From owner-freebsd-chat Thu Mar 27 23:12:24 1997 Return-Path: Received: (from root@localhost) by freefall.freebsd.org (8.8.5/8.8.5) id XAA24691 for chat-outgoing; Thu, 27 Mar 1997 23:12:24 -0800 (PST) Received: from kithrup.com (kithrup.com [205.179.156.40]) by freefall.freebsd.org (8.8.5/8.8.5) with SMTP id XAA24686 for ; Thu, 27 Mar 1997 23:12:22 -0800 (PST) Received: (from sef@localhost) by kithrup.com (8.6.8/8.6.6) id XAA02532; Thu, 27 Mar 1997 23:12:21 -0800 Date: Thu, 27 Mar 1997 23:12:21 -0800 From: Sean Eric Fagan Message-Id: <199703280712.XAA02532@kithrup.com> To: chat@freebsd.org Subject: Re: SPAM -- Aren't you the person....? (fwd) Newsgroups: kithrup.freebsd.chat In-Reply-To: <199703280450.XAA25347.kithrup.freebsd.chat@goffette.research.megasoft.com> References: <27919.859223994@time.cdrom.com> Organization: Kithrup Enterprises, Ltd. Sender: owner-chat@freebsd.org X-Loop: FreeBSD.org Precedence: bulk In article <199703280450.XAA25347.kithrup.freebsd.chat@goffette.research.megasoft.com> you write: >Jordan> I suggest firing off angry letters to the various ISPs >Jordan> involved whenever this happens (I do). >Me too... > >Here's a form letter that I have... There are several things you can do, in addition. 1. Install and use procmail; I have it as my local mailer. Then I have a .procmailrc that has lines like: :0: * ^.*207.147.201.46 |/usr/bin/mail worldnet.att.net@abuse.net :0: * ^From:.*jjcp@micron.net |$HOME/bin/bounce micron.net@abuse.net :0: * ^Received:.*sallynet.com |/usr/bin/mail policy@access.digex.net 2. Net/2 and later have a nice "reject" feature for 'route'. So you can do things like: echo -n 'Adding route black holes: ' echo -n 'Cyberpromo' ; route add -net 205.199.212.0 127.0.0.1 -reject echo -n 'SallyNet' ; route add -net 207.238.142.0 127.0.0.1 -reject echo -n 'Earthlink' ; route add -net 204.119.177.0 127.0.0.1 -reject (that's in my /etc/rc.local). netstat -r shows: Routing tables Destination Gateway Flags Refs Use IfaceMTU Rtt 204.119.177 localhost UGR 0 1 lo0 - - ispam localhost UGR 0 25 lo0 - - sallynet localhost UGR 0 380 lo0 - - Note that the 'ispam' (cyberpromotions) has a use of 25 -- one is from me (I did a traceroute without realizing what it was); the others are because they sent out a massive email spam last night. It never got to me, because, for a variety of reasons, CP doesn't use a mail transport agent, they have a program that connects directly to a machine's SMTP port. (sallynet did manage to get through, because of my various MX holders, only one of which I control. *sigh*) 3. Disable mail relaying in sendmail. See http://www.sendmail.org/antispam.html. 4. Lastly, learn who to complain to, and about. Complaining to AGIS about Cyber Promotions will do no good -- AGIS does not care. Complaining to Sprint is sometimes effective, but very slowly; same with MCI. Netcom and AOL have very good responses. But learn to tell *where* a message really comes from. And never, never, never mailbomb or otherwise try to flood an apparant spammer! (Uh, yeah, this occupies a bit of my time. I cancelled over 600 usenet posts today, sent out four complaints about email spam, and spent 15 minutes on the phone with an ISP in florida to tell them about the idiot who was posting the 600 posts that I was cancelling. *sigh*) Sean.