(no subject)
This is something I wrote in my journal, after once again getting spam routed through LJ. I've reported this to abuse a few times and they say "we can't do anything about it. So I sent them code to use in Mimedefang, which would stop the spam. So now I'm hoping a public posting might get more action. If you are getting forged mail from your lj account to your lj account, you might want to make a note of this in your journal as well. This might not be the best PERL code, but it works. If someone sees a better way to write this code, have at it. I'm always usually happy to learn from others.
Livejournal, clean up your spam filtering. I'm done sending mail to abuse about this, and posting this here instead.
Livejournal is letting people forge mail on their mail servers. I have reported this several times, and I even sent the abuse team example code they could run that would fix the problem.
The latest, someone from 74.sub-75-200-132.myvzw.com telneted to the Livejournal's SMTP port on their mail server and forged mail to adameros@livejournal.com (me) to adameros@livejournal.com.
The spam is a for pills of various kinds like Viagra and the like.
The sad thing is, this kind of spam is VERY easy to filter. In fact, I developed code at my work to handle this within Mimedefang. (Which I believe you can run with POSTFIX, which Livejournal uses for their mail relays.)
To run this code you need to run mimedefang with the "-H" option to enable "filter_helo". Then in mimedefang-filter add the following:
@livejournal_domains = qw ( livejournal.com ) # This is a list of valid domainsthis relay receives mail for.
@livejournal_addresses = ( 127.0.0.1 \ # This should be a list of all the IP address or subnets you
10.\ # own and the relay passes mail for. Sadly, the code is crude
208.93.0.48 ) # And you must give explit addresses and/or whole class a, b, or c
# subnets. But you are smart people. I'm sure you can fix this
# To your needs. Brad would.
#Now we block people forging helos from your domain.
sub filter_helo {
my @livejournalhost = split( /\./, $helo );
my $livejournalhostname = $livejournalhost[$#livejournalhost-1].".".$livejournalhost[$#livejournalhost];
my @livejournaladdress = split(/\./, $ip);
my $classa = $livejournaladdress[0].".";
my $classb = $livejournaladdress[0].".".$livejournaladdress[1].".";
my $classc = $livejournaladdress[0].".".$livejournaladdress[1].".".$livejournaladdress[2].".";
my $classd = $livejournaladdress[0].".".$livejournaladdress[1].".".$livejournaladdress[2].".".$livejournaladdress[3];
if ( grep /^livejournalhostname$/, @livejournal_domains) {
if ( grep /^($classd|$classc|$classb|$classa)$/, @livejournal_addresses ) {
md_syslog('err', "filter_helo3: mimedefang accepting msg: $MsgID: Accepted HELO $helo ($hostip)");
return('CONTINUE', 'OK');
} else {
md_syslog('err', "filter_helo4: mimedefang rejecting msg: $MsgID: Faked HELO $helo ($hostip)");
return('REJECT', 'Faked HELO', '554', '5.7.1');
}
}
}
Then in filter_sender do roughly the samething, but filtering the senders address instead of the helo:
my @livejournaladdress = split( /\@/, $sender );
my @livejournalhost = split( /\./, $livejournaladdress[1] );
my $livejournalhostname = $livejournalhost[$#livejournalhost-1].".".$livejournalhost[$#livejournalhost];
my @livejournalip = split(/\./, $ip);
my $classa = $livejournalip[0].".";
my $classb = $livejournalip[0].".".$livejournalip[1].".";
my $classc = $livejournalip[0].".".$livejournalip[1].".".$livejournalip[2].".";
my $classd = $livejournalip[0].".".$livejournalip[1].".".$livejournalip[2].".".$livejournalip[3];
if ( grep /(^$livejournalhostname$|\.$livejournalhostname$)/, @livejournal_domains ) {
unless ( grep /^($classd|$classc|$classb|$classa)$/, @livejournal_addresses ) {
md_syslog('err', "filter_sender2: mimedefang rejecting msg: $MsgID: Faked sender $sender ($hostip)");
return('REJECT', 'Faked sender', '554', '5.7.1');
}
}
There are a lot of other stuff they could do. And this probably could be better written, but those little snippets of code work and would stop the forged mail spam.
Livejournal, please fix this problem. It is in your power to be a good netizen and fight spam, rather than being a blind dumb spam relay.
[Edited to put the code under a cut.]
Livejournal, clean up your spam filtering. I'm done sending mail to abuse about this, and posting this here instead.
Livejournal is letting people forge mail on their mail servers. I have reported this several times, and I even sent the abuse team example code they could run that would fix the problem.
The latest, someone from 74.sub-75-200-132.myvzw.com telneted to the Livejournal's SMTP port on their mail server and forged mail to adameros@livejournal.com (me) to adameros@livejournal.com.
The spam is a for pills of various kinds like Viagra and the like.
The sad thing is, this kind of spam is VERY easy to filter. In fact, I developed code at my work to handle this within Mimedefang. (Which I believe you can run with POSTFIX, which Livejournal uses for their mail relays.)
To run this code you need to run mimedefang with the "-H" option to enable "filter_helo". Then in mimedefang-filter add the following:
@livejournal_domains = qw ( livejournal.com ) # This is a list of valid domainsthis relay receives mail for.
@livejournal_addresses = ( 127.0.0.1 \ # This should be a list of all the IP address or subnets you
10.\ # own and the relay passes mail for. Sadly, the code is crude
208.93.0.48 ) # And you must give explit addresses and/or whole class a, b, or c
# subnets. But you are smart people. I'm sure you can fix this
# To your needs. Brad would.
#Now we block people forging helos from your domain.
sub filter_helo {
my @livejournalhost = split( /\./, $helo );
my $livejournalhostname = $livejournalhost[$#livejournalhost-1].".".$livejournalhost[$#livejournalhost];
my @livejournaladdress = split(/\./, $ip);
my $classa = $livejournaladdress[0].".";
my $classb = $livejournaladdress[0].".".$livejournaladdress[1].".";
my $classc = $livejournaladdress[0].".".$livejournaladdress[1].".".$livejournaladdress[2].".";
my $classd = $livejournaladdress[0].".".$livejournaladdress[1].".".$livejournaladdress[2].".".$livejournaladdress[3];
if ( grep /^livejournalhostname$/, @livejournal_domains) {
if ( grep /^($classd|$classc|$classb|$classa)$/, @livejournal_addresses ) {
md_syslog('err', "filter_helo3: mimedefang accepting msg: $MsgID: Accepted HELO $helo ($hostip)");
return('CONTINUE', 'OK');
} else {
md_syslog('err', "filter_helo4: mimedefang rejecting msg: $MsgID: Faked HELO $helo ($hostip)");
return('REJECT', 'Faked HELO', '554', '5.7.1');
}
}
}
Then in filter_sender do roughly the samething, but filtering the senders address instead of the helo:
my @livejournaladdress = split( /\@/, $sender );
my @livejournalhost = split( /\./, $livejournaladdress[1] );
my $livejournalhostname = $livejournalhost[$#livejournalhost-1].".".$livejournalhost[$#livejournalhost];
my @livejournalip = split(/\./, $ip);
my $classa = $livejournalip[0].".";
my $classb = $livejournalip[0].".".$livejournalip[1].".";
my $classc = $livejournalip[0].".".$livejournalip[1].".".$livejournalip[2].".";
my $classd = $livejournalip[0].".".$livejournalip[1].".".$livejournalip[2].".".$livejournalip[3];
if ( grep /(^$livejournalhostname$|\.$livejournalhostname$)/, @livejournal_domains ) {
unless ( grep /^($classd|$classc|$classb|$classa)$/, @livejournal_addresses ) {
md_syslog('err', "filter_sender2: mimedefang rejecting msg: $MsgID: Faked sender $sender ($hostip)");
return('REJECT', 'Faked sender', '554', '5.7.1');
}
}
There are a lot of other stuff they could do. And this probably could be better written, but those little snippets of code work and would stop the forged mail spam.
Livejournal, please fix this problem. It is in your power to be a good netizen and fight spam, rather than being a blind dumb spam relay.
[Edited to put the code under a cut.]