Hi,
At 16:16 4.10.2000 +0000, Petr Danecek wrote:
>
>
>> > > 2) can qmail reject email based on "Received: " envelope?
>> > > I want it not to bounce a message back,
>> > > if there is the bad.host.com listed in the Received line.
>> >
>> > You can only purge them automaticly, I'm not sure that's to smart. The
>> > best is to reject based on envelope sender or recipient, that way you
>> > can tell the "offening" server that you rejected the message. (This is
>> > done throug the files control/badmailfrom and control/badrcptto.)
>>
>> badmailfrom doesn't help as all the incoming messages are
>> bounces, MAIL FROM:<>
>>
>> badrcptto might help, together with some heurestics. (There were
>> way-too-many forms of [EMAIL PROTECTED]) goodrcptto might
>> help better :-)
>
>Badrcptto does not look at the 'Received:' lines, does it?
>A good solution might be to patch qmail so that it will not bounce a
>message back if it sees a suspicious 'Received:' line in the header. What
>is the best way to do this?
>
>>
>> I just changed my ~alias/.qmail-default to
>> |fastforward -d /etc/aliases.cdb; exit 0
>> to keep my mailbox clean (and my old harddisk from suffering,
>> queue from growing, and the load never was more than 4.55 :-) -
>> most of the load coming (probably) from SYN cookies).
>
>This is simple and efficient. Thanks!
>
>
>> > BTW: would it be possible to see one COMPLETE
>> > bounce message you are having trouble with.
>>
>> I have stored about five thousand of them. The basic pattern is
>> simple: Some faked Received line, then someone at
>> saturn.bbn.com (a DSL? dial-up?), then some open relay in .cn, .jp
>> or .kr domains (I have seen quite a few of them) and then the
>> recipient, bouncing the message back. I can post one of the
>> messages, but which one? Don't want to be unfair to the remaining
>> open relays :-)
>
>Yes, this is the same guy. All emails' source looks like
>PPPa14-ResaleKansasCity1-4R7102.saturn.bbn.com
>
If this address is in the "MAIL From:" you can give my SPAMCONTROL patch a
trial. Here, you are free to do as pattern match on the sender.
>
>> A few people suggested to sue the spammer for misusing
>> antek.cz's name. Can anyone suggest how? I am not US-based
>> and our company is not US-based. Is it a crime to fake the return
>> address (meaning I can mail my evidence to the authorities) or am I
>> on my own to sue the spammer? If the latter, I can see no chance
>> of that happening...
>
>Usually you would contact people responsible for the domain
>saturn.bbn.com. No responses so far.
>
The patch includes a DNS MX lookup. Maybe that helps.
http:/www.fehcom.de/qmail_en.html
cheers.
eh.
>Petr
>
>
+-----------------------------------------------------------------------+
| fff hh http://www.fehcom.de Dr. Erwin Hoffmann |
| ff hh |
| ff eee hhhh ccc ooo mm mm mm Wiener Weg 8 |
| fff ee ee hh hh cc oo oo mmm mm mm 50858 Koeln |
| ff ee eee hh hh cc oo oo mm mm mm |
| ff eee hh hh cc oo oo mm mm mm Tel 0221 484 4923 |
| ff eeee hh hh ccc ooo mm mm mm Fax 0221 484 4924 |
+-----------------------------------------------------------------------+
