[KLUG Members] Oddball logwatch entries?

[Bob Kanaley]

> In his logwatch entries, he's got stuff like this:
>
> Unknown users:
> anxiety@<domain> 1 Times
> concern@<domain> "
> brown@<domain> "
> grumpy@<domain> "
>
> And so on.

Luck guy!

I wish that a few scans were all that I ever got. Our company website lists
employee email addresses, a spammers delight. Since the website has been up
for about 5 years the email harvesters have visited many times. From former
employee email addresses rejected in the maillog files, I can pretty much
tell the date the email addresses were harvested from our website.

Since the harvested addresses include current employees, spam to them tends
to get through. To help slow this type of junk mail down, I have a junkers
script I run occasionally. This shows me who is spamming our domain with
rejected users. The script egreps and awks the maillog then counts the
number of rejects from a sender. I can then add the most notorious to a
blocked senders list to keep their spam from getting to current employees.

This approach seems to work better than most filters that end up dropping a
customer here or a customer there.

Typical results for rejected senders are:
     35	<acsinc@freevirtual.org>
     28	<popgrammail@mailblast1.popgram.com>
     27	<mikep2@powernet.net>
     26	<mribizausa@address.com>
     26	<deadogr@netzero.net>
     26	<aldeejay@hotmail.com>
     24	<abriggs@freevirtual.org>
     24	<aaquino@freevirtual.org>
     23	<toenipples@collegeclub.com>
     21	<deadog@msn.com>
     21	<bpunky@yahoo.com>
     20	<deado@yeehaa.com>
     19	<jhenri@doramail.com>
    ...

Bob

Robert V. Kanaley
Manager Information Systems
Agdia, Inc.
rvk@agdia.com
http://www.agdia.com