Re: spam to bogus users

To: debian-isp@lists.debian.org
Subject: Re: spam to bogus users
From: Steve Kemp <skx@debian.org>
Date: Fri, 14 Jul 2006 15:52:18 +0100
Message-id: <[🔎] 20060714145217.GA11988@steve.org.uk>
In-reply-to: <[🔎] 200607141442.k6EEglfa007428@isp2dial.com>
References: <[🔎] 200607141442.k6EEglfa007428@isp2dial.com>

On Fri, Jul 14, 2006 at 02:42:41PM +0100, John Kelly wrote:

> These totally bogus user names are not a good dictionary attack.  I
> don't know what the spammer is trying to accomplish, since delivery is
> impossible.  The user portion almost looks like a mail queue message
> id.
> 
> Anyone else seeing this?

  On a regular basis.

  The ones I see are sent to similarly bogus addresses, most often
 ga12335

  I've taken to refusing to accept delivery of messages matching the
 following regular expressions:

^ga[0-9]+$
^gb[0-9]+$

  my exim4 mainlog looks like this:

2006-07-14 15:22:59 H=uslec-xx-xx-xx-xx.cust.uslec.net (spammer.example.com) [66.255.33.113] F=<SallyNapier@bad.example.com> rejected RCPT <ga7639@example.org>:
I don't want your spam.

Steve
-- 
Debian GNU/Linux System Administration
http://www.debian-administration.org/

Reply to:

References:
- spam to bogus users
  - From: John Kelly <jak@isp2dial.com>

Prev by Date: spam to bogus users
Next by Date: Re: spam to bogus users
Previous by thread: spam to bogus users
Next by thread: Re: spam to bogus users
Index(es):
- Date
- Thread