Flutterby™! : Damn spammers

Next unread comment / Catchup all unread comments User Account Info | Logout | XML/Pilot/etc versions | Long version (with comments) | Weblog archives | Site Map | | Browse Topics

Damn spammers

2004-11-02 02:09:03.159655+00 by Dan Lyke 8 comments

Augh! In the few days I've been offline for the move, someone's using the Flutterby server as the alleged origin in forged spam. They're putting in dummy received lines pointing back to my server, and my email address in the "From" field, and I'm getting hundreds of bounce messages.

At first I was scared that it was a compromise on my machine (and sorry, John, for killing off your NNTP session, when I discovered this and saw things I didn't recognize in the process table I went for safety first), but since the intervening "Received" lines all point to DSL or cable modem IPs, it looks like some virus writer has chosen me as the lucky recipient of all of these bounces.

Slow excoriation is too good for 'em.

[ related topics: Dan's Life virus Spam broadband ]

comments in ascending chronological order (reverse):

#Comment Re: made: 2004-11-02 04:26:15.247883+00 by: markd

That happens to me on a couple of the domains that I run. It's horrendously annoying.

#Comment Re: made: 2004-11-02 04:36:04.358404+00 by: TheSHAD0W

Ditto.

#Comment Re: made: 2004-11-02 10:20:20.995417+00 by: Brian

Likewise, maybe once a year or so.. lasts a few weeks before they switch to another domain. You might try publishing some SPF records as an experiment, see if the bounce rate drops as a result (although I suspect it wouldn't have much of an effect).

-Brian

#Comment Re: made: 2004-11-02 15:18:15.670433+00 by: Dan Lyke

Already got 'em:

$ host -t txt flutterby.com
flutterby.com text "v=spf1 a a:mail.flutterby.com a:www.flutterby.com"

#Comment Re: made: 2004-11-02 15:45:05.999985+00 by: Shawn

"me too" - and I went through the same stages of alarm. Unfortunately, I neither own nor control the boxes my domains are hosted on, so I have few options.

#Comment Re: made: 2004-11-02 16:24:01.53447+00 by: flushy

Got a great attachment from the NJABL anti-spam list from Shawn McMahon <smcmahon@eiv.com>:

http://gonoph.net/procmail.txt

It was made by Volker Kuhlmann <volkerkuhlmann@GMX.de> and released under the GPL.

It stops most of those bounce messages caused by brain-dead antivirus software.

#Comment Re: made: 2004-11-02 19:06:38.843665+00 by: ebradway

The hosting service I was using kept shutting down my domain because they thought I was actually sending the spam. They seriously needed to be beat with a clue-by-four. They kept sending my my admin password in plaintext via email and required that I enter my password on their support site in HTTP.

BTW, don't ever use YRhost. They really suck.

#Comment Re: made: 2004-11-04 16:32:35.331065+00 by: flushy

that looks awfully lot like YRhossed