Account Options

  1. Sign in
The old Google Groups will be going away soon, but your browser is incompatible with the new version.
Google Groups Home
« Groups Home
news.admin.net-abuse.email
+ new post
About this group
Subscribe to this group
This is a Usenet group - learn more
Message from discussion 3 simple steps: what to do after a JOE-JOB
The group you are posting to is a Usenet group. Messages posted to this group will make your email address visible to anyone on the Internet.
Your reply message has not been sent.
Your post was successful
 
From:
To:
Cc:
Followup To:
Add Cc | Add Followup-to | Edit Subject
Subject:
Validation:
For verification purposes please type the characters you see in the picture below or the numbers you hear by clicking the accessibility icon. Listen and type the numbers you hear
 
Michael Tokarev  
View profile  
 More options Feb 17 2002, 6:20 pm
Newsgroups: news.admin.net-abuse.email
From: Michael Tokarev <m...@tls.msk.ru>
Date: Mon, 18 Feb 2002 02:20:12 +0300
Local: Sun, Feb 17 2002 6:20 pm
Subject: 3 simple steps: what to do after a JOE-JOB
Print | View thread | Show original | Report this message | Find messages by this author
The above is a simple tutorial that may help others
to recover after a joe-job, and/or reduce possible
damage.

The situation this tutorial refers to is -- when some
moron uses one email address in your domain as his
return address.

1.  Information.  This is essential part.  Work closely
 with your ISP -- call them by phone, describe a situation,
 enshure that them understand.  Setup a page that describes
 your situation, use rather non-technical terms and language.
 Place a link to this page in some place of your main site,
 so this link will be easy to see.  If that moron used an
 url that points to your site, replace that page with a page
 describes a situation.  Depending on the amount of spams
 sent, it may be a good idea to do the same with your ISP's
 site too.

2.  Reduce load of your own mailserver(s).  This applies only
 to those who can control mailserver(s) for the domain in
 question.  It's impossible to do for free email service
 providers (hotmail, yahoo etc), but maybe them will work
 around this too, who knows.

 Create an alias for a user who being joed.  Tell that user
 to use this new alias for his outgoing mails.  And when
 refuse bounces (usually this comes with empty envelope
 from, MAIL FROM:<>) to original joed address.  For postfix
 MTA, the following will help:

  main.cf:
   smtpd_restriction_classes = joed
   joed = check_sender_access regexp:/etc/postfix/joed
   smtpd_recipient_restrictions = ...,
     check_recipient_access hash:/etc/postfix/rcpts,
     ...

  /etc/postfix/rcpts:
    j...@your.domain   joed

  /etc/postfix/joed:
    /^<>$/  554 We want no bounces for this account, it was joe-jobbed,
       see http://www.your.domain/joed.html

 This will work for postfix, similar solution should be available
 for other MTAs as well.

3. Find who the moron is and try to sue him.  This part is not as easy,
 but it is worth an effort.  For this, look to headers of mails that are
 inside bounces and trace the original origin.  Ask a help from your ISP.
 And from your lawyer.

The parts 1 and 2 are temporary -- when bounces and/or complaints will
stop, all should be restored.

Regards,
 Michael.


 
You must Sign in before you can post messages.
To post a message you must first join this group.
Please update your nickname on the subscription settings page before posting.
You do not have the permission required to post.
Create a group - Google Groups - Google Home - Terms of Service - Privacy Policy
©2013 Google