[Dshield] victim of spam-trash

Johannes B. Ullrich jullrich at sans.org
Fri Mar 8 16:48:43 GMT 2002


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


> A spammer is sending tons of emails with the email-adress
> eddiecandy2782 at sse.de as reply-to or mail from in the header.
> The Domain sse.de belongs to a customer from us. (Which isn't the spammer)

You should be able to configure your mail server to bounce all email to 
this userid (and still allow email to other users in that domain).

You probably want to filter these based on the envelope, not based on 
headers, to limit processing time wasted. In sendmail, look at the 
'blacklist_recipients' feature. In qmail, you have to make sure there is 
no alias setup for the user. 

other than that, there is not much you can do.

- -- 
- -------
jullrich at sans.org                    Join http://www.DShield.org
                          Distributed Intrusion Detection System

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iD8DBQE8iOttwWQP+4im9DYRArYYAJ9DAXfQszjcjvRae7Mw526POTXeKACdFCQV
jmuPuu7C0Kz4MRIkvuTRe2A=
=yqFN
-----END PGP SIGNATURE-----




More information about the list mailing list