From owner-freebsd-chat Mon Dec 1 06:54:33 1997 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.7/8.8.7) id GAA12566 for chat-outgoing; Mon, 1 Dec 1997 06:54:33 -0800 (PST) (envelope-from owner-freebsd-chat@FreeBSD.ORG) Received: from gatekeeper.itribe.net (gatekeeper.itribe.net [209.49.144.254]) by hub.freebsd.org (8.8.7/8.8.7) with SMTP id GAA12549 for ; Mon, 1 Dec 1997 06:54:20 -0800 (PST) (envelope-from jamie@itribe.net) Message-Id: <199712011443.JAA07461@gatekeeper.itribe.net> Received: forwarded by SMTP 1.5.2. Date: Mon, 1 Dec 1997 09:47:20 -0500 (EST) From: Jamie Bowden To: Greg Lehey cc: mika ruohotie , chat@FreeBSD.ORG Subject: Re: annoying spammers... In-Reply-To: <19971129155438.60843@lemis.com> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-chat@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org We have the domain html.com. We have had it for over 3 years now, but recently millions of spam messages have gone out on the net with a from line of 1234567@html.com (the address is always some random number). All the bounce messages come our server, despite the fact that we didn't send them. I had to remove the server's ability to recieve mail at html.com about 2 weeks ago, as it was getting several hundred return mails a minute. It now routes all mail to @html.com to /dev/null. Not that it stops my mailbox from filling up with requests from people who don't know how to read a fscking header who send mail to us whining about being removed from our lists. *sigh* On Sat, 29 Nov 1997, Greg Lehey wrote: > On Sat, Nov 29, 1997 at 12:22:17AM +0200, mika ruohotie wrote: > > uh, i think this would go best here on chat, it's an isp issue too, > > but not really, i dunno. > > > > anyway, just a question if anyone else have noticed that their > > domain has been used in spamming. i mean, not as a relay, but as > > a NAME. > > Yes, it happened to me last night. Something in uunet was using my > mail servers (freebie.lemis.com and allegro.lemis.com) to send out > spam. I stopped the mail server on allegro (which is really just > running a high-pri MX), and left these headers in the spool: > > V2 > T880710622 > K880717164 > N5 > P1114943 > I0/4/731 > MDeferred: 451 ... Domain must resolve > $rSMTP > $sALLEGRO.LEMIS.COM > $_1Cust80.tnt18.atl2.da.uu.net [153.36.118.80] > S > RPFD: > H?P?Return-Path: > HReceived: from ALLEGRO.LEMIS.COM (1Cust80.tnt18.atl2.da.uu.net [153.36.118.80]) > by allegro.lemis.com (8.8.7/8.8.5) with SMTP id UAA15710; > Fri, 28 Nov 1997 20:20:22 +1030 (CST) > H?D?Date: Fri, 28 Nov 1997 20:20:22 +1030 (CST) > H?F?From: WebSecrets@WebSecrets.Net > H?M?Message-Id: <199711280950.UAA15710@allegro.lemis.com> > HSubject: Search Engine Secrets > . > > I installed hub's version of sendmail.cf, added WebSecrets.Net and > SecretsOfTheNet.Com (another one) to the black list. They tried > again, were rejected, and apparently gave up. I've sent complaints to > uunet--let's see how far they get. > > > mickey "yes, i'm fucking frustrated" > > Yup, I was pretty angry, too. > > Greg > Jamie Bowden Systems Administrator, iTRiBE.net If we've got to fight over grep, sign me up. But boggle can go. -Ted Faber (on Hasbro's request for removal of /usr/games/boggle)