[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: More then 2800 spams from the list...

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Mon, Mar 19, 2018 at 05:35:04PM +0200, Michelle Konzack wrote:
> Hello Richard and *,
> 
> Am 2018-03-19 hackte Richard Owlett in die Tasten:
> > I didn't. But as my ISP has an excellent spam filter I don't see what
> > many others see. I suspect the key is interpreting the header
> > information the OP gave. Is there a guide for an average user to
> > interpreting that information?
> 
> It seems, the spamer is on the List and manipulated the Mailinglist
> messages b using the original headers removed anything newer then
> the <bendel> Receied Headers and sent the message to more then 17000
> servers.

What do you mean by "the spammer is on the list"? The spam messages
don't go via list. I would get them (my own mail server and no spam
filter beyond the standard Exim header checking, which would never
drop/reject a mail coming from the list).

> <mail.tamay-dogan.net> is subject of a DOS attack.

Yes, I rather think they are targetting you. The Debian mailing
list headers seem to me (well placed) spoof.

> It seems, the Attacker know probably several 10.000 wrong configured
> mailservers and now use it, to pull down my server...

Yes, that's how it looks to me. Perhaps they're real bounces,
perhaps they're fake. But I'm pretty sure by now that the
Debian-list related headers are plain fake, to nudge people
into "responding to list" and thus spreading the spam even
more. So folks, don't do that. And if you do, at least strongly
snip the original (as Michelle has done, thankfully) and don't
include the whole kaboodle, top-posting style (you don't top-post,
do you ;-)

FWIW, I've sent a test mesage to (some randomly chosen user name)
at one of the servers in list and am awaiting a bounce message.

Let's see...

@Michelle: could you please send me a *complete* bounce message,
headers and all, as it arrives at your place? I still can't figure
out what kind of headers you sent to this list.

Thanks
- -- tomás
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iEYEARECAAYFAlqv498ACgkQBcgs9XrR2kYoxwCfaN5x3Zwsa6/PKUsJTKz+cSfY
DukAn2FiLNAOLzMzGGoHAH4CJdN/zQCL
=79xT
-----END PGP SIGNATURE-----
Reply to: