Help needed with spam attack!!!

["Tom Q. Citizen" <to...@bay-online-media.com>]

Hi!  I host a number of domains on a box and I recently added one which
has resulted in that domain literally being HAMMERED by some spammer
sending spam to every kind of bogus e-mail address for this new domain you
can think of.

The server is a Linux box running RedHat 9 with Qmail
(netqmail-1.05)/Vpopmail 5.4.9/Courier-IMAP 4.1.0 w/ SpamAssassin 3.1.1
(perl 5.8.8)/ClamAV 0.88.1.

The incoming messages are being sent to addresses like:

norrisbryantfortune@mydomain.com

and sometimes there will be other addresses CC'd on the message.  The CC'd
addresses are in other domains and mainly in the ".ru" domain.

For a while, Qmail was bouncing the messages and since then I've changed
it to have the messages delivered to the postmaster account.  So, the
postmaster for mydomain.com is geting flooded with spam addressed to bogus
messages in the mydomain.com domain.

What can I do to stop this?  The performance of the server doesn't seem to
be impacted (load avg is well below 1 and hangs out below 0.5) so I'm not
worried about that as much as getting miffed at the constant influx of
spam.  SpamAssassin is flagging most of the messages as spam, with scores
well over the default threshold of 5.0.  I'm seeing scores in the 6+ range
on the low end and in the 20+ range on the high end.

Help?!?!?!?!?!!?  :)

I'm using the SpamAssassin defaults and I upgraded from 3.1.0 to 3.1.1 via
CPAN a week and a half ago.

Thanks in advance for your time and assistance!

Peace...

Tom

Re: Help needed with spam attack!!!

["Tom Q. Citizen" <to...@bay-online-media.com>]

Matt Kettler wrote:
> Tom Q. Citizen wrote:
>   
>> Hi!  I host a number of domains on a box and I recently added one which
>> has resulted in that domain literally being HAMMERED by some spammer
>> sending spam to every kind of bogus e-mail address for this new domain you
>> can think of.
>>
>> The server is a Linux box running RedHat 9 with Qmail
>> (netqmail-1.05)/Vpopmail 5.4.9/Courier-IMAP 4.1.0 w/ SpamAssassin 3.1.1
>> (perl 5.8.8)/ClamAV 0.88.1.
>>
>> The incoming messages are being sent to addresses like:
>>
>> norrisbryantfortune@mydomain.com
>>
>> and sometimes there will be other addresses CC'd on the message.  The CC'd
>> addresses are in other domains and mainly in the ".ru" domain.
>>
>> For a while, Qmail was bouncing the messages and since then I've changed
>> it to have the messages delivered to the postmaster account.  So, the
>> postmaster for mydomain.com is geting flooded with spam addressed to bogus
>> messages in the mydomain.com domain.
>>
>> What can I do to stop this? 
>>     
>
> Configure your qmail to verify the validity of the recipient durring the
> SMTP RCPT To: command like every other MTA out there does. (And qmail
> can be made to do this, but doesn't by default)
>
> Spamcop.net has some suggestions of addons to qmail that let it do this
> correctly. qmail-ldap and spamcontrol:
> http://www.spamcop.net/fom-serve/cache/329.html
>
> Generally, I think qmail-ldap would do this task better, or switch to a
> different MTA that has recipient validation built-in.
>   
Thanks to you and the others who responded with suggestions.  Sorry for 
the late reply but I've been busy.  :)

Peace...

Tom

Re: Help needed with spam attack!!!

[Matt Kettler <mk...@comcast.net>]

Tom Q. Citizen wrote:
> Hi!  I host a number of domains on a box and I recently added one which
> has resulted in that domain literally being HAMMERED by some spammer
> sending spam to every kind of bogus e-mail address for this new domain you
> can think of.
>
> The server is a Linux box running RedHat 9 with Qmail
> (netqmail-1.05)/Vpopmail 5.4.9/Courier-IMAP 4.1.0 w/ SpamAssassin 3.1.1
> (perl 5.8.8)/ClamAV 0.88.1.
>
> The incoming messages are being sent to addresses like:
>
> norrisbryantfortune@mydomain.com
>
> and sometimes there will be other addresses CC'd on the message.  The CC'd
> addresses are in other domains and mainly in the ".ru" domain.
>
> For a while, Qmail was bouncing the messages and since then I've changed
> it to have the messages delivered to the postmaster account.  So, the
> postmaster for mydomain.com is geting flooded with spam addressed to bogus
> messages in the mydomain.com domain.
>
> What can I do to stop this? 

Configure your qmail to verify the validity of the recipient durring the
SMTP RCPT To: command like every other MTA out there does. (And qmail
can be made to do this, but doesn't by default)

Spamcop.net has some suggestions of addons to qmail that let it do this
correctly. qmail-ldap and spamcontrol:
http://www.spamcop.net/fom-serve/cache/329.html

Generally, I think qmail-ldap would do this task better, or switch to a
different MTA that has recipient validation built-in.