

  • Since the host name does not fully resolve and the HELO name neither, the junk is rejected for anything sent to my mailing list address.

  • . spam is “a fact of life of the internet”. always has been, always will be.

    when you spread your email address to the inet and be ready to receive spam.

    download email from a server, look forward to receiving spam.

    deal with it. set filters of your email client.

    if you do not want spam, either set filters and/or firewall rules to block it.

    if you do not want spam;

    use an isp that you have set to auto delete
    emails and never pull emails from that isp.

    post with sudo-name@sudo-address.bad

  • At least another one on Friday. Porno-spam from from safethebaby.com

    I reported the incident to Digital Ocean and Nodes Direct which I believe got handled rather promptly.
    (In short a host in Nodes Direct ip space was using a mail host in Digital Ocean ip space.)