Major spam attack on my domain


#1

It’s around 1pm on 3/23 - in the last 12 hours, I’ve recieved over 500 pieces of spam mail, all with identical Received from: headers:

Return-Path: DV6.2373@twister.nyc.rr.com
Delivered-To: m9489623@plunder.dreamhost.com
Received: from hans.net (dial-bu-185-234.wcnet.org [157.134.185.234])
by plunder.dreamhost.com (Postfix) with SMTP id 399DC863E2
for 699100clrrmas@jukeboxgraduate.com; Tue, 23 Mar 2004 12:51:23 -0800 (PST)
Date: Tue, 23 Mar 2004 15:52:13 -0500
To: 699100clrrmas@jukeboxgraduate.com
Subject: Re: Document
From: DV6.2373@twister.nyc.rr.com
Message-ID: ywwspjxfnemlgkvgifk@jukeboxgraduate.com
MIME-Version: 1.0
Content-Type: multipart/mixed;
boundary="--------kyukpywdwytdnwfyetec"

What I’d like to be able to do is turn on (or turn off) the ability for someone to send email to any address at my domain - you’d have to have an actual address, you couldn’t just use [anything]@mydomain.com to get email through. I have Razor set up but it’s just not catching these.

I suspect this is a deliberate target as the addresses that are being spoofed as the return addresses come from a usenet newsgroup I frequent.

I have contacted the spam and abuse and postmaster aliases at the wcnet.org and hans.net domains as well.

Any help or advice welcomed.


#2

You want to turn this on, or off?

You can remove the catchall alias from the web panel under Mail => Addresses - won’t that do what you want?

From the subject line, I’d guess that this is a virus, and not spam.


#3

I want to turn it off, I guess.

“You can remove the catchall alias from the web panel under Mail => Addresses - won’t that do what you want?”

I don’t know if that’s what I want to do - thus the reason I was here asking for help. I"m sorry, but there isn’t any documentation on this that I could find.

“From the subject line, I’d guess that this is a virus, and not spam.”

Just to clarify - you’re saying that the sender of these messages has a virus, correct? NOt that there’s a virus on my machine?


#4

If you only want mail for addresses that are explicitly specified to work, and don’t want to receive mail addressed to any unspecified address at your domain, you should remove the “*” (catchall / wildcard) alias. You don’t need to set * to bounce or delete - just remove the entry entirely.

Basically, yes. The message itself is likely a virus.