Everyone: Since about June 21st, another spammer out there has been relentlessly attacking the pvrusb2 mailing list using a type of attack I had not previously seen. As far as I can he has not succeeded and the list has stayed uncorrupted. But I am seeing a constant stream of bounce notifications every time he tries. The really annoying thing is that he's attacking the system by fraudulently using my domain (isely.net) in the from field and the MTA has been accepting these as legit - and then I get the backscatter when the post attempt fails due to the sender not actually being subscribed.
This sort of attack is obvious because *nobody* has any business posting messages from the "outside" to isely.net with a "from" field of isely.net. But up until now I've not tried to fend off this sort of thing. And unfortunately now that I'm looking into this, it appears that the Courier MTA doesn't have a means to block specifically named domains from the outside while still allowing those same domains from the "inside". Thus if I tell Courier to block isely.net, then I can't send e-mail either. This is in fact the sort of attack that SPF can stop. The isely.net domain has been publishing an SPF record for years but the domain's MTA has never been set to enforce it. Well that just changed. I've tried to make the settings as forgiving as possible, but if the spammer keeps getting his crap accepted by my MTA I'm going to crank up the aggressiveness on this filter. If you don't know what SPF is, I encourage you to look here for more info: http://www.openspf.org/ The reason I mention all this here is that if you post to this list, if your ISP is publishing SPF, and it is misconfigured, then there's a very real chance now that the MTA at isely.net will reject the message. I hope that doesn't happen, but if it does I apologize in advance. You can thank all those spamming jackasses out there for forcing this upon us all. If you find that you can't send e-mail to the isely.net domain any longer, you should still be able to reach me at my pobox.com address (isely (at) pobox (dot) com) - while that still ultimately goes to the same inbox, the message takes a different route, via pobox.com, and that path I've verified as working correctly. If I'm told about a specific issue like this, I will try to solve it here - but my options will be limited if the root cause is really at the other end :-( Back to normal pvrusb2 traffic... -Mike -- Mike Isely isely @ isely (dot) net PGP: 03 54 43 4D 75 E5 CC 92 71 16 01 E2 B5 F5 C1 E8 Freeh Sophia Marketing GmbH Emanuelstr. 3, 10317 Berlin Deutschland Telefon: +49 (33) 5310967 Email: [email protected] Site: http://flug.airego.de/ _______________________________________________ pvrusb2 mailing list [email protected] http://www.isely.net/cgi-bin/mailman/listinfo/pvrusb2
