RE: Spammers using a non-existant address as return-path
> -Original Message-
> From: Robert L. Waite [mailto:[EMAIL PROTECTED]
> Sent: Tuesday, November 26, 2002 7:30 PM
> To: Costas Magos
> Subject: Re: Spammers using a non-existant address as return-path
>
>
> On Tue, Nov 26, 2002 at 07:27:26PM +0200, Costas Magos wrote:
> >
> > > But, is there something I _should_ do in this situation, like
> > > including
> > > some text in the bounce saying that this address has never
> > > existed, and
> > > is being abused by spammers? If yes, _how_ should I do it?
> >
> > I don't know what exactly you should do, i am not aware of the best
> > practices about this matter, but I guess informing people
> that you not
> > the one to blame is not a bad idea.
> >
> > You can use the following line in your configuration file:
> >
> > receiver_try_verify = true
>
> you can also use "ASK" - works pretty well.
>
> --
> [EMAIL PROTECTED] - Technician at Large - Cell 1.207.432.4816
> Zippy Sez: This is a SECRETE CODE!{d16949e4fb52305da43674bb2b59e413}
>
>
>
RE: Spammers using a non-existant address as return-path
> But, is there something I _should_ do in this situation, like > including > some text in the bounce saying that this address has never > existed, and > is being abused by spammers? If yes, _how_ should I do it? I don't know what exactly you should do, i am not aware of the best practices about this matter, but I guess informing people that you not the one to blame is not a bad idea. You can use the following line in your configuration file: receiver_try_verify = true in order to attempt to verify addresses before accepting mail. In this case all mails for invalid users are rejected and no bounces are sent. Take a look at the vacation package; you can set an autoresponder with it (though I am not sure you can configure it to alter a bounce). Another program you might find useful is mailagent with which you can set filters to catch mails for any unknown user and take appropriate actions. I suggest not enabling the verify command. Hope I helped a bit. ~kmag
RE: Spammers using a non-existant address as return-path
> -Original Message-
> From: Robert L. Waite [mailto:[EMAIL PROTECTED]]
> Sent: Tuesday, November 26, 2002 7:30 PM
> To: Costas Magos
> Subject: Re: Spammers using a non-existant address as return-path
>
>
> On Tue, Nov 26, 2002 at 07:27:26PM +0200, Costas Magos wrote:
> >
> > > But, is there something I _should_ do in this situation, like
> > > including
> > > some text in the bounce saying that this address has never
> > > existed, and
> > > is being abused by spammers? If yes, _how_ should I do it?
> >
> > I don't know what exactly you should do, i am not aware of the best
> > practices about this matter, but I guess informing people
> that you not
> > the one to blame is not a bad idea.
> >
> > You can use the following line in your configuration file:
> >
> > receiver_try_verify = true
>
> you can also use "ASK" - works pretty well.
>
> --
> [EMAIL PROTECTED] - Technician at Large - Cell 1.207.432.4816
> Zippy Sez: This is a SECRETE CODE!{d16949e4fb52305da43674bb2b59e413}
>
>
>
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
RE: Spammers using a non-existant address as return-path
> But, is there something I _should_ do in this situation, like > including > some text in the bounce saying that this address has never > existed, and > is being abused by spammers? If yes, _how_ should I do it? I don't know what exactly you should do, i am not aware of the best practices about this matter, but I guess informing people that you not the one to blame is not a bad idea. You can use the following line in your configuration file: receiver_try_verify = true in order to attempt to verify addresses before accepting mail. In this case all mails for invalid users are rejected and no bounces are sent. Take a look at the vacation package; you can set an autoresponder with it (though I am not sure you can configure it to alter a bounce). Another program you might find useful is mailagent with which you can set filters to catch mails for any unknown user and take appropriate actions. I suggest not enabling the verify command. Hope I helped a bit. ~kmag -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Spammers using a non-existant address as return-path
We have the same problem here. Someone has been using our domain name in their headers since January. At times, we were getting a few thousand bounces from mail to over-quota or non-existant accounts. I added the following line to my exim.conf receiver_try_verify = true This results in an immediate error result to the RCPT command if the user is unknown. I run a script to grep for these errors in the log file just after they are rotated so I know how many of these messages were rejected in the last 24 hours. Currently, there are up to 100 messages a day that get rejected this way. Once in a while, I accept the messages and comb through them to find valid headers, but there is a startling number of USELESS error messages (ie. only From, To, Date, and Subject of bounced message). Patrick. On Mon, Nov 25, 2002 at 10:38:10PM +0100, Kjetil Kjernsmo wrote: > I have just received a spam complaint, and unfortunately, some spammers > have been using an address on one of my domains in their Return-Path > and From-headers. How nice of them :-( . This address has never > existed. I'm using the Exim packages from Woody. [...] > Kjetil
Re: Spammers using a non-existant address as return-path
On Monday 25 November 2002 23:05, you wrote: > I dont want to teach you to suck eggs, but I would suggest this test > is run as an independant way to verify your safe. I always run it > after a sendmail change, as i pay for volume personally and at 2 gig > + a day a spam hit would do to me would break me finiancially. Oh, that's not the problem. My box doesn't relay (that is, it relays for the IP of my workstation and for the computer of my parents.), and I've had ORDB checking it. It is just that somebody has forged an address, which happens to have my domain name in it, so I risk getting some trouble with it. Thanks for the reply anyway! Best, Kjetil -- Kjetil Kjernsmo Astrophysicist/IT Consultant/Skeptic/Ski-orienteer/Orienteer/Mountaineer [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] Homepage: http://www.kjetil.kjernsmo.net/
RE: Spammers using a non-existant address as return-path
ive had a few cases of this myself, an irrate admin somewhere else whining its my fault ad i have , yet the relay test via telent shows all OK. I wonder if they firge known addresses on purpsoe to seed discontent. I dont want to teach you to suck eggs, but I would suggest this test is run as an independant way to verify your safe. I always run it after a sendmail change, as i pay for volume personally and at 2 gig + a day a spam hit would do to me would break me finiancially. I have found Debian always passes by default, but sleeping at night is good. regards Thing -Original Message- From: Kjetil Kjernsmo [mailto:[EMAIL PROTECTED] Sent: Tuesday, 26 November 2002 10:39 To: debian-security@lists.debian.org Subject: Spammers using a non-existant address as return-path Dear all, I have just received a spam complaint, and unfortunately, some spammers have been using an address on one of my domains in their Return-Path and From-headers. How nice of them :-( . This address has never existed. I'm using the Exim packages from Woody. For quite some time, I have seen it show up in my server logs, I'm rotating them too often, I guess, and I don't remember exactly what I have seen long ago, but recently I have seen things like: 2002-11-15 01:48:08 verify failed for SMTP recipient [EMAIL PROTECTED] from <> H=mta458.mail.yahoo.com [216.136.130.123] I allow VRFY, and most of these come from yahoo.com or hotmail.com, I guess that has to do with spam filters they use. This address is probably getting a lot of bounces, which is then bounced off my server, and I don't want to waste my resources with accepting those, all in all I want to conserve as much as I can. But, is there something I _should_ do in this situation, like including some text in the bounce saying that this address has never existed, and is being abused by spammers? If yes, _how_ should I do it? I hope this is the right forum to ask... Cheers, Kjetil -- Kjetil Kjernsmo Astrophysicist/IT Consultant/Skeptic/Ski-orienteer/Orienteer/Mountaineer [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] Homepage: http://www.kjetil.kjernsmo.net/ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Spammers using a non-existant address as return-path
That is something that Ive always wanted to know, is how to turn verify off, but alas, due to sheer laziness, I havent read up on it... On Monday 25 November 2002 15:38, Kjetil Kjernsmo wrote: > Dear all, > > I have just received a spam complaint, and unfortunately, some spammers > have been using an address on one of my domains in their Return-Path > and From-headers. How nice of them :-( . This address has never > existed. I'm using the Exim packages from Woody. > > For quite some time, I have seen it show up in my server logs, I'm > rotating them too often, I guess, and I don't remember exactly what I > have seen long ago, but recently I have seen things like: > 2002-11-15 01:48:08 verify failed for SMTP recipient > [EMAIL PROTECTED] from <> H=mta458.mail.yahoo.com > [216.136.130.123] > > I allow VRFY, and most of these come from yahoo.com or hotmail.com, I > guess that has to do with spam filters they use. This address is > probably getting a lot of bounces, which is then bounced off my server, > and I don't want to waste my resources with accepting those, all in all > I want to conserve as much as I can. > > But, is there something I _should_ do in this situation, like including > some text in the bounce saying that this address has never existed, and > is being abused by spammers? If yes, _how_ should I do it? > > I hope this is the right forum to ask... > > Cheers, > > Kjetil -- Daniel J. Rychlik Java/Perl Developer http://daniel.rychlik.ws
Re: Spammers using a non-existant address as return-path
We have the same problem here. Someone has been using our domain name in their headers since January. At times, we were getting a few thousand bounces from mail to over-quota or non-existant accounts. I added the following line to my exim.conf receiver_try_verify = true This results in an immediate error result to the RCPT command if the user is unknown. I run a script to grep for these errors in the log file just after they are rotated so I know how many of these messages were rejected in the last 24 hours. Currently, there are up to 100 messages a day that get rejected this way. Once in a while, I accept the messages and comb through them to find valid headers, but there is a startling number of USELESS error messages (ie. only From, To, Date, and Subject of bounced message). Patrick. On Mon, Nov 25, 2002 at 10:38:10PM +0100, Kjetil Kjernsmo wrote: > I have just received a spam complaint, and unfortunately, some spammers > have been using an address on one of my domains in their Return-Path > and From-headers. How nice of them :-( . This address has never > existed. I'm using the Exim packages from Woody. [...] > Kjetil -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Spammers using a non-existant address as return-path
On Monday 25 November 2002 23:05, you wrote: > I dont want to teach you to suck eggs, but I would suggest this test > is run as an independant way to verify your safe. I always run it > after a sendmail change, as i pay for volume personally and at 2 gig > + a day a spam hit would do to me would break me finiancially. Oh, that's not the problem. My box doesn't relay (that is, it relays for the IP of my workstation and for the computer of my parents.), and I've had ORDB checking it. It is just that somebody has forged an address, which happens to have my domain name in it, so I risk getting some trouble with it. Thanks for the reply anyway! Best, Kjetil -- Kjetil Kjernsmo Astrophysicist/IT Consultant/Skeptic/Ski-orienteer/Orienteer/Mountaineer [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] Homepage: http://www.kjetil.kjernsmo.net/ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
RE: Spammers using a non-existant address as return-path
ive had a few cases of this myself, an irrate admin somewhere else whining its my fault ad i have , yet the relay test via telent shows all OK. I wonder if they firge known addresses on purpsoe to seed discontent. I dont want to teach you to suck eggs, but I would suggest this test is run as an independant way to verify your safe. I always run it after a sendmail change, as i pay for volume personally and at 2 gig + a day a spam hit would do to me would break me finiancially. I have found Debian always passes by default, but sleeping at night is good. regards Thing -Original Message- From: Kjetil Kjernsmo [mailto:[EMAIL PROTECTED]] Sent: Tuesday, 26 November 2002 10:39 To: [EMAIL PROTECTED] Subject: Spammers using a non-existant address as return-path Dear all, I have just received a spam complaint, and unfortunately, some spammers have been using an address on one of my domains in their Return-Path and From-headers. How nice of them :-( . This address has never existed. I'm using the Exim packages from Woody. For quite some time, I have seen it show up in my server logs, I'm rotating them too often, I guess, and I don't remember exactly what I have seen long ago, but recently I have seen things like: 2002-11-15 01:48:08 verify failed for SMTP recipient [EMAIL PROTECTED] from <> H=mta458.mail.yahoo.com [216.136.130.123] I allow VRFY, and most of these come from yahoo.com or hotmail.com, I guess that has to do with spam filters they use. This address is probably getting a lot of bounces, which is then bounced off my server, and I don't want to waste my resources with accepting those, all in all I want to conserve as much as I can. But, is there something I _should_ do in this situation, like including some text in the bounce saying that this address has never existed, and is being abused by spammers? If yes, _how_ should I do it? I hope this is the right forum to ask... Cheers, Kjetil -- Kjetil Kjernsmo Astrophysicist/IT Consultant/Skeptic/Ski-orienteer/Orienteer/Mountaineer [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] Homepage: http://www.kjetil.kjernsmo.net/ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Spammers using a non-existant address as return-path
That is something that Ive always wanted to know, is how to turn verify off, but alas, due to sheer laziness, I havent read up on it... On Monday 25 November 2002 15:38, Kjetil Kjernsmo wrote: > Dear all, > > I have just received a spam complaint, and unfortunately, some spammers > have been using an address on one of my domains in their Return-Path > and From-headers. How nice of them :-( . This address has never > existed. I'm using the Exim packages from Woody. > > For quite some time, I have seen it show up in my server logs, I'm > rotating them too often, I guess, and I don't remember exactly what I > have seen long ago, but recently I have seen things like: > 2002-11-15 01:48:08 verify failed for SMTP recipient > [EMAIL PROTECTED] from <> H=mta458.mail.yahoo.com > [216.136.130.123] > > I allow VRFY, and most of these come from yahoo.com or hotmail.com, I > guess that has to do with spam filters they use. This address is > probably getting a lot of bounces, which is then bounced off my server, > and I don't want to waste my resources with accepting those, all in all > I want to conserve as much as I can. > > But, is there something I _should_ do in this situation, like including > some text in the bounce saying that this address has never existed, and > is being abused by spammers? If yes, _how_ should I do it? > > I hope this is the right forum to ask... > > Cheers, > > Kjetil -- Daniel J. Rychlik Java/Perl Developer http://daniel.rychlik.ws -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
