- Are you sure it's a Joe Job? Those are usually intentional, designed to get the forged domain DoSed off the net. I've seen lots of random spam that just gets sent from my domains - it's usually nothing personal.
- Do you have catchall email forwarding turned on for your domain? If so, turn it off!
- Does your mailserver accept emails and THEN do recepient validation, or does it check the recipient at the RCPT TO step? It's probably the latter, but if it's the former (common with Qmail + Vpopmail installations) you'll wind up with all sorts of double bounces.
- Finally, have you considered setting up SPF records for your domain?
No idea. I would imagine that it depends solely on your definition of joe job. AFAIAC, spammers are using my domain name as return address for their spam and I'm getting lots of bounces. Why would they choose my domain? Well, I don't have any SPF/SenderID record, for reasons I'll make clear below, and I don't have the clout to go after them, so up until the moment the teaspoon thing is made legal I'm an easy target.
> Do you have catchall email forwarding turned on for your domain? If so, turn > it off!
Only as a very last resort. I have a LOT of active addresses on that domain, because I've generally given per-site specific registration addresses over the years, and different addresses to different people, etc, and I simply don't remember every last one of them.
Besides, my current arrangement is to have everything for my domain (*@mydomain.org) forwarded by the MX (which I don't control) to my own account (me@server.otherdomain.com) on another server (see below for the details) and that implies I cannot remove or add new addresses at will.
So at this point, the catchall is quite probably not going to go.
> Does your mailserver accept emails and THEN do recepient validation, or does > it check the recipient at the RCPT TO step?
The email server is not mine. The mail is hosted at a friend's, with my ISP's own MX as backup, because they're friends of mine.
This has served me very well for long, but due to spam issues, it's no longer sustainable. I'm working on switching to another arrangement, but there are two issues involved.
Firstly, I'm setting up my own email config on a virtual server I'm renting. The server I'm setting up is a good ol' Postfix configured with greylisting and other spamfighting-oriented arrangements, and yes, it does check things at the RCPT step. AFAICT, it's done, and works well, although I still have to configure it with TLS+authentication to let it serve as my outgoing MX from anywhere (which will be mandatory for any SPF-based solution).
Second problem is DNS, and it's a lot trickier. See, ideally, I'd install a good ol' BIND (yes, I know about djbdns, and my problem with it is written right in its name: it's from our friend Dan "I won't fix this security issue 'cause I consider it's the OS's fault" Bernstein) and serve my domain's records from there. Only, my domain was registered from eu.org (free DNS domains) back when I was a student, with a now obsolete email address, and I've not been able to get in touch with them to update that email address, and I now can't have the NS record updated to use a different DNS.
Thankfully, the primary DNS for my domain is graciously hosted by my ISP, so once everything is in place, I can hopefully get in touch with their CTO, go through the kind of awkward hi-dude-long-time-no-see-how-have-you-been routine, and have them make my virtual server the sole MX for my domain, and possibly add some SPF entries.
> Finally, have you considered setting up SPF records for your domain?
Yes. See above for why it's not been done yet.
DomainKeys would be even better, but the lack of direct access to the DNS records would make maintaining the _domainkey subdomain TXT records a pain in the tail.
So, right, I'm not without options, but this is still going to be a lot of trouble that will take a lot of time and hassle to get through, and I still think the teaspoon thing remains the most effective solution in the long run. ;(
I think the most important thing on that list is to get rid of the catchall email handling ASAP.
When I had catchall/validation after the message was accepted going, I was getting somewhere around 50 Gigabytes of email per month. Not just that, but I had users reporting my bounces to SpamCop as spam (which is appropriate) and found my IP blacklisted for a bit. That sucked.
Once I got validation at the RCPT TO level going, my monthly traffic dropped to around 100 Megabytes, or a 100-fold+ reduction in bandwidth usage.
Update: I got in touch with my friend, and I was barely even done saying "Hi, how have you be-" when the DNS got updated and my domain's MX is now my very own greylisting-enhanced virtual server. Joy much. I love that guy. He's actually the number one reason why static IPs are offered for free by most ISPs in the country nowadays, among other things I owe him. :)
Greylisting is not weeding out as much spam as I hoped, but one interesting thing stands out: almost all the spams that make it through greylisting are addressed to my real, primary email address. So removing the catchall wouldn't help that much at all. :/ Although I may still do it in the end, like, after gathering enough statistical data to determine a list of 'okay' addresses that I may have been using over the years. *g*
I already configured my Postfix to send rejections right after the RCPT step. By default it expresses rejection as soon as it's warranted (which can be as early as the HELO step -- people not on my network who pretend to be me can't be up to any good...), but that confuses the hell out of some proprietary MTAs, so Postfix conveniently offers an option to postpone rejection until right after the RCPT step.
I'm still getting lots of bounces, but I'm gonna have an SPF installed in my DNS records, we'll see if that helps. Hopefully, since there are loads other unprotected domains, it'll be more cost-effective for spammers to spoof those rather than mine. :/ Damn, I WISH there was a way to reliably detect that a mail is a bounce.
Also, since you're pretty much an expert on that, would you advise the use of some blacklist? I understand that SpamHaus is pretty good, is that correct? Is the SBL reliable? What about the XBL?
Thanks much for the advice, I really appreciate it. :) *hugs!!*
Thanks for all dear. :) My spam diminished drastically. At first I got a surge of bounces -- somehow must have gotten pissed that I started publishing SPF records that tagged all their honest money-making business as surefire spam... -- and then it mostly stopped, so right now I've actually resumed using email. Although I'm still WAY late on catching up on LJ stuff. So all is good, and thank you loads for your help! :) *hugs!*
![[personal profile]](https://www.dreamwidth.org/img/silk/identity/user.png){kind=small}
giza![[identity profile]](https://www.dreamwidth.org/img/silk/identity/openid.png){kind=small}
(no subject)
Date: 2006-12-04 04:46 am (UTC)(no subject)
Date: 2006-12-04 10:01 am (UTC)I say, what about we make it legal to castrate spammers with a teaspoon and let the problem solve itself? :(
(no subject)
Date: 2006-12-04 02:50 pm (UTC)- Are you sure it's a Joe Job? Those are usually intentional, designed to get the forged domain DoSed off the net. I've seen lots of random spam that just gets sent from my domains - it's usually nothing personal.
- Do you have catchall email forwarding turned on for your domain? If so, turn it off!
- Does your mailserver accept emails and THEN do recepient validation, or does it check the recipient at the RCPT TO step? It's probably the latter, but if it's the former (common with Qmail + Vpopmail installations) you'll wind up with all sorts of double bounces.
- Finally, have you considered setting up SPF records for your domain?
(no subject)
Date: 2006-12-04 05:20 pm (UTC)> Are you sure it's a Joe Job?
No idea. I would imagine that it depends solely on your definition of joe job. AFAIAC, spammers are using my domain name as return address for their spam and I'm getting lots of bounces. Why would they choose my domain? Well, I don't have any SPF/SenderID record, for reasons I'll make clear below, and I don't have the clout to go after them, so up until the moment the teaspoon thing is made legal I'm an easy target.
> Do you have catchall email forwarding turned on for your domain? If so, turn
> it off!
Only as a very last resort. I have a LOT of active addresses on that domain, because I've generally given per-site specific registration addresses over the years, and different addresses to different people, etc, and I simply don't remember every last one of them.
Besides, my current arrangement is to have everything for my domain (*@mydomain.org) forwarded by the MX (which I don't control) to my own account (me@server.otherdomain.com) on another server (see below for the details) and that implies I cannot remove or add new addresses at will.
So at this point, the catchall is quite probably not going to go.
> Does your mailserver accept emails and THEN do recepient validation, or does
> it check the recipient at the RCPT TO step?
The email server is not mine. The mail is hosted at a friend's, with my ISP's own MX as backup, because they're friends of mine.
This has served me very well for long, but due to spam issues, it's no longer sustainable. I'm working on switching to another arrangement, but there are two issues involved.
Firstly, I'm setting up my own email config on a virtual server I'm renting. The server I'm setting up is a good ol' Postfix configured with greylisting and other spamfighting-oriented arrangements, and yes, it does check things at the RCPT step. AFAICT, it's done, and works well, although I still have to configure it with TLS+authentication to let it serve as my outgoing MX from anywhere (which will be mandatory for any SPF-based solution).
Second problem is DNS, and it's a lot trickier. See, ideally, I'd install a good ol' BIND (yes, I know about djbdns, and my problem with it is written right in its name: it's from our friend Dan "I won't fix this security issue 'cause I consider it's the OS's fault" Bernstein) and serve my domain's records from there. Only, my domain was registered from eu.org (free DNS domains) back when I was a student, with a now obsolete email address, and I've not been able to get in touch with them to update that email address, and I now can't have the NS record updated to use a different DNS.
Thankfully, the primary DNS for my domain is graciously hosted by my ISP, so once everything is in place, I can hopefully get in touch with their CTO, go through the kind of awkward hi-dude-long-time-no-see-how-have-you-been routine, and have them make my virtual server the sole MX for my domain, and possibly add some SPF entries.
> Finally, have you considered setting up SPF records for your domain?
Yes. See above for why it's not been done yet.
DomainKeys would be even better, but the lack of direct access to the DNS records would make maintaining the _domainkey subdomain TXT records a pain in the tail.
So, right, I'm not without options, but this is still going to be a lot of trouble that will take a lot of time and hassle to get through, and I still think the teaspoon thing remains the most effective solution in the long run. ;(
(no subject)
Date: 2006-12-04 05:52 pm (UTC)When I had catchall/validation after the message was accepted going, I was getting somewhere around 50 Gigabytes of email per month. Not just that, but I had users reporting my bounces to SpamCop as spam (which is appropriate) and found my IP blacklisted for a bit. That sucked.
Once I got validation at the RCPT TO level going, my monthly traffic dropped to around 100 Megabytes, or a 100-fold+ reduction in bandwidth usage.
Good luck!
(no subject)
Date: 2006-12-06 10:30 am (UTC)Greylisting is not weeding out as much spam as I hoped, but one interesting thing stands out: almost all the spams that make it through greylisting are addressed to my real, primary email address. So removing the catchall wouldn't help that much at all. :/ Although I may still do it in the end, like, after gathering enough statistical data to determine a list of 'okay' addresses that I may have been using over the years. *g*
I already configured my Postfix to send rejections right after the RCPT step. By default it expresses rejection as soon as it's warranted (which can be as early as the HELO step -- people not on my network who pretend to be me can't be up to any good...), but that confuses the hell out of some proprietary MTAs, so Postfix conveniently offers an option to postpone rejection until right after the RCPT step.
I'm still getting lots of bounces, but I'm gonna have an SPF installed in my DNS records, we'll see if that helps. Hopefully, since there are loads other unprotected domains, it'll be more cost-effective for spammers to spoof those rather than mine. :/ Damn, I WISH there was a way to reliably detect that a mail is a bounce.
Also, since you're pretty much an expert on that, would you advise the use of some blacklist? I understand that SpamHaus is pretty good, is that correct? Is the SBL reliable? What about the XBL?
Thanks much for the advice, I really appreciate it. :) *hugs!!*
(no subject)
Date: 2006-12-06 05:51 pm (UTC)Blacklist wise, I've been using the SBL, XBL, and SpamCop. They seemed to have helped. I also use http://korea.services.net/ too.
(no subject)
Date: 2006-12-21 02:47 am (UTC)My spam diminished drastically. At first I got a surge of bounces -- somehow must have gotten pissed that I started publishing SPF records that tagged all their honest money-making business as surefire spam... -- and then it mostly stopped, so right now I've actually resumed using email. Although I'm still WAY late on catching up on LJ stuff. So all is good, and thank you loads for your help! :) *hugs!*