Greetings, I hope everyone is having a good day. We have a highly visible list that is being spammed with join requests from spoofed addresses. When the confirmation email is sent a bounce is received by the list owner. The count is in the 100’s of bounced emails/hour. We noticed they are all coming from one particular domain, this may help if we are able to filter/block the domain. What would be the best way to handle this? Is there a way to handle this granularly at the list level?
Thank you as always for your assistance. Enrique
On 2/28/19 9:15 AM, Enrique Terrazas wrote:
Greetings, I hope everyone is having a good day. We have a highly visible list that is being spammed with join requests from spoofed addresses.
Web or email?
When the confirmation email is sent a bounce is received by the list owner. The count is in the 100’s of bounced emails/hour. We noticed they are all coming from one particular domain, this may help if we are able to filter/block the domain. What would be the best way to handle this? Is there a way to handle this granularly at the list level?
If the requests are coming by email, you can block the domain in your MTA., E.g. with postfix
in main.cf:
header_checks = pcre:/etc/postfix/header_checks.pcre
in /etc/postfix/header_checks.pcre:
/^From:.*[@.]bad.domain\w/ DISCARD
or
/^From:.*[@.]bad.domain\w/ REJECT We don't accept mail from bad.domain.
For web requests, adding a pattern like '^.*[@.]bad.domain$' to the lists "Banned addresses" might help.
-- Mark Sapiro <mark@msapiro.net> The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan
Thank you Mark! The requests are coming in via email. We were able to filter these out with the recommendation below. Blocking an entire domain is a bit extreme but I wanted to stop the bleeding. Can you, or someone on the list, point me in the the right direction as far as configuring postfix to protect against Spam campaigns? I’ve started reading through this document: http://www.postfix.org/BACKSCATTER_README.html
But am not sure if this is where I should direct my efforts. Enrique
On Feb 28, 2019, at 12:44 PM, Mark Sapiro <mark@msapiro.net<mailto:mark@msapiro.net>> wrote:
On 2/28/19 9:15 AM, Enrique Terrazas wrote: Greetings, I hope everyone is having a good day. We have a highly visible list that is being spammed with join requests from spoofed addresses.
Web or email?
When the confirmation email is sent a bounce is received by the list owner. The count is in the 100’s of bounced emails/hour. We noticed they are all coming from one particular domain, this may help if we are able to filter/block the domain. What would be the best way to handle this? Is there a way to handle this granularly at the list level?
If the requests are coming by email, you can block the domain in your MTA., E.g. with postfix
in main.cf:
header_checks = pcre:/etc/postfix/header_checks.pcre
in /etc/postfix/header_checks.pcre:
/^From:.*[@.]bad.domain\w/ DISCARD
or
/^From:.*[@.]bad.domain\w/ REJECT We don't accept mail from bad.domain.
For web requests, adding a pattern like '^.*[@.]bad.domain$' to the lists "Banned addresses" might help.
-- Mark Sapiro <mark@msapiro.net<mailto:mark@msapiro.net>> The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan
Mailman-users mailing list -- mailman-users@mailman3.org<mailto:mailman-users@mailman3.org> To unsubscribe send an email to mailman-users-leave@mailman3.org<mailto:mailman-users-leave@mailman3.org> https://nam03.safelinks.protection.outlook.com/?url=https%3A%2F%2Flists.mail...
participants (2)
-
Enrique Terrazas -
Mark Sapiro