The “FreeBSD Greek Documentation Project” uses a mailing list for commit notifications and general patch discussion. I am the moderator of the “freebsd-doc-el” and I noticed that we get a lot of unsolicited email advertising the seminar organized by “Image A Seminars“.
The posts include the typical opt-out notice that spammers like adding to their messages, but I suspect it is mostly useful as a trap for harvesting real addresses, since we never actually opted in for this particular series of spam messages.
The full text of the spam messages that they usually send looks like this:
What is admirably helpful about these spammers is that they always send their spam email through the same DSL link, using a static IP address! I have been gathering some of the spam messages from this specific Greek spammer for a while now. They all originate from static062038157163.dsl.hol.gr. Their message headers consistently point at this host again and again:
Received: from image-a.gr (static062038157163.dsl.hol.gr [126.96.36.199]) by akuma.hellug.gr (8.14.3/8.14.3/Debian-4) with ESMTP id mA8I5fTj001044 for <email@example.com>; Sat, 8 Nov 2008 20:05:49 +0200 Received: (qmail 8886 invoked by uid 508); 8 Nov 2008 19:37:37 +0200 Received: from unknown (HELO image-a) (firstname.lastname@example.org@192.168.0.8) by image-a.gr with SMTP; 8 Nov 2008 19:37:37 +0200 Received: from image-a.gr (static062038157163.dsl.hol.gr [188.8.131.52]) by akuma.hellug.gr (8.14.3/8.14.3/Debian-5) with ESMTP id mAEN0Mkj008157 for <email@example.com>; Sat, 15 Nov 2008 01:00:31 +0200 Received: (qmail 2502 invoked by uid 508); 15 Nov 2008 01:35:27 +0200 Received: from unknown (HELO image-a) (firstname.lastname@example.org@192.168.0.8) by image-a.gr with SMTP; 15 Nov 2008 01:35:27 +0200
So I just went ahead and installed an entry to the /etc/mail/access file of the two mail servers used by HELLUG:
# Image A Seminars, has been spamming anyone and everything under the # sun with their `seminar announcements'. The funny part is that they # do this from a static DSL line, using the same IP all the time! # -- keramida, 2008-11-13 05:30 EET static062038157163.dsl.hol.gr 550 We do not accept mail from spammers
This is, of course, just a temporary measure, and it blocks far too much (i.e. it also blocks anyone from image-a.gr from subscribing to or posting to the public mailing lists of HELLUG. I doubt they are very interested in this sort of thing though.
Hellas Online will also be notified for their spamming activities, in a few hours. They may be able to pull more effective strings, and save a much greater part of the Greek Internet from image-a.gr spam.