-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 4 Oct 2000, at 16:04, OK 2 NET - André Paulsberg wrote:
> Are your server being used as a Relay for these messages,
> or are the SPAMMERS simply using your domain to forge their envelope
> sender.
The latter. (It happened to quite a few domains in .cz, lately. I have
been busy accepting, refusing and deleting a gigabyte of
bounces/double-bounces over our pathetic 64kbit line for most of
the previous week.)
> > 2) can qmail reject email based on "Received: " envelope?
> > I want it not to bounce a message back,
> > if there is the bad.host.com listed in the Received line.
>
> You can only purge them automaticly, I'm not sure that's to smart. The
> best is to reject based on envelope sender or recipient, that way you
> can tell the "offening" server that you rejected the message. (This is
> done throug the files control/badmailfrom and control/badrcptto.)
badmailfrom doesn't help as all the incoming messages are
bounces, MAIL FROM:<>
badrcptto might help, together with some heurestics. (There were
way-too-many forms of [EMAIL PROTECTED]) goodrcptto might
help better :-)
I just changed my ~alias/.qmail-default to
|fastforward -d /etc/aliases.cdb; exit 0
to keep my mailbox clean (and my old harddisk from suffering,
queue from growing, and the load never was more than 4.55 :-) -
most of the load coming (probably) from SYN cookies).
> BTW: would it be possible to see one COMPLETE
> bounce message you are having trouble with.
I have stored about five thousand of them. The basic pattern is
simple: Some faked Received line, then someone at
saturn.bbn.com (a DSL? dial-up?), then some open relay in .cn, .jp
or .kr domains (I have seen quite a few of them) and then the
recipient, bouncing the message back. I can post one of the
messages, but which one? Don't want to be unfair to the remaining
open relays :-)
A few people suggested to sue the spammer for misusing
antek.cz's name. Can anyone suggest how? I am not US-based
and our company is not US-based. Is it a crime to fake the return
address (meaning I can mail my evidence to the authorities) or am I
on my own to sue the spammer? If the latter, I can see no chance
of that happening...
-----BEGIN PGP SIGNATURE-----
Version: PGP 6.5.2 -- QDPGP 2.61a
Comment: http://community.wow.net/grt/qdpgp.html
iQA/AwUBOdst0VMwP8g7qbw/EQJQ3QCg6WYhempP1c4tAVJ5XLeurfYb0AAAoO9K
C26AB4w1TOY53sA5VceAeO78
=G/YD
-----END PGP SIGNATURE-----