Welcome to WebmasterWorld Guest from 54.157.222.62

Forum Moderators: phranque

Message Too Old, No Replies

Still Getting 20,000 spam emails a day

   
9:10 pm on Sep 25, 2009 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member



A message I posted here three years ago:

[webmasterworld.com...]

said that my server was getting 30,000 spam emails a day.

Three years on I'm still getting the spam - but now only an average of 20,000 a day.

re: mail is being sent to nonexistent recipients aaaaaa@mysiteexample.com alexis200022222@mysiteexample.com alibaba27273y173y127y@mysiteexample.com etc.

Well it's three years since I wrote that thread and since that time the server has received something like 22 million spam messages.

Is it possible to put a $ figure on that? In server resources, bandwidth, power usage? How many nanowatts/hr would a single message use up?

I am using sbl's now and none of that spam gets through anyway due to not using a catchall. I would have thought that the emails would have expired overtime but this is clearly not the case.

Can someone check these log files to ensure that the right thing is being done?

blocked by xbl lookup
-------------------------
Sep 25 21:44:20 mydomain postfix/smtpd[#*$!]: NOQUEUE: reject: RCPT from unknown[123.24.nnn.nnn]: 554 5.7.1 Service unavailable; Client host [123.24.nnn.nnn] blocked using xbl.spamhaus.org; h t t p: // w w w.spamhaus.org/query/bl?ip=123.24.nnn.nnn; from=<grogginesszg2795@#*$!#*$!xx.com> to=<ayumi-o2@mysiteexample proto=ESMTP helo=<CQPVCIDZUR>
-------------------------

blocked due to no local recipient
-------------------------
Sep 25 21:59:49 mydomain postfix/smtpd[#*$!]: warning: 90.198.#*$!.#*$!.list.dsbl.org: RBL lookup error: Host or domain name not found. Name service error for name=90.198.#*$!.#*$!.list.dsbl.org type=A: Host not found, try again
Sep 25 21:59:49 mydomain postfix/smtpd[#*$!]: NOQUEUE: reject: RCPT from unknown[190.166.#*$!.#*$!]: 550 5.1.1 <ayucel2@mysiteexample>: Recipient address rejected: User unknown in local recipient table; from=<ayucel2@mysiteexample> to=<ayucel2@mysiteexample> proto=ESMTP helo=<#*$!.#*$!.190.x.#*$!.#*$!.net.do>
Sep 25 21:59:49 mydomain postfix/smtpd[#*$!]: lost connection after RCPT from unknown[190.166.#*$!.#*$!]
Sep 25 21:59:49 mydomain postfix/smtpd[#*$!]: disconnect from unknown[190.166.#*$!.#*$!]
-------------------------

9:44 pm on Sep 25, 2009 (gmt 0)

WebmasterWorld Senior Member 5+ Year Member



If your email is important and you don't want to shut it down completely, I suggest paying for a good "junk email filter" server. You point your MX record to their server, they clean out the junk, then send you back the good emails.
10:45 am on Sep 26, 2009 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member



It's not a problem at all as the catchall stops 100% of that span, and sbl's a good percentage of the rest.

The server is low traffic in general.

I was just wondering if the logfiles are showing that the blocking method is efficient, i.e. it's blocking at the right stage and sending the right signal back.

I was also wondering why the emails had not dried up. You would think that the botnet controllers would change the list every few months but this is not the case.

ayucel2 at mydomain has been sent for four years now. Why hasn't the botnet dropped it?

12:06 pm on Sep 26, 2009 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member



Although this is offtopic...but still some what relevant to original post

If you can afford use Google domain tools email service. The most of SPAM will be taken care of by Google and you will get almost spam free emails.

I know this is real solution , seems like running away from real problem. But still this is an option with you.

8:54 pm on Sep 26, 2009 (gmt 0)

WebmasterWorld Senior Member kaled is a WebmasterWorld Top Contributor of All Time 10+ Year Member



A while back, I recreated an email address that had been out of use for about five years - it received spam immediately so I closed it again (it wasn't important to me). I don't think spammers ever give up on an address completely.

Kaled.

12:16 pm on Oct 2, 2009 (gmt 0)

5+ Year Member



I wonder if there is an option to make small $$ out of those big spam content...
am i greedy here?
1:03 am on Oct 6, 2009 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member



Sounds like a good candidate for a 'greylisting' or 'tarpitting' front end coupled with a 'whitelist' of valid email addresses. The ASSP open source application would be a great fit.

Log analysis is most fruitful in assembling SPAM complaints based on net-blocks to their owners. Many times the headers are forged making the results of these efforts more academic than evidence worthy.