[H-GEN] Anti-spam tool wanted

Greg Black gjb at gbch.net
Wed Apr 30 23:58:52 EDT 2003 

Over the past week, I have been flooded by spam addressed to
random (non-existent) usernames at various domains that I am
responsible for.  The universal characteristics of these spam
attempts are that they all purport to be from a random (and also
non-existent) username at yahoo.com and they only attempt to
deliver their payload to a handful of addresses.

My MTA can't deliver the messages because we don't have a user
to deliver them to; and it can't deliver the obvious bounce
message to yahoo, because the yahoo user doesn't exist either.
Therefore, I get the double bounce messages.

Here is a partial set of typical headers:

> Return-Path: <o07ci2xt at yahoo.com>
> Received: (qmail 54109 invoked from network); 1 May 2003 13:42:27 +1000
> Received: from pcp02479314pcs.ftmyer01.fl.comcast.net (68.54.79.215)
>   by gw.gbch.net with SMTP; 1 May 2003 13:42:27 +1000
> Received: from  ([86.247.154.157]) by pcp02479314pcs.ftmyer01.fl.comcast.net; Fri, 02 May 2003 01:38:52 -0300
> Message-ID: <c98e855k5c-66-8 at 48xif.z.0c>
> From: "Katharine Steele" <o07ci2xt at yahoo.com>
> To: artan.borici at gba.oz.au

Each such attempt comes from a different IP address.

What I want is a tool that can sit on my SMTP port, check for a
MAIL FROM SMTP command that claims to be from yahoo.com, check
the IP to see if it's a yahoo server, and then issue an immediate
553 error if it's not a real yahoo host.  If it's not claiming
to be from yahoo, or if it's a possible real yahoo message, it
should then hand over the connection to the real MTA for further
processing.

If anybody can point me to something that does this, I'd be
grateful.  I'm not interested in rules for a particular MTA that
would cause it to do this, as this situation involves several
MTAs and all of them are different -- I need a tool that handles
this before the MTA gets its hands on the connection.

Greg

-- 
Greg Black <gjb at gbch.net> <http://www.gbch.net/gjb.html>
GPG signed mail preferred; further information in headers.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 249 bytes
Desc: not available
URL: <http://lists.humbug.org.au/pipermail/general/attachments/20030501/2bc6e311/attachment.sig>

More information about the General mailing list