Blocking AOL spam

If you are running your own mail services, you might already have noticed, that there is a lot of SPAM originating (or actually faking) from @aol.com addresses. The layout of the mails is mostly the same all the time. The subject will have something like "Fw: News!" or just "Fw: " in it and the mail body usually starts with "Hello! http://<some bogus url>" or similar. Following the link will bring you to some "lose some weight" pages- I haven't analyzed if some malware is propagated through them.

If you are having issues to filter these kind of mails with your anti-SPAM system, here is a simple and fast solution to block these mails. After analyzing the mail headers, I found that the spammers are doing something very specific with the Message-ID of these mails. The Message-ID of the mails always look like this: <somedata@aol.com <fromaddress>.

This is not, how a message id should look like, so I set up a header check in my Postfix configuration. This simple regular expression will solve the issue:

/^Message-ID: <.*@aol\.com <.*@.*>.*/i DISCARD Illegal Message-ID SPAM

Your mailserver will still accept the mail, but will silently discard if the mail holds one of these illegal message ids.

, , , , , ,

No comments yet.

Leave a Reply