Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
Postfix help with email abused with forum bot
View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Networking & Security
View previous topic :: View next topic  
Author Message
hanj
Veteran
Veteran


Joined: 19 Aug 2003
Posts: 1402

PostPosted: Thu Jul 16, 2015 6:29 pm    Post subject: Postfix help with email abused with forum bot Reply with quote

Hello

I'm running a server using postfix/amavis/policyd/spamassasssin. I have a user whose email was harvested and is being used a forum spam bot. This spam bot is registering bogus forum accounts... thousands, and the confirmation/activation emails are returning to this user... and flooding the server with SMTP requests. The rate is pretty insane. I would also like to mention that the account is not compromised, etc. It's just that the spam bot is submitting his email during user registration. To be safe we did update passwords, etc.

Here is the where the spam bot is 'sourced' from and as you can see, has been busy starting yesterday submitting user signups across many, many forums:
http://www.stopforumspam.com/ipcheck/46.118.116.89

To combat this on my end, I was able to come up with the following header_checks in postfix:

Code:
/^Subject:.*Account details for.*/ DISCARD
/^Subject:.*UTF.*/ DISCARD
/^Subject:.*Account Activation.*/ DISCARD
/^Subject:.*Welcome to.*/ DISCARD


This is discarding the bulk of the requests, but a few are still slipping by, which is fine. BUT, this is a global rule and is impacting other 'valid' emails from other users. I've been on search on how to manage header checking on a per user/email basis, and I'm running into all sorts of issues. It doesn't appear that header_checks in postfix can 'combine' conditions. I'm not seeing anything specific enough in Amavis and Policy to manage this either. I also started exploring postfwd, but I don't see that it can do subject/content checks, just low level header handling.

Any suggestions?

Thanks!
hanji
_________________
Server Admin Blog - Uno-Code.com | Gentoo Hosting at Rackspace!
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Networking & Security All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum