From owner-freebsd-questions@FreeBSD.ORG Fri Jan 9 03:33:19 2015 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id CF40DEF4 for ; Fri, 9 Jan 2015 03:33:19 +0000 (UTC) Received: from cosmo.uchicago.edu (cosmo.uchicago.edu [128.135.52.97]) by mx1.freebsd.org (Postfix) with ESMTP id A830A797 for ; Fri, 9 Jan 2015 03:33:19 +0000 (UTC) Received: by cosmo.uchicago.edu (Postfix, from userid 48) id 8FD8CCB8CA1; Thu, 8 Jan 2015 21:33:13 -0600 (CST) Received: from 128.135.70.2 (SquirrelMail authenticated user valeri) by cosmo.uchicago.edu with HTTP; Thu, 8 Jan 2015 21:33:13 -0600 (CST) Message-ID: <20713.128.135.70.2.1420774393.squirrel@cosmo.uchicago.edu> In-Reply-To: <20150109092132.2f7f131e@X220.alogt.com> References: <20150108231912.C874F48940C@agent02.agent.vmail.yz.sinanode.com> <54AF13F6.5070105@kicp.uchicago.edu> <20150109092132.2f7f131e@X220.alogt.com> Date: Thu, 8 Jan 2015 21:33:13 -0600 (CST) Subject: Re: ?????Pls remove me I have been hacked!!! From: "Valeri Galtsev" To: "Erich Dollansky" Reply-To: galtsev@kicp.uchicago.edu User-Agent: SquirrelMail/1.4.8-5.el5.centos.7 MIME-Version: 1.0 Content-Type: text/plain;charset=iso-8859-1 Content-Transfer-Encoding: 8bit X-Priority: 3 (Normal) Importance: Normal Cc: freebsd-questions@freebsd.org X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 09 Jan 2015 03:33:19 -0000 On Thu, January 8, 2015 7:21 pm, Erich Dollansky wrote: > Hi, > > On Thu, 08 Jan 2015 17:34:14 -0600 > Valeri Galtsev wrote: > >> Is that only me or others noticed too that every first message of new >> thread on this list if followed by junk like this. This apparently >> was delivered from domain >> > this is an old thing. It comes and goes. > >> sina.com.cn >> >> Would that be reasonable to reject all mail of that origin on the MX >> level? >> > It is not that easy. The sender addresses change very often. > That is what I assumed from the very beginning. With these things on my servers I usually do this: I find out which domain sender's MX serves. Then I send complaint to abuse@that.domain.com No one usually gets back to me (at least from that geoip location no one ever did). Then I send similar complaint appended with note that abise@ never came back to me to postmaster@that.domain.com. After that I set my MX to reject mail with message that that domain didn't respond abuse complaint. [Did I miss something decent sysadmin should do in the case?] But, of course, freebsd.org has quite different audience from a couple of Departments of some university... Valeri >> Sorry about sending spam in name of fighting spam. > > Isn't this real life? > > Erich ++++++++++++++++++++++++++++++++++++++++ Valeri Galtsev Sr System Administrator Department of Astronomy and Astrophysics Kavli Institute for Cosmological Physics University of Chicago Phone: 773-702-4247 ++++++++++++++++++++++++++++++++++++++++