A Quark of A Different Spin. (adameros) wrote,
A Quark of A Different Spin.

Livejournal, clean up your spam filtering. I'm done sending mail to abuse about this, and posting this here. If you are getting forged mail from your lj account to your lj account, you might want to make a note of this in your journal as well.

Livejournal is letting people forge mail on their mail servers. I have reported this several times, and I even sent the abuse team example code they could run that would fix the problem.

The latest, someone from 74.sub-75-200-132.myvzw.com telneted to the Livejournal's SMTP port on their mail server and forged mail to adameros@livejournal.com (me) to adameros@livejournal.com.

The spam is a for pills of various kinds like Viagra and the like.

The sad thing is, this kind of spam is VERY easy to filter. In fact, I developed code at my work to handle this within Mimedefang. (Which I believe you can run with POSTFIX, which Livejournal uses for their mail relays.)

To run this code you need to run mimedefang with the "-H" option to enable "filter_helo". Then in mimedefang-filter add the following:
@livejournal_domains = qw ( livejournal.com ) # This is a list of valid domainsthis relay receives mail for.
@livejournal_addresses = ( \   # This should be a list of all the IP address or subnets you
                           10.\          # own and the relay passes mail for. Sadly, the code is crude
                  ) # And you must give explit addresses and/or whole class a, b, or c
                                         # subnets. But you are smart people. I'm sure you can fix this
                                         # To your needs. Brad would.

#Now we block people forging helos from your domain.
sub filter_helo {
    my @livejournalhost = split( /\./, $helo );
    my $livejournalhostname = $livejournalhost[$#livejournalhost-1].".".$livejournalhost[$#livejournalhost];

    my @livejournaladdress = split(/\./, $ip);
    my $classa = $livejournaladdress[0].".";
    my $classb = $livejournaladdress[0].".".$livejournaladdress[1].".";
    my $classc = $livejournaladdress[0].".".$livejournaladdress[1].".".$livejournaladdress[2].".";
    my $classd = $livejournaladdress[0].".".$livejournaladdress[1].".".$livejournaladdress[2].".".$livejournaladdress[3];

    if ( grep /^livejournalhostname$/, @livejournal_domains) {
        if ( grep  /^($classd|$classc|$classb|$classa)$/,  @livejournal_addresses ) {
         md_syslog('err', "filter_helo3: mimedefang accepting msg: $MsgID: Accepted  HELO $helo ($hostip)");
          return('CONTINUE', 'OK');
       } else {
            md_syslog('err', "filter_helo4: mimedefang rejecting msg: $MsgID: Faked HELO $helo ($hostip)");
            return('REJECT', 'Faked HELO', '554', '5.7.1');

Then in filter_sender do roughly the samething, but filtering the senders address instead of the helo:
    my @livejournaladdress = split( /\@/, $sender );
    my @livejournalhost = split( /\./, $livejournaladdress[1] );
    my $livejournalhostname = $livejournalhost[$#livejournalhost-1].".".$livejournalhost[$#livejournalhost];

    my @livejournalip = split(/\./, $ip);
    my $classa = $livejournalip[0].".";
    my $classb = $livejournalip[0].".".$livejournalip[1].".";
    my $classc = $livejournalip[0].".".$livejournalip[1].".".$livejournalip[2].".";
    my $classd = $livejournalip[0].".".$livejournalip[1].".".$livejournalip[2].".".$livejournalip[3];

    if ( grep  /(^$livejournalhostname$|\.$livejournalhostname$)/,  @livejournal_domains ) {
        unless ( grep  /^($classd|$classc|$classb|$classa)$/,  @livejournal_addresses ) {
            md_syslog('err', "filter_sender2: mimedefang rejecting msg: $MsgID: Faked sender $sender ($hostip)");
            return('REJECT', 'Faked sender', '554', '5.7.1');

There are a lot of other stuff they could do. And this might be better written, but those little snippets of code work and would stop the forged mail spam.

Livejournal, please fix this problem. It is in your power to be a good netizen and fight spam, rather than being a blind dumb spam relay.
  • Post a new comment


    Anonymous comments are disabled in this journal

    default userpic

    Your IP address will be recorded