Re: spam to bogus users

To: debian-isp@lists.debian.org
Subject: Re: spam to bogus users
From: JJ van Gorkum <jvg@knowzone.org>
Date: Sat, 15 Jul 2006 09:22:56 +0200
Message-id: <[🔎] 44B897D0.2020709@knowzone.org>
In-reply-to: <[🔎] 200607141442.k6EEglfa007428@isp2dial.com>
References: <[🔎] 200607141442.k6EEglfa007428@isp2dial.com>

John Kelly wrote:
> Every day, I get mail delivery attempts to non-existent users like:
> 
> k2159jcd003343@isp2dial.com
> k1mmcsoa007563@isp2dial.com
> k1nardpb001747@isp2dial.com
> 
> 
> These totally bogus user names are not a good dictionary attack.  I
> don't know what the spammer is trying to accomplish, since delivery is
> impossible.  The user portion almost looks like a mail queue message
> id.
> 
> Anyone else seeing this?
> 
Yep, Most effective is (if you are using exim4) check if the sender has
an MX record (from http://www.sput.nl/spam/ )


# There has to be an MX, except in case of DSN deny message = No MX for
envelope sender domain $sender_address_domain. See  http://www.sput.nl/spam/
       hosts   = ! : !+relay_from_hosts
       senders = ! :
       condition = ${if eq\
        {${lookup dnsdb{mx=$sender_address_domain}{$value}fail}}\
        {fail}\
       {yes}{no}}


-- 
JJ van Gorkum                             Knowledge Zone
If UNIX isn't the solution, you've got the wrong problem

Reply to:

Follow-Ups:
- Re: spam to bogus users
  - From: Håkon Alstadheim <hakon@alstadheim.priv.no>
- Re: spam to bogus users
  - From: Stephen Gran <sgran@debian.org>

References:
- spam to bogus users
  - From: John Kelly <jak@isp2dial.com>

Prev by Date: Re: spam to bogus users
Next by Date: Re: spam to bogus users
Previous by thread: Re: spam to bogus users
Next by thread: Re: spam to bogus users
Index(es):
- Date
- Thread