George,
First it's paramount that you determine what address the spam is being
sent to. Once that is determined, you can act:
I assume the list is closed and only list members are allowed to post
messages.
If so, then either a) a list member is spamming the list (unlikely) or
b) there is a hole through which spammers are able to address the
list that bypasses the list membership requirement.
The following is only useful if you run sendmail:
I had this problem a couple of years ago, and found that the problem
was well-known: if the list is called foo, then foo-outgoing will
be mentioned in the headers of each outgoing message. This is a
mail alias on your machine that BYPASSES majordomo, so ANY mail to
it will just get sent to the list. Spammer programs on zombie
Windoze computers were harvesting the addresses from the headers
of any email stored on the luser's computer.
The standard fixes are:
1. change your alias for each list so that instead of:
foo: "|/usr/local/majordomo/demime '|/usr/local/majordomo/wrapper resend -p
bulk -M 10000 -l foo -h dudley.casano.com -I foo foo-outgoing'
"
You put
foo: "|/usr/local/majordomo/demime '|/usr/local/majordomo/wrapper resend -p
bulk -M 10000 -l foo -h dudley.casano.com -I foo f0o-0utgoing,null'
"
Note the addition of ",null" to the alias. This prevents sendmail
from putting the outgoing address in the headers. As an extra step,
I changed my outgoing address from foo-outgoing to f0o-0utgoing in
order to invalidate the old compromised outgoing address.
2. Add this magic recipe to your virtusertable:
f0o-0utgoing@casano.com error:nouser User unknown
owner-f0o-0utgoing@casano.com error:nouser User unknown
and do whatever it is on your machine that causes virtusertable.db
to be rebuilt. ("make" on FreeBSD).
This causes sendmail to bounce any message sent to your outgoing alias.
I hope this helps.
Bill Dudley
Jackson, NJ
P.S. funny coincidence on the city name, huh?
> From georgek@netwrx1.com Thu Jul 7 16:16:57 2005
> From: "George R. Kasica" <georgek@netwrx1.com>
> To: "William Dudley Jr." <wfd99@casano.com>
> Cc: majordomo-users@greatcircle.com
> Subject: Re: proposed solution for spam sent to majordomo@yourdomain
> Date: Thu, 07 Jul 2005 15:17:13 -0500
>
> Bill:
>
> I'm having a similar problem here with spam going directly to the list
> addresses such as the digestify etc. Do you know a way I can stop this
> from getting in my digests as I am now to the point where it will
> generate a digest of only spam...I'm running spamassassin here and
> looking for various taboo headers and X-Spam type stuff but somehow
> they seem to get the messages past the spamassassin step.
>
> Feel free to reply off list if you feel its not appropriate here on
> list.
>
> I can provide samples or my settings if needed
>
> George
> ===[George R. Kasica]=== +1 262 677 0766
> President +1 206 374 6482 FAX
> Netwrx Consulting Inc. Jackson, WI USA
> http://www.netwrx1.com
> georgek@netwrx1.com
> ICQ #12862186
>
> !DSPAM:42cd8db9560059412716617!
>
>
Follow-Ups:
References:
|
|
