Spam from obfuscated address? debian with postfix

Discussion in 'Help Desk' started by jwa, Dec 19, 2012.

  1. jwa

    jwa New Email

    Joined:
    Dec 17, 2012
    Messages:
    2
    Likes Received:
    0
    Debian 5.0.6 running Postfix 2.5.5, Apache, Drupal, MYSQL.

    We have a web form with a contact field and a captcha. We're getting spam from addresses that appear as uygrzc@fdvotc.com or ffueoy@mlruwe.com, these are a couple of examples, there are others, so it's not just these two.

    I'm asking for help on how to get started to stop it.

    I thought I'd start by trying to find an ip address from the sender. I've looked at the email headers, the Apache log files, and the Postfix log files and not found anything that looks like it might be helpful. I'm also searching the web and reading threads about stopping spam.

    If you need additional information to help me get started let me know.

    Thanks Jim
     


  2. popowich

    popowich EQ Forum Admin Staff Member

    Joined:
    Aug 12, 2008
    Messages:
    8,983
    Likes Received:
    120
    Hi Jim,

    The POST lines in your apache logs should have the IP addresses of the abusers using your form script.

    Is the form being used to spam only you, or is it being used to spam 3rd parties too?

    Is the script formmail or a different form script?

    :welcome: to Email Questions!
     

  3. popowich

    popowich EQ Forum Admin Staff Member

    Joined:
    Aug 12, 2008
    Messages:
    8,983
    Likes Received:
    120
    Hi Jim,

    One of our partners, Luxsci, has a secure contact form option.

    A nice benefit of their secure form is that it does not require CAPTCHA to block spam.

    Please let us know if you try it out and if it fixes the problem for you.

    :thanks:
     
  4. jwa

    jwa New Email

    Joined:
    Dec 17, 2012
    Messages:
    2
    Likes Received:
    0
    Popowich - Thanks for getting back to me.
    It's just spamming us. I've looked at the Luxsci site, we'd go with the standalone option. I'll pass that up the chain. And I'll go back and check out the Apache log files again. The msg is received by Postfix and then relayed to an Exchange server that delivers it to the recipient. What I end up seeing in the email headers is our Linux server delivering it to our Exchange server. I've read that some spammers use people to defeat the captcha so I don't see how we can stop it with just the captcha it that's the case.
     

Want to reply or ask your own question?

It only takes a minute to sign up (and it's free!). Click the orange sign up button to choose a username and then you can ask your own questions on the forum.
Loading...