my spammer list

Home » CentOS » my spammer list
CentOS 4 Comments

Hello,
Thanks to some nice people on here and other forums I have pretty much finalized my whole mail system on centos 6.x.

With all the checks, greylisting, dev/null of any 8+ spam level SA, I still get a few mails.

It seems like everytime I enable a new protectant, the mail stops spamming for a few hours…then the spammers decide I am worthy of using better methods against me..and more come. LOL.

I am down to just 10-15 a day. Anything that gets through all that I set up now goes to a spammers list that I add to the access file of postfix.

http://bobhoffman.com/spammers.html

that is the link to my list. I am trying to sort them out into political, real estate, bulk spammers, etc. The worst part is the bulk emailers are not on any black list. It is very hard to find their mail MX until they actually send you one. Many will be blocked, then a new alternate of theirs comes through.

I could not find a list of bulk commercial spammers so I thought I would start one. As I progress it will become more defined, but right now a big list with some categories after it.

Hope it helps.

4 thoughts on - my spammer list

  • You won’t be able to track them easily because they hop around from
    network to network. Sometimes I can recognize them by seeing the same
    spams repeatedly, also, different IP addresses connecting and guessing
    passwords for the same list of users. But I rarely get those anymore
    since I have blocked pop/imap logins from outside of the US.

    You can report them to spamcop.net and that may help to provide some
    incentive for ISPs to kick spammers off their network.

    The way that I finally got rid of all the residual spam that makes it
    through greylisting, SPF, spamassassin, clamav is to handout unique mail
    addresses and use black/whitelists. So for example if I assign an email
    address for incoming mail from a mailing list and then setup a whitelist
    entry that only allows that address to receive email from the
    mailservers that serve that mailing list and then blacklist all other
    incoming mail to that address it is very effective. With a decent
    whitelist/blacklist tool it’s fairly easy to implement. I used to get
    literally hundreds of spams a day and now I probably average about 2 per
    week.

    You can also get on the spamassassin mailing list and add more plugins
    and work on tuning the spamassassin config. You can also play with
    sa-learn. For me though the black/whitelisting works quite well.

    Nataraj

  • mostly down to just the bulk commercial spammers. Usually spam dev/null
    them but decided to disable spam assassin and go after a nice list. Only
    got two mails in the last 12 hours, so it is cool.
    I get lots of political and real estate spammers due to the jobs I have
    had and my mail being on their lists…a list you can never get off. So
    listing them was the perfect thing.
    so without spamassassin, going good so far. Almost nothing.

    when I get one or two a day I just add them to the list..lol

    I am happy to not have hundreds a day anymore…so happy.

  • so, for example, if you unsubscribed from this list and, after that, I
    wanted either to:

    1) contact you directly to know more about your antispam setup
    2) offer you a job as system administrator since you are so skilled

    and I sent such email to the address you use to post to this list (the
    only contact info I have), not only you would never receive it, but (if
    you implement this server-wide) ALL your email USERS would stop receiving
    legitimate email from me?

    Am I missing something? If not, yours is a smart solution, indeed.

    marco
    http://freesoftware.zona-m.net

  • My white/blacklisting software happens to allow regular expressions as
    well as IP addresses and has the capability to match on one or more of
    the following fields in the message:

    envelope sender
    envelope recipient
    helo name
    remote IP address
    Remote hostname

    When it matches on remote hostname, it does a reverse dns lookup. I
    already have my mailserver configured so that It will not accept mail
    from any site for which the forward and reverse dns entries do not
    match. So I can create a whitelist entry which allows .*.centos.org
    or .*@centos.org.

    Yes, it limits the ability for people to contact me off list, but people
    that need to reach me seem to find a way. There is a price for
    everything. If you happen to own a 3 letter domain name that was around
    from the days of the original arpanet, and you have had a bad enough
    spam problem, then it may be worthwhile to pay that price. I am on a
    fair number of mailing lists and find that spammers do harvest addresses
    on these lists.

    Generally when I join a new list, I just create the unique email
    address, but don’t do the whitelist/blacklist thing until I start seeing
    spam to that address, so I can tell which lists or people that I gave my
    email address too was harvested or leaked.

    I’ve see my email address leaked to spammers from presumably secure
    sites like major banks and financial institutions, various websites
    where I’ve made online purchases, etc. It is unbelievable how insecure
    these supposedly secure sites are. On two occasions I reported to a
    major financial institution that they had leaked my email address and
    after several months got back a notice that they had found that the
    security of their systems had been compromised, but assured me that it
    affected only my email address and not my bank account or other personal
    information.

    Yes it is the case that I generally do not recommend this technique to
    inexperienced user. For my users I do the best I can with greylisting,
    spamassassin, etc. For users who do not highly publicize their email
    address this is usually enough. I have one client though that
    advertises their customer service email address and has a massive spam
    problem. I told them that the best way to solve that was to create a
    properly designed web page for customer service requests that was
    protected from automated submission methods.

    There are also tools that implement auto-whitelisting, that will send
    out an auto-response requiring the user to send back a confirmation or
    click on a web page and be automatically whitelisted. Some people are
    strongly opposed to this method because it will generate more spam to
    what ever return address is given in the spam that you do receive. This
    would not work so well for things like receiving a confirmation message
    for your online purchase from amazon.com.

    Nataraj

    Nataraj

LEAVE A COMMENT