On Wed, 2004-12-15 at 14:29, Littleguru wrote: > ello > > I know that I can block the source of spam attack through > firewall , but what can I do about the sites that have been > triggered to send spam .the site is innocent but spammers are > using it for sending spam , so I dont want to suspend that site. > Do you know how to accomplish this, and how they trigger > another site to send spam ? and how we can prevent this ? > any link , help or hint will be greatly appreciated. Hi I have found two types of attacks like this affecting my servers. One has been covered in this thread and that is domain spoofing. The best way to stop it is that the return emails should contain full headers including the originating SMTP server IP. Contact the admins of that server and tell them what is going on and they should help you find the spammers. But laws where the spammers or the severs resides will be in effect and you might have trouble getting more from them but basic info. Other than this there is very little you can do. The other one I found that was fun to track down was that someone used a nice little php script to spoof domains (again not much the domains themselves could do as they weren't located on my server) and send from one of my servers as nobody. 1000s of emails in hours. It was bogging down my server but eventually we found it. The grepping the domlogs for the script name showed me what IP accessed that file and then again getting any real resolution depends on the local laws where the spammer resides. This one tho removing the script and blocking the IP accessing the script effectively put a stop to them on my servers (can't say if they moved to another). -- Mike Ramirez <mike@xxxxxxxxxxxxxx>
Attachment:
signature.asc
Description: This is a digitally signed message part
