Hi Steve, On 2015-07-29 Wed 23:12 PM |, Steve Fairhead wrote: > > Am now seeing a recent (last few months) HEEEUUGE increase in spam to my > (redirected mail) users with the following pattern: > > - spam sent to many email addresses with one-time-only domain, each of > which has a barely traceable and mobile (and maybe temporary) IP, but with a > whois record going back to a few repeating registrants (Batista Network, > WhoisGuard in Panama, MXSPORT LLC, SHOUTMEDIA INC. being a few of several).
They're probably spamming many others too. Consider giving DNSBL a try: http://en.wikipedia.org/wiki/DNSBL http://en.wikipedia.org/wiki/Comparison_of_DNS_blacklists I've found these (in this order) effective: psbl.surriel.com dnsbl-1.uceprotect.net dnsbl.sorbs.net zen.spamhaus.org > > I'm not sure I can do better than what I do now: record the domains (or > email patterns) to a database, from which I derive an access db for > sendmail, and reject them with a fairly polite message - which doesn't > happen often. > > But when it does, I'd like to hurt them. I also run spamd; can't seem to > find a way to tarpit based on domain rather than IP... > Most MTAs can use DNS back lists, but I've found a fast & low overhead way to do it is to check spamdb's GREYs & trap if DNS black listed. Then they get hurt by spamd & can't hammer the MTA. > Any cluebats? pkg_add greyscanner Cheers -- Scottish folk dancing in Linlithgow Palace ruins to live bands: http://www.ScotchHop.Org.UK/Pictures.html https://www.facebook.com/linlithgowscotchhop/photos_stream
