major spam attack on my domain

major spam attack on my domain

Posted by: jukegrad
Posted on: 2004-03-23 13:12:00

It's around 1pm on 3/23 - in the last 12 hours, I've recieved over 500 pieces of spam mail, all with identical Received from: headers:

Return-Path: <DV6.2373@twister.nyc.rr.com>
Delivered-To: m9489623@plunder.dreamhost.com
Received: from hans.net (dial-bu-185-234.wcnet.org [157.134.185.234])
by plunder.dreamhost.com (Postfix) with SMTP id 399DC863E2
for <699100clrrmas@jukeboxgraduate.com>; Tue, 23 Mar 2004 12:51:23 -0800 (PST)
Date: Tue, 23 Mar 2004 15:52:13 -0500
To: 699100clrrmas@jukeboxgraduate.com
Subject: Re: Document
From: DV6.2373@twister.nyc.rr.com
Message-ID: <ywwspjxfnemlgkvgifk@jukeboxgraduate.com>
MIME-Version: 1.0
Content-Type: multipart/mixed;
boundary="--------kyukpywdwytdnwfyetec"

What I'd like to be able to do is turn on (or turn off) the ability for someone to send email to any address at my domain - you'd have to have an actual address, you couldn't just use [anything]@mydomain.com to get email through. I have Razor set up but it's just not catching these.

I suspect this is a deliberate target as the addresses that are being spoofed as the return addresses come from a usenet newsgroup I frequent.

I have contacted the spam and abuse and postmaster aliases at the wcnet.org and hans.net domains as well.

Any help or advice welcomed.


Re: major spam attack on my domain

Posted by: will
Posted on: 2004-03-23 14:35:00

In reply to:

What I'd like to be able to do is turn on (or turn off) the ability for someone to send email to any address at my domain - you'd have to have an actual address,

You want to turn this on, or off?

You can remove the catchall alias from the web panel under Mail => Addresses - won't that do what you want?

From the subject line, I'd guess that this is a virus, and not spam.

Re: major spam attack on my domain

Posted by: jukegrad
Posted on: 2004-03-23 15:11:00

I want to turn it off, I guess.

"You can remove the catchall alias from the web panel under Mail => Addresses - won't that do what you want?"

I don't know if that's what I want to do - thus the reason I was here asking for help. I"m sorry, but there isn't any documentation on this that I could find.

"From the subject line, I'd guess that this is a virus, and not spam."

Just to clarify - you're saying that the sender of these messages has a virus, correct? NOt that there's a virus on my machine?


Re: major spam attack on my domain

Posted by: will
Posted on: 2004-03-23 15:24:00

In reply to:

I don't know if that's what I want to do - thus the reason I was here asking for help.

If you only want mail for addresses that are explicitly specified to work, and don't want to receive mail addressed to any unspecified address at your domain, you should remove the "*" (catchall / wildcard) alias. You don't need to set * to bounce or delete - just remove the entry entirely.

In reply to:

Just to clarify - you're saying that the sender of these messages has a virus, correct

Basically, yes. The message itself is likely a virus.

Tags: spam mailreturn pathrecievedheadersdomain