[Dshield] E-Mail Nuisance

Richard Golodner rgolodner at infratection.com
Wed Feb 7 01:59:46 GMT 2007

	As Tony mentioned," More valuable is to look at the Received: from
IP value that your'e MTA accepted and possibly the one before that, if that
seems probable and look for patterns there, then refuse mail from those
patterns' subnets." 
	Gathering the received from field information is useful in stopping
such annoyances. A quick ACL or firewall rule and the annoyance stops. 
	You can never learn enough about how these spammers work by looking
at the complete header and for kicks seeing which IP addresses actually
resolve. On occasion we have a calm moment or two and it is very fun too.
Wow, what have I turned into, looking at headers for kicks? Oh yeah, I get
paid to do it. 
	Hope every one is cool in 2007, Richard Golodner

More information about the list mailing list