Re: spam to bogus users
On Fri, Jul 14, 2006 at 02:42:41PM +0100, John Kelly wrote:
> These totally bogus user names are not a good dictionary attack. I
> don't know what the spammer is trying to accomplish, since delivery is
> impossible. The user portion almost looks like a mail queue message
> id.
>
> Anyone else seeing this?
On a regular basis.
The ones I see are sent to similarly bogus addresses, most often
ga12335
I've taken to refusing to accept delivery of messages matching the
following regular expressions:
^ga[0-9]+$
^gb[0-9]+$
my exim4 mainlog looks like this:
2006-07-14 15:22:59 H=uslec-xx-xx-xx-xx.cust.uslec.net (spammer.example.com) [66.255.33.113] F=<SallyNapier@bad.example.com> rejected RCPT <ga7639@example.org>:
I don't want your spam.
Steve
--
Debian GNU/Linux System Administration
http://www.debian-administration.org/
Reply to: