Stopping sneaky spammers

Mike Kercher mike at CAMAROSS.NET
Wed Oct 16 13:32:30 IST 2002 

All of the lists below are free.  Add the following lines to
/etc/mail/sendmail.mc down towards the bottom:

FEATURE(dnsbl,`relays.ordb.org',`Rejected - see http://ordb.org/')dnl
FEATURE(dnsbl,`relays.osirusoft.com',`Rejected - see
http://relays.osirusoft.com/')dnl
FEATURE(dnsbl,`bl.spamcop.net', `"Spam blocked see:
http://spamcop.net/bl.shtml?"$&{client_addr}')dnl
FEATURE(dnsbl,`proxies.relays.monkeys.com')dnl

Then run m4 /etc/mail/sendmail.mc > /etc/sendmail.cf to generate a new
sendmail.cf  This will block a LOT of spammers at the MTA.  I also block
hispeedjackasses in /etc/mail/access

Mike


-----Original Message-----
From: MailScanner mailing list [mailto:MAILSCANNER at JISCMAIL.AC.UK] On
Behalf Of Bruno
Sent: Wednesday, October 16, 2002 6:25 AM
To: MAILSCANNER at JISCMAIL.AC.UK
Subject: Stopping sneaky spammers


Hello all,

I have found a major spamming outfit (HighSpeedMail) that is very
aggressive at avoiding being detected by anti-spam software (including
my installed MailScanner and SpamAssassin - using default rules, even
the default and quite aggressive "5" blocking level, since SA usually
ranks them over 3 and below 5).

Unless a good way to block them is found, I fear other spamming outfits
will soon follow on their tacticts.  Suggestions on how to block them
permanently would be welcome.

Here are some details:

1) They seem to always fake their email address (hi-speed.ch,
hi-speedmail.com, hi-speedmail.net, hi-speedemail.com,
hi-speedemail.net, hi-speedmediaoffers.com, hispeedmediaoffers.com,
hispeedmediaoffers.net, hsm-mailer.com, hsm-mailerdirect.com,
hsmmailer.com, hsmailer.com).
2) The spam seems to originate from a few addresses in the 10.0.1.*
network, but is delivered/routed via other IPs, before it reaches me.
3) The delivery IPs change but seem to come from the same class C subnet
for about 2 weeks at a time (64.70.20.*, 64.70.44.*, 12.158.236.*,
148.233.70.50, 217.168.208.252).
4) I am using /etc/mail/access to block the delivery class C subnets for
this spam, but have to keep adding new ones.
5) I use the free Spam List from the default MailScanner installation
(ORDB-RBL), but they seem to avoid it quite easily.  I am a home user,
and cannot afford paying for a commercial list.
6) Possible alternative solution:  A few months ago I read in InfoWorld
that "in theory" in the US it is possible to sue spammers for $1000 per
spam message.  I probably get about 1000 spams per year that I can trace
to these specific spammers. Does anybody know of a lawyer that
specializes on this type of lawsuit and will work for a percentage of
the amount collected?

More information about the MailScanner mailing list