[nsp-sec] A mystery - Where did the spam go?

[Borja Marcos]

On Feb 26, 2008, at 3:38 PM, Joel Rosenblatt wrote:

> Interesting .. ours has been going on for over a year now .. mostly  
> spam for various "enhancement" drugs
>
> I've been looking into putting together a server just to parse  
> through the bounced email headers and pull out the IP of the machine  
> that sent the email in the first place - the trick is to do this  
> without hosing our email system because the volume of these is so  
> high.
>
> I think it would be interesting to correlate these with other sites  
> receiving the same - my guess is that they are originating from a  
> single BOT network.
>
> If I get this project going, would you mind if I ping you?

Sorry for the belated response. I would love to help.

The bounces aren't a problem for us (good old Postfix) but sometimes  
they make a system called internally "Borjamator" blackhole legitimate  
mailservers that are flooding us with these unsolicited bounces.




Borja.