Spam, spam, spam, spam....

[cjsmith]

I got 5870 pieces of spam between about 11pm last night and right now. These are mail bounces; the spammers have now discovered my domain and are sending mail "from" it. I now have to delete all that crap. I also need to move to a system where I throw away everything addressed to my domain by default, and keep a whitelist set of To: usernames.

LJ comment notifications, however, are still intermittent at best. Many of them simply aren't making it (at least not in the last few days). I know of at least one other personal e-mail I'm missing. There are days when I honestly wonder why I bother having e-mail at all.

I think today is determined to make me blow up. I shall have to go find a useful (or fun) way to channel this explosion.

Comments

[hanov3r.livejournal.com]

If you've got access to procmail for email filtering, it's pretty simple to set up a recipe that says, in effect, "if this mail is a bounce and is not from $addresses (where $addresses is in the set "email addresses that I actually use to send outbound mail"), /dev/null it".

Something along the lines of:

:0:
* ^FROM_MAILER
* !^To:.*$ADDRESS_REGEXP
/dev/null

FROM_MAILER is a procmail internal that expands to (^(((Resent-)?(From|Sender)|X-Envelope-From):|>?From )([^>]*[^(.%@a-z0-9])?(Post(ma(st(er)?|n)|office)|(send)?Mail(er)?|daemon|mmdf|n?uucp|ops|r(esponse|oot)|(bbs\.)?smtp(error)?|s(erv(ices?|er)|ystem)|A(dmin(istrator)?|MMGR))(([^).!:a-z0-9][-_a-z0-9]*)?[%@>\t ][^<)]*(\(.*\).*)?)?$([^>]|$)) - this regexp catches most well-known mailer daemons.

[brooksmoses]

Thanks! I've had the same problem (though, luckily, with an order of magnitude fewer bounce messages) and may need that someday.

That's a rather ugly regexp, though! :)

[hanov3r.livejournal.com]

That's why "^FROM_MAILER" is useful. :-)

I wouldn't route to /dev/null off the bat. I spent two or three months routing that to a "not_my_bounce" folder and checked it every few days; what I found is that there are legit bulk mailers out there that send from addresses like Admin that catch that regexp and, since I give commercial entities unique addresses that I never send from, their mail was going into that folder. Other filters sent that mail to where I could see it and, once I had all of it nabbed, the bounces and other junk started going to /dev/null

[cjsmith.livejournal.com]

Thank you! I'll see if I can get this plugged in pretty soon. I had to shut the whole thing down -- they're coming in faster than I can delete them -- so until I get procmail running with this filter, I have no mail at all.

[hanov3r.livejournal.com]

Procmail's not bog simple, but it's not rocket science. :-) If'n you need help, I'm online on most of the IM services at this username, or poke me on gmail at username dromerstein.