Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
I'm currently the victim of a truckload of backscatter email bounces thanks to some $%%^ spammer(s) forging my domain and crappily configured mail servers around the planet.
Does anyone have any view on how long these tend to last for? I assume that the spammers move on to a new set of domain names pretty quickly and the crap will drop off. Does this sound correct?
I wouldn't bet on it. Once spammers got ahold of my company domain name, the crap was flowing for months until I set the server to drop everything that wasn't from a legitimate email account. As far as I know, they are still using our domain name, but at least I don't have to deal with their garbage.
I always drop mail to non-existent users. I'd just prefer to be able to see something useful in my logs and not chewe up bandwidth on crap connections.
Distribution: OpenBSD 4.6, OS X 10.6.2, CentOS 4 & 5
Posts: 3,660
Rep:
"Backscatter" is a term typically reserved for traffic that results from spoofed IPs in DDoS attacks. When e-mail domains are forged to send spam, it's known as a "Joe Job". I cover that (and other attacks) on my site. Check out e-mail threats and click on The "Joe Job" under Threats/Network.
Interesting chort, but it would seem to me that since most of the crap I get is from sites that bounce mail to unknown users, they are probably the least likely to implement spf or anything similar.
Distribution: OpenBSD 4.6, OS X 10.6.2, CentOS 4 & 5
Posts: 3,660
Rep:
Yes, but you can only control your own site. There are two third parties involved: The spammer, and the recipient of the spam. You can't control what they do. The best you can do is publish an SPF/Sender-ID record (soon to be superceded by DKIM in all likelihood) and hope that ricipients of spam will check your records to avoid ever accepting the spam in the first place.
If you do get the bounces, you can filter them, but it's potentially tricky--especially if they used a valid e-mail address from your domain. Of course, they've already used your bandwidth at that point.
As for the term "Joe Job", I'm now working at my second e-mail security company and both have called it "Joe Job". That's the only term I see used to describe it in the e-mail security industry and in press about it.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.