Paul Pruett <[EMAIL PROTECTED]> writes: > I wanted to let you know that any emails from > <[EMAIL PROTECTED]> > <[EMAIL PROTECTED]> > <[EMAIL PROTECTED]> > ARE likely exploited computers, for several weeks we have > been avalanced by returns to those addresses significantly more > than any others...
Oh, so they found your domain, then. It may be a bit overwhelming right now, but not to worry, spamd is your friend. > In my situation, I beleive I can not use spamd greytrapping because > legitimate email servers are sending DAEMON messages to us. I beg to differ. If they're bouncing spam back to you, it's because they were about to deliver spam to their own users. Besides, it's only a matter of time, in my experience a few days at most, before those addresses are incorporated in spammers' send to-addresses and you can productively use them as greytraps. If you really want all the bounces to go away, give it a week before you put any given address into the greytrap. See http://bsdly.blogspot.com/2007/07/hey-spammer-heres-list-for-you.html and followups for a tale of similar silliness which actually has a happy ending (or at least a positive effect). Once an address makes it into the greytrap here, I publish it on a web page, which of course gets slurped by robots regularly. The list of fake addresses I've accumulated from backscatter now counts 7210 unique ones, posted for the robots to slurp here: <http://www.bsdly.net/~peter/traplist.shtml>, and it's extremely effective. > So unfortunately, others could not use these addresses for trapping > either? If spamd could trap on the "FROM" address, I would > recommend to all to add the three above addresses to your traps... The reason greytrapping is such a splendid idea is that *you* are the one who controls what addresses are actually deliverable in your domain. It's very simple, but it works. Once you start depending on somebody else's decisions, well, things are not that simple anymore and your risk of false positives and valid mail lost rises. > Also I posted the addresses on webengr.com to prove legit admin to > webengr.com: http://www.webengr.com/spam/ That is a useful first step. The next step is to add those to your greytrap. Wait a while if you have to, but do add them. There's no end to the spam those addresses will be getting in a few days' time. -- Peter N. M. Hansteen, member of the first RFC 1149 implementation team http://bsdly.blogspot.com/ http://www.datadok.no/ http://www.nuug.no/ "Remember to set the evil bit on all malicious network traffic" delilah spamd[29949]: 85.152.224.147: disconnected after 42673 seconds.
