From owner-freebsd-questions@FreeBSD.ORG Sat Jan 10 02:08:06 2015 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id E171EE97 for ; Sat, 10 Jan 2015 02:08:06 +0000 (UTC) Received: from cosmo.uchicago.edu (cosmo.uchicago.edu [128.135.52.97]) by mx1.freebsd.org (Postfix) with ESMTP id B732FE86 for ; Sat, 10 Jan 2015 02:08:06 +0000 (UTC) Received: by cosmo.uchicago.edu (Postfix, from userid 48) id 16D0ACB8C95; Fri, 9 Jan 2015 20:08:05 -0600 (CST) Received: from 166.175.62.212 (SquirrelMail authenticated user valeri) by cosmo.uchicago.edu with HTTP; Fri, 9 Jan 2015 20:08:04 -0600 (CST) Message-ID: <35576.166.175.62.212.1420855684.squirrel@cosmo.uchicago.edu> In-Reply-To: References: <20150108231912.C874F48940C@agent02.agent.vmail.yz.sinanode.com> <54AF13F6.5070105@kicp.uchicago.edu> <20150109092132.2f7f131e@X220.alogt.com> <20713.128.135.70.2.1420774393.squirrel@cosmo.uchicago.edu> Date: Fri, 9 Jan 2015 20:08:04 -0600 (CST) Subject: Re: ?????Pls remove me I have been hacked!!! From: "Valeri Galtsev" To: "Adam Vande More" Reply-To: galtsev@kicp.uchicago.edu User-Agent: SquirrelMail/1.4.8-5.el5.centos.7 MIME-Version: 1.0 Content-Type: text/plain;charset=iso-8859-1 Content-Transfer-Encoding: 8bit X-Priority: 3 (Normal) Importance: Normal Cc: Erich Dollansky , FreeBSD Questions , galtsev@kicp.uchicago.edu X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 10 Jan 2015 02:08:07 -0000 On Fri, January 9, 2015 7:08 pm, Adam Vande More wrote: > On Thu, Jan 8, 2015 at 9:33 PM, Valeri Galtsev > wrote: > >> >> On Thu, January 8, 2015 7:21 pm, Erich Dollansky wrote: >> > Hi, >> > >> > On Thu, 08 Jan 2015 17:34:14 -0600 >> > Valeri Galtsev wrote: >> > >> >> Is that only me or others noticed too that every first message of new >> >> thread on this list if followed by junk like this. This apparently >> >> was delivered from domain >> >> >> > this is an old thing. It comes and goes. >> > >> >> sina.com.cn >> >> >> >> Would that be reasonable to reject all mail of that origin on the MX >> >> level? >> >> >> > It is not that easy. The sender addresses change very often. >> > >> >> That is what I assumed from the very beginning. With these things on my >> servers I usually do this: I find out which domain sender's MX serves. >> Then I send complaint to >> >> abuse@that.domain.com >> >> No one usually gets back to me (at least from that geoip location no one >> ever did). Then I send similar complaint appended with note that abise@ >> never came back to me to postmaster@that.domain.com. After that I set my >> MX to reject mail with message that that domain didn't respond abuse >> complaint. [Did I miss something decent sysadmin should do in the case?] >> > > Email is intrinsically open and spoof-able. Sorry, I was not clear enough. I complain to domain of the box that passed the message to my server. And this record is made by my server, hence can not be spoofed. The same is true about domain delivered the message in question to mail list server whose portion in the header I can trust. You should give people some credit, not everyone is a moron... valeri Spending time on it further > than marking it spam is almost universally a waste of time. Get a better > spam filter is the answer. In other words: > > https://craphound.com/spamsolutions.txt > > -- > Adam > ++++++++++++++++++++++++++++++++++++++++ Valeri Galtsev Sr System Administrator Department of Astronomy and Astrophysics Kavli Institute for Cosmological Physics University of Chicago Phone: 773-702-4247 ++++++++++++++++++++++++++++++++++++++++