On 8/28/2015 1:21 PM, Robert Wolfe wrote:> I've been getting that intermittently during the day today.I haven't seen any since I put the sending domain with a 'DISCARD' in my /etc/mail/access database (using sendmail here) -- john r pierce, recycling bits in santa cruz
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 28/08/15 22:24, John R Pierce wrote:> On 8/28/2015 1:21 PM, Robert Wolfe wrote: >> I've been getting that intermittently during the day today. > > I haven't seen any since I put the sending domain with a 'DISCARD' > in my /etc/mail/access database (using sendmail here) >Well, is there another domain involved now ? It seems the previous spammer (using multiple VMs on DigitalOcean network) had been blocked. As nothing is sent through the mailman/centos.org server, I can't even look at logs, but if you have useful informations (like some headers), feel free to forward those to me (and not on the list). Cheers, - -- Fabian Arrotin The CentOS Project | http://www.centos.org gpg key: 56BEC54E | twitter: @arrfab -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.22 (GNU/Linux) iEYEARECAAYFAlXg0D4ACgkQnVkHo1a+xU5OnACggUMg3QikAFsgAAeHSGGGI5Q1 5MgAn2leYj3Wbflv1w8gHnNICEEOKOo3 =rEWD -----END PGP SIGNATURE-----
Hey Fabian, Here's the headers for one of the spam responses I got from the list: from:Tracy <tracy12614 at safeloves.com>reply-to:tracy12614 at safeloves.com to:Tim Dunphy <bluethundr at gmail.com> date:Fri, Aug 28, 2015 at 2:19 PMsubject:Re: [CentOS] apache mysterious 404 errormailed-by:safeloves.comsigned-by:safeloves.com:Important mainly because it was sent directly to you. Please let me know if that's not what you're looking for! Thanks, Tim On Fri, Aug 28, 2015 at 5:18 PM, Fabian Arrotin <arrfab at centos.org> wrote:> -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > On 28/08/15 22:24, John R Pierce wrote: > > On 8/28/2015 1:21 PM, Robert Wolfe wrote: > >> I've been getting that intermittently during the day today. > > > > I haven't seen any since I put the sending domain with a 'DISCARD' > > in my /etc/mail/access database (using sendmail here) > > > > Well, is there another domain involved now ? It seems the previous > spammer (using multiple VMs on DigitalOcean network) had been blocked. > As nothing is sent through the mailman/centos.org server, I can't even > look at logs, but if you have useful informations (like some headers), > feel free to forward those to me (and not on the list). > > Cheers, > > - -- > Fabian Arrotin > The CentOS Project | http://www.centos.org > gpg key: 56BEC54E | twitter: @arrfab > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v2.0.22 (GNU/Linux) > > iEYEARECAAYFAlXg0D4ACgkQnVkHo1a+xU5OnACggUMg3QikAFsgAAeHSGGGI5Q1 > 5MgAn2leYj3Wbflv1w8gHnNICEEOKOo3 > =rEWD > -----END PGP SIGNATURE----- > _______________________________________________ > CentOS mailing list > CentOS at centos.org > https://lists.centos.org/mailman/listinfo/centos >-- GPG me!! gpg --keyserver pool.sks-keyservers.net --recv-keys F186197B
On Fri, Aug 28, 2015 at 5:18 PM, Fabian Arrotin <arrfab at centos.org> wrote:> -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > On 28/08/15 22:24, John R Pierce wrote: > > On 8/28/2015 1:21 PM, Robert Wolfe wrote: > >> I've been getting that intermittently during the day today. > > > > I haven't seen any since I put the sending domain with a 'DISCARD' > > in my /etc/mail/access database (using sendmail here) > > > > Well, is there another domain involved now ? It seems the previous >At least another one on Friday. Porno-spam from from safethebaby.com I reported the incident to Digital Ocean and Nodes Direct which I believe got handled rather promptly. (In short a host in Nodes Direct ip space was using a mail host in Digital Ocean ip space.)> spammer (using multiple VMs on DigitalOcean network) had been blocked. > As nothing is sent through the mailman/centos.org server, I can't even > look at logs, but if you have useful informations (like some headers), > feel free to forward those to me (and not on the list). > > Cheers, > > - -- > Fabian Arrotin > The CentOS Project | http://www.centos.org > gpg key: 56BEC54E | twitter: @arrfab > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v2.0.22 (GNU/Linux) > > iEYEARECAAYFAlXg0D4ACgkQnVkHo1a+xU5OnACggUMg3QikAFsgAAeHSGGGI5Q1 > 5MgAn2leYj3Wbflv1w8gHnNICEEOKOo3 > =rEWD > -----END PGP SIGNATURE----- > _______________________________________________ > CentOS mailing list > CentOS at centos.org > https://lists.centos.org/mailman/listinfo/centos >-- ---~~.~~--- Mike // SilverTip257 //