Spam question

Jeremy McSpadden jeremy at fluxlabs.net
Thu Aug 6 18:11:59 UTC 2015


7000 spam for a single domain in 1 day. Must have quite s few accounts.

Jerry replied with a good list for postfix. What Spamassain rules are you using ?

--
Jeremy McSpadden | Flux Labs
Local - 850-250-5590x501<tel:850-250-5590;501> | Mobile - 850-890-2543<tel:850-890-2543>
Fax - 850-254-2955<tel:850-254-2955> | Toll Free - 877-699-FLUX<tel:877-699-FLUX>
Web - http://www.fluxlabs.net<http://www.fluxlabs.net/>


On Aug 6, 2015, at 1:10 PM, Sean M. Schipper <sean.m.schipper at lawrence.edu<mailto:sean.m.schipper at lawrence.edu>> wrote:


Email is accepted for a single domain.  I use postfix as my MTA.



I employ Spamhaus as an RBL that I use to reject at SMTP.  I do use others but do not reject based on them.  Any others that are reputable enough to reject with?



I haven't really considered Greylisting.  I just read some on it to refresh my memory.  Is this commonly used by the MailScanner community?







--



RBL ? Greylisting ? How many domains are you filtering ? What MTA ?



--

Jeremy McSpadden | Flux Labs

Local - 850-250-5590x501<tel:850-250-5590;501> | Mobile - 850-890-2543<tel:850-890-2543>

Fax - 850-254-2955<tel:850-254-2955> | Toll Free - 877-699-FLUX<tel:877-699-FLUX>

Web - http://www.fluxlabs.net<http://www.fluxlabs.net/<http://www.fluxlabs.net%3chttp:/www.fluxlabs.net/>>





On Aug 6, 2015, at 12:49 PM, Sean M. Schipper <sean.m.schipper at lawrence.edu<mailto:sean.m.schipper at lawrence.edu<mailto:sean.m.schipper at lawrence.edu%3cmailto:sean.m.schipper at lawrence.edu>>> wrote:



Since last November I've been getting inundated with spam (yesterday just under 7,000 just in the am) from coming from 3 or 4 IP addresses on the same subnet in the morning starting like clockwork just after 9am.  Then sometimes I'll get a similar rush of spam in the afternoon coming from a separate IP range.  Countries of origin include US and Bulgaria mostly but also have come from Brasil, Romania and S. Africa.



I've been able to train MailScanner to correctly identify these as spam since the content is very similar -- tons of links to websites with .php extensions.  Examples of subject lines:  Situations for 2015 that forgive your Student-Loan, 12 month MBA programs, accelerated...



To cut down on the processing/traffic on my server I've been just blacklisting these IP subnets at smtp with a deny bounce message.  Does anyone have any other suggestions on actions I can take to rid myself of this annoying daily routine?  Does anyone else have similar battle stories like this?



Thanks for any suggestions on this.



Sean





--
MailScanner mailing list
mailscanner at lists.mailscanner.info<mailto:mailscanner at lists.mailscanner.info>
http://lists.mailscanner.info/listinfo/mailscanner

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.mailscanner.info/pipermail/mailscanner/attachments/20150806/3b801f65/attachment.html>


More information about the MailScanner mailing list