hex74726176
Joined: Oct 28, 2004
# Posts: 57
|
Posted: 2006-Mar-19 00:21
Hi all,
I've just set up a virtual dedicated server and the spam is starting to roll in thick and fast.
I've set up a few email addresses and set them up in outlook. I'm using Plesk and in the Mail Preferences I've chosen the option "reject" if someone mail's to a non-existent user.
However I'm getting mail to non existant users coming through to my outlook.
Here's the details of one such email that came through to me. It came through to test@domainname but I only have webmaster@domainname. My domain name and server name have been changed to protect the innocent.
Do you know what tactics they're imploying and how I can stop them? Do I need to set up a firewall?
Another such email I received to a different domain but I think may use similar tactics but is slightly different. Apparently they can help me gain "Greater control over ejaculation". This seems to get me just via the domain whereas the other got me via the server.
Where do they find out my information from? Why won't they all just f@#* off and die? Does anyone ever respond to these things?
Frustratedly yours,
Travis
|
 |
g1smd
Staff
Joined: Jul 28, 2002
# Posts: 10465
|
Posted: 2006-Mar-19 09:35
Set up a whitelist so that unless mail is going to "yourname@yourdomain.com" you send it all to: /dev/null.
Problem solved.
|
|
hex74726176
Joined: Oct 28, 2004
# Posts: 57
|
Posted: 2006-Mar-19 11:46
OK but I need more info on how to do this please.
A google of whitelist's mostly refer to a whitelist of acceptable email addresses sending you an email.
I don't know what to search on to get info on the type of whitelist you are talking about.
Also looking at the code about they may get around some normal whitelists because they send it to
15-webmaster@domainname.com. ie. The actual email address is a subset of the email address they send it to. Is a whitelist smart enough to avoid such trickery?
|
|
SportsGuy
Staff
Joined: Aug 30, 2002
# Posts: 3603
|
Posted: 2006-Mar-19 14:35
Hey Travis - depending on how you're hosting, can't recall if you mentioned it, there may be defaults in your account settings and a spot to list white-listed e-mails.
G's idea sounds better, though, as it should dump anything not already matching, rather than forcing you to continually update a whitelist.
|
|
hex74726176
Joined: Oct 28, 2004
# Posts: 57
|
Posted: 2006-Mar-21 05:04
I'm using Plesk to manage my unix server.
The only whitelist option is a server wide whitelist that requests IP addresses.
The help on this says:
"Managing White List
The white list is used to specify the IP addresses from which mail will always be relayed without authorization, even if the mail relaying is disabled on the server.
To add an IP address to the white list, click Add Network.
To remove an IP address from the list, select the corresponding checkbox and click Remove Selected.
To sort the list in ascending or descending order by IP address/mask values, click the respective column heading.
To search in the list, enter a pattern into the input box and click Search. All matching items will be displayed in a reduced list. To revert to the whole list, click Show All."
I'm not sure this is not going to help me.
I'd love to do g1smd's idea but I have no idea what he means or how I would go about it. That's why I tried to search google but it has been no help.
Could you please just give me some more detail and I'll set up a whitelist of incoming email addresses?
Thanks,
Travis
|
|
Prowler
Staff
Joined: Aug 14, 2000
# Posts: 1832
|
Posted: 2006-Mar-21 05:16
There are many ways of doing things. Arresting spam is an ongoing process like all things in administering a server.
Have you tried SpamAssassin ? This is available from [link]
I don't have a Plesk at hand at the moment, but the Cpanel control panel in my server has a tag enabling/disabling this tool.
|
|
hex74726176
Joined: Oct 28, 2004
# Posts: 57
|
Posted: 2006-Mar-21 05:35
OK I can get spam-assassin by buying it. Which it looks like I will have to do. That should deal with the wider issue of spam. I just thought the "receiving emails to email addresses that don't even exist issue" might be fixable without a package and I thought g1 had a unix code solution for it.
Thanks,
Travis
|
|
Prowler
Staff
Joined: Aug 14, 2000
# Posts: 1832
|
Posted: 2006-Mar-21 05:46
Spam assassin is an Open Source software. You need not pay anything to use it. But configuring it to your needs can take a bit of getting used to. You can have a spambox created where the tool dumps the flagged mails. You might have to check this box in the initial days to make sure that the conditions you have set do not result in nuking legitimate mails. Once you are sure that all is well, then remove the spambox and all spams will be nuked.
|
|
hex74726176
Joined: Oct 28, 2004
# Posts: 57
|
Posted: 2006-Mar-21 06:23
Sorry I must be getting really annoying by now. 
I've downloaded the file Mail-SpamAssassin-3.1.1.tar.gz
I can log in using putty.
What are the commands to load the file from windows into unix, unzip it and change the settings?
Thanks,
Travis
|
|
Prowler
Staff
Joined: Aug 14, 2000
# Posts: 1832
|
Posted: 2006-Mar-21 13:42
>>Sorry I must be getting really annoying by now ...
Not at all.
Here is what you have to do:
Upload the file through FTP and once it is done. Log in through your putty.
Navigate to the directory where you have downloaded the file. Then move the file to your home directory. You don't want to mirror the Spam Assassin software in your site. So move this file to your home directory where the world can't see this.
Moving files is easy:
mv SpamAssassin-3.1.1.tar.gz /home/admin/
or whatever your home directory is.
Another easy way is to use wget.
Change directory to your home directory like so:
cd ~
Once there, type like this:
wget [link]
That will download the file into your home directory.
Once done, follow the instructions from here :
[link]
If your OS is RedHat Linux, you can invoke this:
rpmbuild -tb Mail-SpamAssassin-3.1.1.tar.gz
Please note that there is plenty of documentation available in this site.
|
|
hex74726176
Joined: Oct 28, 2004
# Posts: 57
|
Posted: 2006-Mar-22 10:16
Hi Prowler,
I'm getting there.
I have the Mail-SpamAssassin-3.1.1.tar.gz file in my root directory.
Redhat is my OS.
I tried the command rpmbuild -tb Mail-SpamAssassin-3.1.1.tar.gz
And got this error message.
error: Failed to rename /usr/src/redhat/SPECS/rpm-spec.sM1kKb to /usr/src/redhat /SPECS/rpm-spec.sM1kKb: Permission denied: No such file or directory
I went to the directory /usr/src/redhat/SPECS/ and typed in dir.
There were no files in there.
What does it all mean?
Thanks,
Travis
|
|
hex74726176
Joined: Oct 28, 2004
# Posts: 57
|
Posted: 2006-Mar-22 10:28
More specifically my OS is Red Hat Fedora Core 2 is that the same as Redaht Linux?
|
|
Prowler
Staff
Joined: Aug 14, 2000
# Posts: 1832
|
Posted: 2006-Mar-23 12:45
Yes.
Normally it is not a safe habit to login as root in your server box. You will have logged in as someone -less powerful. But it pays to invoke the su (super user) before you start installing application packages. So you will have to type su
and supply your root password. Then invoke the rpmbuild command with the required parameters.
In case if it still returns some dependency issues ( saying that something is missing before xxx module can be installed) then you may have to go by the CPAN route.
I am afraid this might all sound a little convoluted, but it takes a bit of effort.
|
|
Curt
Joined: Eons Ago
# Posts: 3747
|
Posted: 2006-Apr-08 11:46
hex74726176, ensure that you do not have your mail settings for each mail account enabled to "catch-all".
Under mail preferences in Plesk, you'll find 2 settings:
- Bounce with phrase
- Catch to address
Pick “Bounce with phrase” and type in a short bounce message. It works for me when people try to send to an address that does not exist in my domains. I had one problem domain like yours and thought that somehow they were getting around that feature. Turns out I had “Catch to address” selected by mistake. Just be sure.
Personally, I do not like to install spam handling measures based on whitelisting various sources or using server spam software. These tend to also mistakenly delete good email from time to time which is a problem. If you take good measures to keep your email addresses off of your web sites and use certain form mail handling script methods, you'll find that your spam will go almost to zero.
Ever since I programmed my form cgi's to make the user verify that they are real people sending email via forms, I get maybe 1 to 5 spams a month at most. The user is required to enter a random number generated before the form mail can successfully be submitted. This effectively stops all mail form spambots because the spambots are not able to enter the random number generated.
I never ever put up a simple HTML email hyperlink. At the very least you should generate your email addresses via JavaScript code to keep the harvesters from reading your email addresses embedded within web pages.
|
|
hex74726176
Joined: Oct 28, 2004
# Posts: 57
|
Posted: 2006-Apr-22 04:08
My Plesk shows the following options for Mail to nonexistent user
1. Bounce with message
2. Forward to address
3. Reject
I've chosen Reject. This should stop them shouldn't it? But they keep coming.
Rather than forms for my email I've put links on the homepage to a separate email page and then put that email page which I put in my robots file. Should this stop spambots?
|
|
Prowler
Staff
Joined: Aug 14, 2000
# Posts: 1832
|
Posted: 2006-Apr-22 12:22
>>Should this stop spambots?
No. They won't for the simple reason the email harvesting bots don't obey any rules.
|
|
g1smd
Staff
Joined: Jul 28, 2002
# Posts: 10465
|
Posted: 2006-Apr-22 22:34
Your email address link needs to be written out using javascript fragments, or email sent to you by using a form on your site (with the email address only in the server-side code, NOT in the visible HTML page), or placed as words in a non-clickable image.
Bots will find anything that looks like someone@somewhere or which starts with mailto: on ANY HTML page of the site. The robots.txt file will not stop them from collecting the email addresses from your site.
Do a Google search for your email address and get every site that has published it to remove your email address from view.
|
|
punkygirl21
Joined: May 25, 2006
# Posts: 2
|
Posted: 2006-May-25 18:25
Does your Plesk come with SPAM ASSASIN? It does have that feature.
I set it up on my server with my host.
|
|
Inbox
