LinuxQuestions.org
Help answer threads with 0 replies.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices



Reply
 
Search this Thread
Old 01-16-2006, 10:57 PM   #1
sulee
LQ Newbie
 
Registered: Jul 2005
Location: Bangkok
Distribution: Slackware
Posts: 20

Rep: Reputation: 0
99% Rejected mail


Hi all,

first of all - have a pleasant day!

running slackware 10.1, postfix, courier-imap
virtual hosting - hosting 7 domains

Now, the trouble:
I have maillogs rotating daily.
They are approx. 20MB per day.

It's one domain receiving loads of mails (which are rejected!) - but put a lot of load on the postfix mail server. Therefor, this is not about spam - it's about madness ;-) The email address look like this:

267_lihjiuan@xxxxx.com
267_lschennechart@xxxxx.com
267_mbreccia@xxxxx.com
267_mysticks1@xxxxx.com
267_ogataku@xxxxx.com
267_robinba@xxxxx.com
267offdwall@xxxxx.com
267rsct@xxxxx.com
267shirui@xxxxx.com
267shotgun66@xxxxx.com
267sivika@xxxxx.com
26_logirl@xxxxx.com
26_maxmara@xxxxx.com
26_mjkadel@xxxxx.com
26_not_interested@xxxxx.com
26_raymonddanner@xxxxx.com
26_rbijklrb-jaz@xxxxx.com
26_rdka@xxxxx.com
26_rutorres@xxxxx.com
shoeboy722@xxxxx.com
shoeboy_288@xxxxx.com
shoklo_282@xxxxx.com
shooter7357@xxxxx.com
shorei18_117@xxxxx.com
short_stuff_4679@xxxxx.com
short_y719@xxxxx.com
shortie1982376@xxxxx.com
shortie1982_636@xxxxx.com
231.shortyharris@xxxxx.com
showcasebooks_294@xxxxx.com
showcasebooks_594@xxxxx.com
shsclassof48_327@xxxxx.com
shubidu172@xxxxx.com
shubidu469@xxxxx.com
shugs_mitchell_606@xxxxx.com
shuhail1335@xxxxx.com
shygger531@xxxxx.com
shygger_81@xxxxx.com
shygger_858@xxxxx.com

(where xxxxx.com is this domain mentioned on top) There come hundreds, thousands a day. 99% of all mail send to my server have email addresses like this...

I'm using watch-maillog.pl to add multiple rejects to iptables.
I use greylisting. I use all available "reject_" types in postfix.

However, my QUESTIONS are:

1. What is the purpose of this?
(they don't relay / they don't hit my inbox)

2. What do folks sending them _gain_ from this?

3. What could be a more efficient way to stop this?
(it's about the postfix load - means that I'd like to reject
them before they reach the mail server)

Answers to these 3 questions or any hints/advices are most appreciated.

Thanks.
 
Old 01-16-2006, 11:07 PM   #2
tangle
Senior Member
 
Registered: Apr 2002
Location: Smithville, TN
Distribution: Slackware
Posts: 1,745

Rep: Reputation: 71
Have you tried to contact the owner of the domain or the ISP that they are coming from? I have resolved the only 3 spam issues I have had this way this way on my mail server. At work I have had some success too using this method.

I personally do not know why people do things that cause other probelms. My guess is they are unhappy people and want others to be unhappy too. Kinda pathetic, but misery loves company.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Mail from Apache being rejected - Cannot route to sender apache@localhost.localdomain jimwillsher Linux - Networking 2 01-19-2006 01:41 AM
Im rejected by server when sending mail Kirmonkey Linux - Security 3 06-24-2005 04:02 AM
Incoming mail is rejected... rchofman Linux - Software 4 09-22-2004 05:39 PM
What do you do when you get rejected? (women!) lrt2003 General 7 05-25-2004 11:33 PM
Rejected Connection vcheah Linux - Security 6 04-12-2002 02:19 PM


All times are GMT -5. The time now is 05:09 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration