I think I have the right section here but forgive me if I dont.
I have a problem;
I am in charge of an email server for a library.
I have an agressive person sending abusive emails to a staff member.
The email have gotten very bad, threats and horrible language.
The emails used to be manageable, once every three weeks, now it is daily.

I know it is really bothering her now and I think she is a little fearfull.
What I need to do is block them.
I am using netqmail with qmail-scanner.
Qmail scanner is using clamav and spamassassin 3.x.

The email abuser signs up for free accounts and sends from those accounts so I cannot track the IP.
I have tried emailing hotmail and other providers which he signs up with to no avail.
Right now I am playing a game by adding his email addresses to the badmail from file. He keeps signing up for new accounts and I keep adding them to the blocked list.

He has found a provider, fastmail which allows him to quickly sign up for new accounts. So its a losing battle for me.

I have thought of adding some key words to my spamassasin config and filtering his mails based on that but I want him to get a message back saying that he was blocked.

Ideally, I would like his emails to get forwarded to another email account (mine or a dead account used to just to store these emails) and a automated message sent back to him saying his email is not getting through.
I guess I just want to know what my options are or if what i am doing is all I can do.

Before anyone says "change her email address",
I can't or if I do, I have to put her new address on the library web site for the pubic to see since the library is government funded by the public.

Until I have a better solution, I will continue to add his new addresses to the badmailfrom file.

Thanks to anyone with any input.

If the situation is serious enough that the recipient is in fear from these anonymous messages, wouldn't it be a good idea to notify a law-enforcement agency? The FBI can and will investigate cases like this if there is reason enough to. The local police department would surely be able to give some advice.

Spam is one thing, but threatening mail on a daily basis is another.

Yes, she did contact the police but I don't think they took her very seriously.
They said there was nothing much they can do.
I don't think the emails were this serious before though.

I think in that case I'd phone the local FBI office and speak to an agent. At least you could get their opinion on the best course of action.

Here is what I suggest that you do.

1. Compile the documentation on this harrassing communication to your co-worker.
(All the saved messages with originating headers.)

2. Contact your organization's legal counsel and notifiy them of the issue.

3. Have your lawyers file a cease and desist order against the ISP(s). Then have them file a Subpeanoea to release information regarding the threatening person, i.e. what their name is, what their dial-in IP is. etc.
If you do get the name of the real person then have legal counsel file a restraining order against them.

You may also want to investiagate applying a content filter to her account to catch the messages with offending keywords. Then configure the filter to set all messages that contain the offending keywords to no send. Then you have to review the messages content to make sure that it is not a false positive.

Good Luck,

Thorn

You can also block entire domains should the ISP not respond appropriately to your requests.

While this (entire domain blocking) would certainly be an action in good faith, I'd consider it as an absolutely last resort. I've had emails blocked this way although I have one of the largest and generally well-respected providers (SBCGlobal). In my opinion, block a domain is like ripping out a pay phone because one criminal has used it for transactions. Only it's even worse....

I hope someday in the NEAR future, a technique will be devised for either (1) making spoofing impossible (no person with any dignity ever needs to do it); (2) tracking originators of malicious email despite spoofing; or (3) both.

Thorn168's suggestions are excellent, except, in my view, the whole-domain block.

And I am sure that, if it comes to that, the FBI will be cooperative in making suggestions also. They sincerely do wish to help the public, despite the bad publicity they inevitably get from time to time. I used to be a civilian police employee and had frequent contact with FBI agents, and invariably found them to be decent, cooperative people.

All of these suggestions are exactly what I needed.
I will compile a list of things I can do and let you all know the outcome to each thing I try.
Thanks to all of you a tonn.

I hope the story has a happy ending, which for me would include punishment of the anonymous harasser. It will always be a mystery to me how people can be so cowardly and so mean at the same time. But apparently lots of folks know how.

jonr,

I agree with you that domain blocking IS harsh. But sometimes you have to harsh before people take action to address a situation.

It is hard to strike a balance when you are honor bound to protect and serve yet the thing you are trying to protect against is obscured.

I take threatening communications seriously because my wife used to work as a couselor for battered women. (It is confounding how the law works in domestic abuse cases sometimes.) Also it is not just an individual problem but a collective one as well: do we abandon the victims in society to the predators or do we take collective action to protect ourselves from the predators?

I will stop here since we could go on and on about what should be done.

I am glad I could help you John Doe,

Thorn

Thorn168, we're definitely in basic agreement. The law as it stands tends sometimes (not always) to protect predators and violent criminals more than it does their victims, real or potential.

I think blocking would be a non-existent issue if our legislators cared enough about the vital nature of communications to fund and demand a technological solution to communications-enabled crime.

But to comment further would be to get into a political tirade out of place here, and to brand myself as a left-wing liberty-loving peacenik type radical--which would be accurate, but beside the point.

I'm totally with you, except for the blocking issue. As for domestic abuse, including battered women, that's one of the horrors of our society that should be but is not addressed by legislators intent on--oh, I forgot, I wasn't going to get into that.

Thanks for your very good comments. And I hope John Doe does get a happy ending to his problem (and the problem of the message recipient).

keep copies of this guys emails.........IF he has made any type of terorristic threats, the FBI will want to see the emails and they WILL hunt his arse down and he will have to explain himself..........domestic terrorism should NEVER be tolerated!

Looks like freakyg and I solidly agree on this! There's no excuse for harassment; it's cowardly, disturbing (to say the least), and repugnant to anybody with a sense of decency. I wholeheartedly second freakyg's suggestion, and can pretty much guarantee the FBI will help in one way or another. Don't be afraid to contact them. They're there to help.

If you were to redirect mail from this person to either yours or a null account and not send an email back saying that email address has been blocked he may believe that email from this account is still getting through and stop siging up to new accounts.

Just a thought

Would it not be easy just to add a rule in the form of a list of banned words to your mail filter (spamassassin), say eg f**k, s**t, etc, then dump anything that contains those to /dev/null (or a secondary mail queue where you can examine them later).

Eliminating those words should ease the problem a little.

To build your wordlist, look through all the emails you have from him, for common words he/she uses, then add them.