Mik J wrote:
Hello,
I've been annoyed for months/years by a few marketing companies from which I
regularly unsubriscribed (according to the law in my country they should have
done it).A few days ago I decided to make spamd work on my pf machine.
And I trapped that spam companyDec 12 19:25:55 openbsd spamd[99682]: (BLACK) x.x.x.x:
<som...@spamdomain.com> -> <vic...@mydomain.com>
Dec 12 19:27:40 openbsd spamd[99682]: x.x.x.x: To: victim <vic...@mydomain.com>
Dec 12 19:27:40 openbsd spamd[99682]: x.x.x.x: From: =?utf-8?Lalalala=
<x...@spamdomain.com>
Dec 12 19:27:40 openbsd spamd[99682]: x.x.x.x: Subject: =?utf-8?Lalalalla
Dec 12 19:28:45 openbsd spamd[99682]: x.x.x.x: disconnected after 387 seconds.
lists: spamd-greytrap blacklist
I notice that this spammer lost 387 seconds so 6 minutes.
Is there a way to make them loose more time ?
# grep spamd /etc/rc.conf
spamd_flags="-5 -v -l 127.0.0.1 -h mymx.mydomain.com -n Somestring"
Thank you
Most of the spam I've received from marketing companies tends to come
from send-only servers (looking at the user-agent of the sending server
its some kind of Python library intended for just sending pre-formatted
messages to a list of recipients).
What I've done is constructed a script that while spmad is stuttering
their connection, it connects back to the sending server on port 25 and
executes an EHLO. If the sending server doesn't respond to the EHLO, it
runs pfctl to add that server's address to a block list.
Another technique I've done is to use a catch-all address for my primary
email address, so each time I give out an address I give them a unique
address. If I receive spam on an address (say something from "facebook"
on amazon@<mydomain>) then I know that my address has been leaked and
can readily identify who it was that leaked/sold my address to spammers.
.
