Koozali.org: home of the SME Server

Legacy Forums => General Discussion (Legacy) => Topic started by: steever on October 30, 2005, 09:04:21 AM

Title: I hate this spammer!
Post by: steever on October 30, 2005, 09:04:21 AM

We get a lot of spam coming from this domain:  bras1-vr2-ip3-9.access.batelco.com.bh, but they pretend they are from my domain "mydomain.com" and they use email addresses like administrator@mydomain.com etc which don't exist.  How can I prevent any email from this domain getting through to our network?

Thanks in advance!

Title: Re: I hate this spammer!
Post by: raem on October 30, 2005, 11:34:03 AM

steever

Try these
http://mirror.contribs.org/smeserver/contribs/rmitchell/smeserver/howto/Mail%20system%20tweaks%20HOWTO%20for%20sme%20server.htm

Title: I hate this spammer!
Post by: Reinhold on October 30, 2005, 03:31:25 PM

steever,

Your spam originates from a dial-up-line of Bahrain Telecommunications Company.
Check: http://www.batelco.com/

While the general rules/methods that Ray already gave you sure do apply,...

...if you are "really annoyed" (ira ira) you may want to mail
abuse@batelco.com
webmaster@batelco.com
webmaster@inet.com.bh
and "Wholesale Datacom & Internet Services" Mr. Ali Shakeeb  ali_shakeeb@btc.com.bh  ;-)

DO give them one or two "examples" !!!
... sometimes that DOES relieve stress ;-)
sometimes they even act and get rid of "bad business"      ;-)

After all, their Terms (http://www.batelco.com/preview.asp?ArticleId=366) say
5.3- The customer shall not:
5.3.1- Use the service:
5.3.8- Use the Internet in connection with surveys, contests, pyramids schemes, chain letters, junk e-mail, spamming or any duplicative or unsolicited messages (commercial or otherwise);

after all.
:hammer: :hammer: :hammer:

Regards
Reinhold :-D

Title: I hate this spammer!
Post by: kruhm on November 03, 2005, 01:52:26 PM

I've never received an acknowledgement from an abuse department. Many ISP's obviously don't care what happens on their networks & drop the ball when it comes this kind of stuff. The ball is in your court to protect/block.

To get real serious about blocking from the IP or the IP range, make a customized template in tcprules to drop all traffic.


-mkdir /etc/e-smith/templates-custom/etc/tcprules/tcp.smtp/
-start a new file called 85customdeny with the following:


Code:
{
$OUT = "theipyouwanttoblock:deny";
$OUT .= "theiprangeyouwanttoblock:deny";
}


-rebuild the file with a: /sbin/e-smith/expand-template /etc/tcprules/tcp.smtp
-pickup the changes with a: /sbin/e-smith/signal-event email-update

NOTES:
-if you need to look up an ip address range visit: http://www.iana.org/faqs/abuse-faq.htm
-you can block a range with:: $OUT = "193.188.96.:deny"; blocks everything in the BATELCO assignable range.