Re: spam to bogus users
John Kelly wrote:
> Every day, I get mail delivery attempts to non-existent users like:
>
> k2159jcd003343@isp2dial.com
> k1mmcsoa007563@isp2dial.com
> k1nardpb001747@isp2dial.com
>
>
> These totally bogus user names are not a good dictionary attack. I
> don't know what the spammer is trying to accomplish, since delivery is
> impossible. The user portion almost looks like a mail queue message
> id.
>
> Anyone else seeing this?
>
Yep, Most effective is (if you are using exim4) check if the sender has
an MX record (from http://www.sput.nl/spam/ )
# There has to be an MX, except in case of DSN deny message = No MX for
envelope sender domain $sender_address_domain. See http://www.sput.nl/spam/
hosts = ! : !+relay_from_hosts
senders = ! :
condition = ${if eq\
{${lookup dnsdb{mx=$sender_address_domain}{$value}fail}}\
{fail}\
{yes}{no}}
--
JJ van Gorkum Knowledge Zone
If UNIX isn't the solution, you've got the wrong problem
Reply to: