Lots of spam to genuine email accounts

MrL22

Active Member
Jul 11, 2003
36
1
158
Tamworth, United Kingdom
Hello,

Every couple of days we get get a burst of spam to our servers which last around 4 hours, the email is different for each burst but when it starts we usually get thousands of identical emails sent to our servers but sent to hundreds of different email accounts. The strange thing about this is that all the emails seem to go to genuine email accounts that exist and even accounts that are hardly/never used for example; [email protected] but FredB never used his account because he was setup on the system but never started at the company in the end...

The most recent email is this sanesecurity.blogspot.co.uk/2015/10/shaun-buzzard-order-lp2220151013164535d.html

Because all the spam seems to go to specific accounts that exist and very rarely [email protected] [email protected] It makes me believe that some how the spammers/spam are getting a list of genuine accounts from my servers but I am not sure how they would do this other than working out from bounce mails. When setting up new servers I generally follow a guide on how to make the servers more secure, such as :blackhole: mail etc.

Does anyone have any ideas?

Thanks in advance.
 
Last edited by a moderator:

keat63

Well-Known Member
Nov 20, 2014
1,916
263
113
cPanel Access Level
Root Administrator
I once had a similar fear, so configured an email account purely and simply as a honeytrap.
In almost 12 months, the honey trap (which has never been advertised) has not had a single email.
 

keat63

Well-Known Member
Nov 20, 2014
1,916
263
113
cPanel Access Level
Root Administrator
I also get a few which try to go to email addresses that never existed.... ever
However, the pattern is consistant.

eg: [email protected], [email protected], [email protected]

None of these are remotely similar to anything or anyone within our organisation, so whoever made these emails up to spam us, have no doubt sold it on, as i see failed emails to these recipients many times daily.
 

keat63

Well-Known Member
Nov 20, 2014
1,916
263
113
cPanel Access Level
Root Administrator
SPF, DKIM, GreyListing and SpamAssasin should help to reduce these.
Also you could consider adding addition RBL's to EXIM config.

If you have CSF installed, there is a feature 'LFD Block Lists'.
I'm not sure if this helps towards cutting spam though.

If all else fails, CSF have a paid solution called 'Mail Scanner'
I've yet to clarify if this helps root out incoming spam.