homepage Welcome to WebmasterWorld Guest from
register, free tools, login, search, subscribe, help, library, announcements, recent posts, open posts,
Pubcon Platinum Sponsor 2014
Visit PubCon.com
Home / Forums Index / WebmasterWorld / Webmaster General
Forum Library, Charter, Moderators: phranque & physics

Webmaster General Forum

Still Getting 20,000 spam emails a day

 9:10 pm on Sep 25, 2009 (gmt 0)

A message I posted here three years ago:


said that my server was getting 30,000 spam emails a day.

Three years on I'm still getting the spam - but now only an average of 20,000 a day.

re: mail is being sent to nonexistent recipients aaaaaa@mysiteexample.com alexis200022222@mysiteexample.com alibaba27273y173y127y@mysiteexample.com etc.

Well it's three years since I wrote that thread and since that time the server has received something like 22 million spam messages.

Is it possible to put a $ figure on that? In server resources, bandwidth, power usage? How many nanowatts/hr would a single message use up?

I am using sbl's now and none of that spam gets through anyway due to not using a catchall. I would have thought that the emails would have expired overtime but this is clearly not the case.

Can someone check these log files to ensure that the right thing is being done?

blocked by xbl lookup
Sep 25 21:44:20 mydomain postfix/smtpd[#*$!]: NOQUEUE: reject: RCPT from unknown[123.24.nnn.nnn]: 554 5.7.1 Service unavailable; Client host [123.24.nnn.nnn] blocked using xbl.spamhaus.org; h t t p: // w w w.spamhaus.org/query/bl?ip=123.24.nnn.nnn; from=<grogginesszg2795@#*$!#*$!xx.com> to=<ayumi-o2@mysiteexample proto=ESMTP helo=<CQPVCIDZUR>

blocked due to no local recipient
Sep 25 21:59:49 mydomain postfix/smtpd[#*$!]: warning: 90.198.#*$!.#*$!.list.dsbl.org: RBL lookup error: Host or domain name not found. Name service error for name=90.198.#*$!.#*$!.list.dsbl.org type=A: Host not found, try again
Sep 25 21:59:49 mydomain postfix/smtpd[#*$!]: NOQUEUE: reject: RCPT from unknown[190.166.#*$!.#*$!]: 550 5.1.1 <ayucel2@mysiteexample>: Recipient address rejected: User unknown in local recipient table; from=<ayucel2@mysiteexample> to=<ayucel2@mysiteexample> proto=ESMTP helo=<#*$!.#*$!.190.x.#*$!.#*$!.net.do>
Sep 25 21:59:49 mydomain postfix/smtpd[#*$!]: lost connection after RCPT from unknown[190.166.#*$!.#*$!]
Sep 25 21:59:49 mydomain postfix/smtpd[#*$!]: disconnect from unknown[190.166.#*$!.#*$!]



 9:44 pm on Sep 25, 2009 (gmt 0)

If your email is important and you don't want to shut it down completely, I suggest paying for a good "junk email filter" server. You point your MX record to their server, they clean out the junk, then send you back the good emails.


 10:45 am on Sep 26, 2009 (gmt 0)

It's not a problem at all as the catchall stops 100% of that span, and sbl's a good percentage of the rest.

The server is low traffic in general.

I was just wondering if the logfiles are showing that the blocking method is efficient, i.e. it's blocking at the right stage and sending the right signal back.

I was also wondering why the emails had not dried up. You would think that the botnet controllers would change the list every few months but this is not the case.

ayucel2 at mydomain has been sent for four years now. Why hasn't the botnet dropped it?


 12:06 pm on Sep 26, 2009 (gmt 0)

Although this is offtopic...but still some what relevant to original post

If you can afford use Google domain tools email service. The most of SPAM will be taken care of by Google and you will get almost spam free emails.

I know this is real solution , seems like running away from real problem. But still this is an option with you.


 8:54 pm on Sep 26, 2009 (gmt 0)

A while back, I recreated an email address that had been out of use for about five years - it received spam immediately so I closed it again (it wasn't important to me). I don't think spammers ever give up on an address completely.



 12:16 pm on Oct 2, 2009 (gmt 0)

I wonder if there is an option to make small $$ out of those big spam content...
am i greedy here?


 1:03 am on Oct 6, 2009 (gmt 0)

Sounds like a good candidate for a 'greylisting' or 'tarpitting' front end coupled with a 'whitelist' of valid email addresses. The ASSP open source application would be a great fit.

Log analysis is most fruitful in assembling SPAM complaints based on net-blocks to their owners. Many times the headers are forged making the results of these efforts more academic than evidence worthy.

Global Options:
 top home search open messages active posts  

Home / Forums Index / WebmasterWorld / Webmaster General
rss feed

All trademarks and copyrights held by respective owners. Member comments are owned by the poster.
Home ¦ Free Tools ¦ Terms of Service ¦ Privacy Policy ¦ Report Problem ¦ About ¦ Library ¦ Newsletter
WebmasterWorld is a Developer Shed Community owned by Jim Boykin.
© Webmaster World 1996-2014 all rights reserved