From owner-freebsd-questions@FreeBSD.ORG Mon Jan 26 16:34:19 2015 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 415B0746 for ; Mon, 26 Jan 2015 16:34:19 +0000 (UTC) Received: from cosmo.uchicago.edu (cosmo.uchicago.edu [128.135.52.97]) by mx1.freebsd.org (Postfix) with ESMTP id 1AE27B70 for ; Mon, 26 Jan 2015 16:34:18 +0000 (UTC) Received: by cosmo.uchicago.edu (Postfix, from userid 48) id 50DF8CB8C9C; Mon, 26 Jan 2015 10:34:11 -0600 (CST) Received: from 128.135.70.2 (SquirrelMail authenticated user valeri) by cosmo.uchicago.edu with HTTP; Mon, 26 Jan 2015 10:34:11 -0600 (CST) Message-ID: <31948.128.135.70.2.1422290051.squirrel@cosmo.uchicago.edu> In-Reply-To: <20150126150030.563E7C0392@smtp.hushmail.com> References: <20150126150030.563E7C0392@smtp.hushmail.com> Date: Mon, 26 Jan 2015 10:34:11 -0600 (CST) Subject: Re: SPAM: =?iso-8859-1?Q?=E8=87=AA=E5=8A=A8=E5=9B=9E=E5=A4=8D=EF=BC=9Aopensmtpd:_pr?= ocmail: not found From: "Valeri Galtsev" To: opendaddy@hushmail.com Reply-To: galtsev@kicp.uchicago.edu User-Agent: SquirrelMail/1.4.8-5.el5.centos.7 MIME-Version: 1.0 Content-Type: text/plain;charset=iso-8859-1 Content-Transfer-Encoding: 8bit X-Priority: 3 (Normal) Importance: Normal Cc: freebsd-questions@freebsd.org X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 26 Jan 2015 16:34:19 -0000 On Mon, January 26, 2015 9:00 am, opendaddy@hushmail.com wrote: > On 26. januar 2015 at 1:49 PM, jzsf@vip.sina.com wrote: >> >>已收到您的来信! >> 谢谢! >> 荆州盛发 > > Anybody else getting bombarded with these every time they post to > questions? > > O.D. > We had discussion once about spam with "From:" line containing sina.com once in this list. Basically spam was sent to the list after majority of first messages starting new thread. There were variety of suggestions asking admins of list or even admins of MX to block whole ranges of IPs assigned to the same owner as spam originating IP. Yes, it is I who is that nasty ;-) - this is what I do on my mail servers (after always unsuccessful attempts to contact abuse@that.domain then postmaster@that.domain). It looks like admins of the list did fair job in mitigating that, THANKS! If the originating blocks of IPs were blocked (and mail To: addresses in these blocks is not being sent through mail lists), then bad guys must have some different e-mail address subscribed to the list, and a script parsing messages to extract sender, then add it to spam database. That would be my guess. In this case none of this junk will come through main list, but (some of) the list members will get spam from it which seems to be your case. If I had to solve what is happening to you, I would start rejecting mail from blocks of IPs spam originates (if you have to have your server comply RFCs, you may need to contact domain authorities with abuse complaint first - someone more knowledgeable will correct me). I probably am lucky to have already blocked the origin. Valeri PS Someone deciphered content once and said it is innocent "vacation" autoresponse in Chinese. I personally don't find it innocent neither to have autoresponse sent to mail list, nor the message (even a signature) sent to some mail list in foreign language. Foreign, being different from mail list language. I can write in at least two different languages which will be foreign for this list. I will consider it fair if I will be kicked by people for it if I ever do that ;-) ++++++++++++++++++++++++++++++++++++++++ Valeri Galtsev Sr System Administrator Department of Astronomy and Astrophysics Kavli Institute for Cosmological Physics University of Chicago Phone: 773-702-4247 ++++++++++++++++++++++++++++++++++++++++