Any ideas on how to deal with this email fisher?

Qualm

Gawd
Joined
May 31, 2003
Messages
562
At this point I am assuming this is an attempt to gather known good email addresses. I've substituted "spammertarget.com" for our actual domain name. This started about a week ago:

Jan 4 07:42:08 mail sendmail[13131]: i04Cg7r13131: <[email protected]>... User unknown
Jan 4 07:42:08 mail sendmail[13131]: i04Cg7r13131: <[email protected]>... User unknown
Jan 4 07:42:08 mail sendmail[13131]: i04Cg7r13131: <[email protected]>... User unknown
Jan 4 07:42:08 mail sendmail[13131]: i04Cg7r13131: <[email protected]>... User unknown
Jan 4 07:42:08 mail sendmail[13131]: i04Cg7r13131: <[email protected]>... User unknown
Jan 4 07:42:08 mail sendmail[13131]: i04Cg7r13131: <[email protected]>... User unknown
Jan 4 07:42:08 mail sendmail[13131]: i04Cg7r13131: <[email protected]>... User unknown
Jan 4 07:42:08 mail sendmail[13131]: i04Cg7r13131: <[email protected]>... User unknown
Jan 4 07:42:08 mail sendmail[13131]: i04Cg7r13131: <[email protected]>... User unknown
Jan 4 07:42:08 mail sendmail[13131]: i04Cg7r13131: <[email protected]>... User unknown
Jan 4 07:42:08 mail sendmail[13131]: i04Cg7r13131: <[email protected]>... User unknown
Jan 4 07:42:08 mail sendmail[13131]: i04Cg7r13131: <[email protected]>... User unknown
Jan 4 07:42:08 mail sendmail[13131]: i04Cg7r13131: <[email protected]>... User unknown
Jan 4 07:42:08 mail sendmail[13131]: i04Cg7r13131: <[email protected]>... User unknown
Jan 4 07:42:08 mail sendmail[13131]: i04Cg7r13131: <[email protected]>... User unknown
Jan 4 07:42:08 mail sendmail[13131]: i04Cg7r13131: <[email protected]>... User unknown
Jan 4 07:42:08 mail sendmail[13131]: i04Cg7r13131: <[email protected]>... User unknown
Jan 4 07:42:08 mail sendmail[13131]: i04Cg7r13131: <[email protected]>... User unknown
Jan 4 07:42:08 mail sendmail[13131]: i04Cg7r13131: <[email protected]>... User unknown
Jan 4 07:42:08 mail sendmail[13131]: i04Cg7r13131: <[email protected]>... User unknown
Jan 4 07:42:08 mail sendmail[13131]: i04Cg7r13131: <[email protected]>... User unknown
Jan 4 07:42:08 mail sendmail[13131]: i04Cg7r13131: <[email protected]>... User unknown
Jan 4 07:42:08 mail sendmail[13131]: i04Cg7r13131: <[email protected]>... User unknown
Jan 4 07:42:08 mail sendmail[13131]: i04Cg7r13131: <[email protected]>... User unknown
Jan 4 07:42:08 mail sendmail[13131]: i04Cg7r13131: <[email protected]>... User unknown
Jan 4 07:42:08 mail sendmail[13131]: i04Cg7r13131: <[email protected]>... User unknown
Jan 4 07:42:08 mail sendmail[13131]: i04Cg7r13131: <[email protected]>... User unknown
Jan 4 07:42:08 mail sendmail[13131]: i04Cg7r13131: <[email protected]>... User unknown
Jan 4 07:42:08 mail sendmail[13131]: i04Cg7r13131: <[email protected]>... User unknown
Jan 4 07:42:09 mail sendmail[13131]: i04Cg7r13131: from=<[email protected]>, size=0, class=0, nrcpts=0, proto=ESMTP, daemon=MTA, relay=c78004.upc-c.chello.nl [212.187.78.4]

... some names deleted for space reasons ...
Jan 4 13:33:53 mail sendmail[13451]: i04IXkr13451: <[email protected]>... User unknown
Jan 4 13:33:53 mail sendmail[13451]: i04IXkr13451: <[email protected]>... User unknown
Jan 4 13:33:53 mail sendmail[13451]: i04IXkr13451: <[email protected]>... User unknown
Jan 4 13:33:53 mail sendmail[13451]: i04IXkr13451: <[email protected]>... User unknown
Jan 4 13:33:53 mail sendmail[13451]: i04IXkr13451: <[email protected]>... User unknown
Jan 4 13:33:53 mail sendmail[13451]: i04IXkr13451: <[email protected]>... User unknown
Jan 4 13:33:53 mail sendmail[13451]: i04IXkr13451: <[email protected]>... User unknown
Jan 4 13:33:53 mail sendmail[13451]: i04IXkr13451: <[email protected]>... User unknown
Jan 4 13:33:53 mail sendmail[13451]: i04IXkr13451: <[email protected]>... User unknown
Jan 4 13:33:53 mail sendmail[13451]: i04IXkr13451: <[email protected]>... User unknown
Jan 4 13:33:53 mail sendmail[13451]: i04IXkr13451: <[email protected]>... User unknown
Jan 4 13:33:53 mail sendmail[13451]: i04IXkr13451: <[email protected]>... User unknown
Jan 4 13:33:53 mail sendmail[13451]: i04IXkr13451: <[email protected]>... User unknown
Jan 4 13:33:53 mail sendmail[13451]: i04IXkr13451: <[email protected]>... User unknown
Jan 4 13:33:59 mail sendmail[13451]: i04IXkr13451: from=<[email protected]>, size=0, class=0, nrcpts=0, proto=ESMTP, daemon=MTA, relay=pcp919938pcs.venice01.fl.comcast.net

[68.56.187.253]

... about 20 names per try ...
Jan 4 19:27:58 mail sendmail[13770]: i050Rvr13770: <[email protected]>... User unknown
Jan 4 19:27:58 mail sendmail[13770]: i050Rvr13770: <[email protected]>... User unknown
Jan 4 19:27:58 mail sendmail[13770]: i050Rvr13770: <[email protected]>... User unknown
Jan 4 19:27:58 mail sendmail[13770]: i050Rvr13770: from=<[email protected]>, size=0, class=0, nrcpts=0, proto=ESMTP, daemon=MTA,

[email protected] [82.67.21.179]

... more names here ...
Jan 5 11:13:49 mail sendmail[15575]: i05GDTr15575: <[email protected]>... User unknown
Jan 5 11:13:49 mail sendmail[15575]: i05GDTr15575: <[email protected]>... User unknown
Jan 5 11:13:49 mail sendmail[15575]: i05GDTr15575: <[email protected]>... User unknown
Jan 5 11:13:49 mail sendmail[15575]: i05GDTr15575: <[email protected]>... User unknown
Jan 5 11:13:51 mail sendmail[15575]: i05GDTr15575: from=<[email protected]>, size=0, class=0, nrcpts=0, proto=ESMTP, daemon=MTA, relay=[202.150.85.102]

As you can see, he changes the relay source, so I can't block by IP or by ISP. Maybe I could block anything from "username=John"? How would I do this on a Linux box running sendmail?

Any ideas on what I can do about this except prepare for the spam from the addresses he does manage to collect and sell?

- Qualm
 
Back
Top