From owner-freebsd-questions@FreeBSD.ORG Sat Jan 10 01:08:54 2015 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 1CEDA6D5 for ; Sat, 10 Jan 2015 01:08:54 +0000 (UTC) Received: from mail-pd0-x233.google.com (mail-pd0-x233.google.com [IPv6:2607:f8b0:400e:c02::233]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id DE4D396E for ; Sat, 10 Jan 2015 01:08:53 +0000 (UTC) Received: by mail-pd0-f179.google.com with SMTP id fp1so20285742pdb.10 for ; Fri, 09 Jan 2015 17:08:53 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=vn7xqV79qNYmKMcVpZtfcuL2ehA7gkUyuiPUttbGO+M=; b=yDOIdEceGjSo1KPesYcFQci9Rvu7vWGzSfUSt51WL+RKpIj+j6KQ8yaFKAmRrlNu/w uk6DdzWYlHea3eYi5S6NhzfUq5f03dobnJb/wlnO/1M4Vzlo0ZY39QbV2haAIq9GGrq0 998Zy7SLVbJW5tn1qiC9BL3dzS7DN9oZ5Oyhkr5HuHMQh8XMqkfH2zZq96TC6NG0q6Cu 3kaa2swmUYJee2kNpgN96g+xfxFZR+Bsq6M9PKFBoHnW6ZqULeOwuN9K5XtVrGNR2vBq qO7kgBeSJNXApePHBdLgcB/l2Vnoi3eAFu+CH8W+wrdxIay0AVCe/P9vOHVcyQr0+Cqc 3lrg== MIME-Version: 1.0 X-Received: by 10.66.157.67 with SMTP id wk3mr27525728pab.95.1420852133064; Fri, 09 Jan 2015 17:08:53 -0800 (PST) Received: by 10.70.101.133 with HTTP; Fri, 9 Jan 2015 17:08:53 -0800 (PST) In-Reply-To: <20713.128.135.70.2.1420774393.squirrel@cosmo.uchicago.edu> References: <20150108231912.C874F48940C@agent02.agent.vmail.yz.sinanode.com> <54AF13F6.5070105@kicp.uchicago.edu> <20150109092132.2f7f131e@X220.alogt.com> <20713.128.135.70.2.1420774393.squirrel@cosmo.uchicago.edu> Date: Fri, 9 Jan 2015 19:08:53 -0600 Message-ID: Subject: Re: ?????Pls remove me I have been hacked!!! From: Adam Vande More To: galtsev@kicp.uchicago.edu Content-Type: text/plain; charset=UTF-8 X-Content-Filtered-By: Mailman/MimeDel 2.1.18-1 Cc: Erich Dollansky , FreeBSD Questions X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 10 Jan 2015 01:08:54 -0000 On Thu, Jan 8, 2015 at 9:33 PM, Valeri Galtsev wrote: > > On Thu, January 8, 2015 7:21 pm, Erich Dollansky wrote: > > Hi, > > > > On Thu, 08 Jan 2015 17:34:14 -0600 > > Valeri Galtsev wrote: > > > >> Is that only me or others noticed too that every first message of new > >> thread on this list if followed by junk like this. This apparently > >> was delivered from domain > >> > > this is an old thing. It comes and goes. > > > >> sina.com.cn > >> > >> Would that be reasonable to reject all mail of that origin on the MX > >> level? > >> > > It is not that easy. The sender addresses change very often. > > > > That is what I assumed from the very beginning. With these things on my > servers I usually do this: I find out which domain sender's MX serves. > Then I send complaint to > > abuse@that.domain.com > > No one usually gets back to me (at least from that geoip location no one > ever did). Then I send similar complaint appended with note that abise@ > never came back to me to postmaster@that.domain.com. After that I set my > MX to reject mail with message that that domain didn't respond abuse > complaint. [Did I miss something decent sysadmin should do in the case?] > Email is intrinsically open and spoof-able. Spending time on it further than marking it spam is almost universally a waste of time. Get a better spam filter is the answer. In other words: https://craphound.com/spamsolutions.txt -- Adam