Spam from obfuscated address? debian with postfix

jwa

New Email
Debian 5.0.6 running Postfix 2.5.5, Apache, Drupal, MYSQL.

We have a web form with a contact field and a captcha. We're getting spam from addresses that appear as uygrzc@fdvotc.com or ffueoy@mlruwe.com, these are a couple of examples, there are others, so it's not just these two.

I'm asking for help on how to get started to stop it.

I thought I'd start by trying to find an ip address from the sender. I've looked at the email headers, the Apache log files, and the Postfix log files and not found anything that looks like it might be helpful. I'm also searching the web and reading threads about stopping spam.

If you need additional information to help me get started let me know.

Thanks Jim
 

popowich

EQ Forum Admin
Staff member
Hi Jim,

The POST lines in your apache logs should have the IP addresses of the abusers using your form script.

Is the form being used to spam only you, or is it being used to spam 3rd parties too?

Is the script formmail or a different form script?

:welcome: to Email Questions!
 

popowich

EQ Forum Admin
Staff member
Hi Jim,

One of our partners, Luxsci, has a secure contact form option.

A nice benefit of their secure form is that it does not require CAPTCHA to block spam.

Please let us know if you try it out and if it fixes the problem for you.

:thanks:
 

jwa

New Email
Popowich - Thanks for getting back to me.
It's just spamming us. I've looked at the Luxsci site, we'd go with the standalone option. I'll pass that up the chain. And I'll go back and check out the Apache log files again. The msg is received by Postfix and then relayed to an Exchange server that delivers it to the recipient. What I end up seeing in the email headers is our Linux server delivering it to our Exchange server. I've read that some spammers use people to defeat the captcha so I don't see how we can stop it with just the captcha it that's the case.
 
Top