.comment-link {margin-left:.6em;}

Frank

Viki
Sunday, September 24, 2006
 
Destroy all spammers
Ah, email. Love it. Hate it. It will exist regardless. And you must function with it regardless.

Spammers. Hate them. Kill them.

I manage a domain. In that domain, I run qmail as my MTA of choice. And I had a big problem. Spammers were sending emails to letsjustmakeupsomewords@mydomain.com with fake "From" headers. My system, upon realizing that there was no user named "letsjustmakeupsomewords" would then bounce the message to the fake from header, effectively aiding in the delivery of spam.

This infuriated me, but I don't have the time to read through all the documentation that I would need to get a solid anti-spam system established, nor do I, as a lazy sysadmin, have the time to manage such a system (which requires constant preening to keep it from sliding into chaos).

Initially, I had established a whitelist of all of my aliases that I would allow mail to be delivered to. That helped to cut down the spam for me, but it did very little for my bouncing baby problem.

I also read copious quantities of documentation about how to use qmail's doublebounceto feature, but the spammers were circumventing this, and it was useless.

My solution? Follow the bouncing ball (as root):

echo '#' > /var/qmail/alias/.qmail-devnull
chown alias.nofiles /var/qmail/alias/.qmail-devnull
echo 'devnull' > /var/qmail/alias/.qmail-default

That's right. Now my system doesn't bounce SHIT. If you deliver to a bad username on my system, straight into the black hole of /dev/null you go. I'm tired of fighting with spammers, and now people who can't get an email address correct get to ride with them--straight to HELL.

I've been quite enjoying watching entries like this in my mail log this afternoon:

@400000004516ad350cad56a4 info msg 23004: bytes 1740 from qp 4887 uid 560
@400000004516ad350d1017e4 starting delivery 761: msg 23004 to local moisesortegabarbecue@MYDOMAIN.com
@400000004516ad350d139a54 status: local 1/10 remote 1/255
@400000004516ad350e37f9fc new msg 24044
@400000004516ad350e382cc4 info msg 24044: bytes 1852 from qp 4891 uid 504
@400000004516ad350e93f8c4 starting delivery 762: msg 24044 to local devnull@MYDOMAIN.com
@400000004516ad350e942b8c status: local 2/10 remote 1/255
@400000004516ad350e9442fc delivery 761: success: did_0+1+0/qp_4891/

BYE BYE TIGER. BYE BYE.
Comments:
Apparantly I pissed someone off, for only moments after I put the kabosh on bounce-delivering spam, my system was port scanned for vulnerabilities from a location in Venezuela. To my spamming friends south of the border, all I can offer is: go fuck a dog.
 
Post a Comment



<< Home

Powered by Blogger