The above is a simple tutorial that may help others
to recover after a joe-job, and/or reduce possible
The situation this tutorial refers to is -- when some
moron uses one email address in your domain as his
1. Information. This is essential part. Work closely
with your ISP -- call them by phone, describe a situation,
enshure that them understand. Setup a page that describes
your situation, use rather non-technical terms and language.
Place a link to this page in some place of your main site,
so this link will be easy to see. If that moron used an
url that points to your site, replace that page with a page
describes a situation. Depending on the amount of spams
sent, it may be a good idea to do the same with your ISP's
2. Reduce load of your own mailserver(s). This applies only
to those who can control mailserver(s) for the domain in
question. It's impossible to do for free email service
providers (hotmail, yahoo etc), but maybe them will work
around this too, who knows.
Create an alias for a user who being joed. Tell that user
to use this new alias for his outgoing mails. And when
refuse bounces (usually this comes with empty envelope
from, MAIL FROM:<>) to original joed address. For postfix
MTA, the following will help:
smtpd_restriction_classes = joed
joed = check_sender_access regexp:/etc/postfix/joed
smtpd_recipient_restrictions = ...,
/^<>$/ 554 We want no bounces for this account, it was joe-jobbed,
This will work for postfix, similar solution should be available
for other MTAs as well.
3. Find who the moron is and try to sue him. This part is not as easy,
but it is worth an effort. For this, look to headers of mails that are
inside bounces and trace the original origin. Ask a help from your ISP.
And from your lawyer.
The parts 1 and 2 are temporary -- when bounces and/or complaints will
stop, all should be restored.