Re: Bogus MAIL FROM (SPAM)
On Mon, Oct 16, 2000 at 02:19:52PM +1100, Brett Randall wrote: is addressed to my e-mail address (in the To: header), so it isn't a normal, cheap one that simply connects to many many servers, it Here's what I've done to combat unsolicited commercial e-mail: I don't give out my real address. Pretty much ny time I give out an address (submit it on a form, give it to a company I'm dealing with, put it on a web-page or mail list), I use a one-time address. Like, "[EMAIL PROTECTED]". If I'm signing up at the foobar.com web site, I'll use "[EMAIL PROTECTED]". You get the idea. Particularly useful on Usenet where I use "jafo-200010" (year-month) so I can gradually expire them as the UCE picks up. I bitch and moan and boycott companies that I do business with who sell or otherwise provide my address to others (remember, I can tell because of the above). I used the badrcptto patch so that in addition to rejecting on the envelope from address, I can do the same with the to. I used to use a bounce, but the UCE almost always had invalid return addresses so I just started refusing e-mail for it. I set up a filter for my inbox which sorts out things based on recpieint, does a MAPS lookup as it's being put in my mail folder, and other fairly complex rules, and sorts them out. See ftp.tummy.com:/pub/tummy/pyspam for the code as it is after a week of poking. All this has reduced the UCE going in to my main box to about 2 messages per day. This is on an address I've had for a decade, mind you, and I have in the past gotten 10 or more UCE messages per day. I did an evaluation of a SMTP filter program last weekend, and while it was thorough, I didn't like it. Cost around $5k per machine, and just was fairly inflexable. I mean, if you're charging those rates, you're selling to large customers (ISPs, businesses, etc). The problem is that this was an all or nothing, it had no ability to tune it on a user-by-user basis. I can just hear the users calling in "I'm waiting for an imporant e-mail, but it's getting bounced. FIX IT!" Sean -- "I feel so insignificant... Like people are laughing at me." "You--You ARE a clown..." -- Bob Newhart Sean Reifschneider, Inimitably Superfluous [EMAIL PROTECTED] tummy.com - Linux Consulting since 1995. Qmail, KRUD, Firewalls, Python
Re: Bogus MAIL FROM (SPAM)
Thus said "Aaron Newcomb" on Sun, 15 Oct 2000 01:26:30 EDT: Yes. That makes sense. I knew there had to be a way. Thanks for the help. The most offending address is 210.133.28.162. Ok Aaron, This host is definitely a spammers delight---it's known as an Open Relay. This means that it will relay email from any email address to any other. This apparently has been submitted to ORBS, but not yet made it into RBL. See here: http://www.orbs.org/verify.php3?address=210.133.28.162 I just tested it myself and the mail did arrive in my mailbox through their server. What you should do is block it with tcpserver---whatever you do, don't switch to inetd, you're on the right track with tcpserver. Do as Chris suggested and then recompile your tcp.smtp.cdb or whatever you called the cdb. Additionally, you might want to report them to www.mail-abuse.org as an Open Relay. See the instructions on their webpage for how to deal with spammers and how to report to them. Once they are in the RBL they will not be able to send to a large part of the Internet. (BTW, does anyone really know how many companies/ISPs use RBL?) Andy -- [---[system uptime]] 3:01am up 8 days, 6:28, 5 users, load average: 1.00, 1.09, 1.08
RE: Bogus MAIL FROM (SPAM)
hi, What about ISP's? I am not one so why should I care? but you are likely to receive a mail from a mailserver belonging to the ISP's domain with a customers sender-domain. ;) a == Alexander Jernejcic email:[EMAIL PROTECTED] begin LOVE-LETTER-UND-NIX-DAZUGELERNT.txt.vbs I am a Signature, not a Virus! end ==
Re: Bogus MAIL FROM (SPAM)
On Sat, 14 Oct 2000 23:37:32 -0400, "Aaron Newcomb" [EMAIL PROTECTED] wrote: By the same source I mean that the HELO or EHLO line I see in my log has the same host name. Also, I use tcpserver to run qmail-smtpd, but if running it HELO or EHLO are easily faked, and IMHO it wouldn't be safe to do any (permanent) filtering on that. Basically, the program/person sending the mail can decide what to put in the HELO-line. The receiving mailer can then check from which IP adress that particular connection is from, and can act on that information (log something, deny service, etc.). end -- Jurjen Oskam * carnivore! * http://www.stupendous.org/ for PGP key assassinate nuclear iraq clinton kill bomb USA eta ira cia fbi nsa kill president wall street ruin economy disrupt phonenetwork atomic bomb sarin nerve gas bin laden military -*- DVD Decryption at www.stupendous.org -*-
Re: Bogus MAIL FROM (SPAM)
On Sun, Oct 15, 2000 at 03:01:19AM -0600, Andy Bradford wrote: Thus said "Aaron Newcomb" on Sun, 15 Oct 2000 01:26:30 EDT: Yes. That makes sense. I knew there had to be a way. Thanks for the help. The most offending address is 210.133.28.162. Additionally, you might want to report them to www.mail-abuse.org as an Open Relay. 210.133.28.162 is already listed in ORBS and RSS. I can see in my logs that I've rejected a few things from that host myself in the recent past. Chris
Re: Bogus MAIL FROM (SPAM)
On Sat, Oct 14, 2000 at 08:33:54PM -0400, Aaron Newcomb wrote: So, are you saying there is no way to block certain hosts in qmail? I find that hard to believe. Qmail has been a pretty good package so far, and I can't believe that would be so limited in this area. Also, what do you mean I will not be able to "receive mail from a large percentage of the domains on the internet." You stated that you want to block mail from hosts that have a different domain in the SMTP MAIL FROM: and the HELO. You obviously don't understand the implications of what you are asking. Do you think that every mail domain on the internet is hosted on a separate machine? I have not had any problems up to this point. Lastly, I am not sure what comment you are trying to make about my MCSE certification, but I am proud of the training I have had on all the operating systems I work with whether they be MS, UX, Linux or otherwise. I'm proud of you too. --Adam -- Adam McKenna [EMAIL PROTECTED] | "No matter how much it changes, http://flounder.net/publickey.html | technology's just a bunch of wires GPG: 17A4 11F7 5E7E C2E7 08AA| connected to a bunch of other wires." 38B0 05D0 8BF7 2C6D 110A| Joe Rogan, _NewsRadio_ 6:29pm up 127 days, 15:45, 8 users, load average: 0.19, 0.08, 0.02
Re: Bogus MAIL FROM (SPAM)
Aaron Newcomb, MCSE -- gee, that wasn't obvious. point. Lastly, I am not sure what comment you are trying to make about my MCSE certification, but I am proud of the training I have had on all the operating systems I work with whether they be MS, UX, Linux or otherwise. sos di you find the MCSE useful? i am one too and i thought that the tests were not only ridiculously simple, but also just plain bollocks. microsoft products are way to non-adherent to standards and way to nice-user-gui stuffed to make their tests useful outside of a "domain". just my two cents. martin [EMAIL PROTECTED] (greetings from the heart of the sun)
RE: Bogus MAIL FROM (SPAM)
You obviously don't understand what I am asking, but instead of restating the many posts and replies on this subject I will leave it up to you to do that on your own time. As for my particular situation I have learned that there is no magic wand as far as SPAM is concerned. However, I have found a few good ways to minimize the amount that I receive on my server. If anyone is interested I would be happy to share a recap offline. Thanks to those that helped! Aaron -Original Message- From: Adam McKenna [mailto:[EMAIL PROTECTED]] Sent: Sunday, October 15, 2000 6:32 PM To: [EMAIL PROTECTED] Subject: Re: Bogus MAIL FROM (SPAM) On Sat, Oct 14, 2000 at 08:33:54PM -0400, Aaron Newcomb wrote: So, are you saying there is no way to block certain hosts in qmail? I find that hard to believe. Qmail has been a pretty good package so far, and I can't believe that would be so limited in this area. Also, what do you mean I will not be able to "receive mail from a large percentage of the domains on the internet." You stated that you want to block mail from hosts that have a different domain in the SMTP MAIL FROM: and the HELO. You obviously don't understand the implications of what you are asking. Do you think that every mail domain on the internet is hosted on a separate machine? I have not had any problems up to this point. Lastly, I am not sure what comment you are trying to make about my MCSE certification, but I am proud of the training I have had on all the operating systems I work with whether they be MS, UX, Linux or otherwise. I'm proud of you too. --Adam -- Adam McKenna [EMAIL PROTECTED] | "No matter how much it changes, http://flounder.net/publickey.html | technology's just a bunch of wires GPG: 17A4 11F7 5E7E C2E7 08AA| connected to a bunch of other wires." 38B0 05D0 8BF7 2C6D 110A| Joe Rogan, _NewsRadio_ 6:29pm up 127 days, 15:45, 8 users, load average: 0.19, 0.08, 0.02
Re: Bogus MAIL FROM (SPAM)
"Aaron Newcomb" [EMAIL PROTECTED] writes: there is no magic wand as far as SPAM is concerned. However, I have found a few good ways to minimize the amount that I receive on my server. If anyone is interested I would be happy to share a recap offline. Ummm...yes please! :) I have actually just started receiving spam. It is addressed to my e-mail address (in the To: header), so it isn't a normal, cheap one that simply connects to many many servers, it actually appears to parse each message. Crazy ppl...however anyway some help would be great! Thanks. -- === |User: |Href: |Status:| --- |Brett Randall |http://xbox.ipsware.com/|Hibernating| === Generated by Microsoft Ass-Watcher s/(c)/(!c)/g 2003
Re: Bogus MAIL FROM (SPAM)
Brett Randall [EMAIL PROTECTED] writes: "Aaron Newcomb" [EMAIL PROTECTED] writes: Bugger...I sent this to the list. Apologies. -- === |User: |Href: |Status:| --- |Brett Randall |http://xbox.ipsware.com/|Hibernating| === Generated by Microsoft Ass-Watcher s/(c)/(!c)/g 2003
MCSE Worth It? OR Not. (WAS RE: Bogus MAIL FROM (SPAM))
This is pretty far off the topic, but since you asked here are my two cents as well. My certification was definitely not useful in my everyday activities with the exception of the TCP/IP class. And that was only because my class was taught by a retired military researcher who actually worked on the protocol in its early development. Still, if he had stayed true to the Microsoft material that class would have fallen into the same boat. The one place where the MCSE does help is on a resume. The better employers look at this and add in other factors like work experience, education, etc. to decide how much you are worth to them. In my experience I have found that it is useful at least in that area. I agree with your general statement about MS products. We will see if they ever get the message or not. Aaron -Original Message- From: MaD dUCK [mailto:[EMAIL PROTECTED]] Sent: Sunday, October 15, 2000 9:46 PM To: Aaron Newcomb Cc: Adam McKenna; [EMAIL PROTECTED] Subject: Re: Bogus MAIL FROM (SPAM) Aaron Newcomb, MCSE -- gee, that wasn't obvious. point. Lastly, I am not sure what comment you are trying to make about my MCSE certification, but I am proud of the training I have had on all the operating systems I work with whether they be MS, UX, Linux or otherwise. sos di you find the MCSE useful? i am one too and i thought that the tests were not only ridiculously simple, but also just plain bollocks. microsoft products are way to non-adherent to standards and way to nice-user-gui stuffed to make their tests useful outside of a "domain". just my two cents. martin [EMAIL PROTECTED] (greetings from the heart of the sun)
Re: MCSE Worth It? OR Not. (WAS RE: Bogus MAIL FROM (SPAM))
I some ways I agree with you again. I took TCP/IP as well and if the exam wasn't called "TCP/IP on Microsoft Windows" and touching all the MS specifics, I would have thought higher of it. I did do Cisco and Novell certs before and so it wasn't news in any way. About the resume: see the thing is that this was true a couple of years ago, but taking how easy MCSE actually is - i mean you can complete the cert in one week without any training (this is what i did) - many people now use it as an entrance path into IT. and the more MCSE's without real experience that exist, the less the MCSE cert is going to be worth. it might still be true that MCSE will get you a better position on job choices, but i have recently encountered many companies who are totally unimpressed by MCSE or who require it anyway as a sort of base level because it is considered a "popular" certification. martin [EMAIL PROTECTED] (greetings from the heart of the sun)
Re: Bogus MAIL FROM (SPAM)
Thus said "Aaron Newcomb" on Fri, 13 Oct 2000 23:19:48 EDT: Notice that the HELO and the MAIL FROM: lines have completely different domains. The MAIL FROM they are using is a bogus address. What is the best way to prevent email like this from being accepted? Without some hacking you won't be able to block based on the From: header, however you can block based on the sender envelope. See the man page for qmail-smtpd which specifically references the use of the badmailfrom control file. Andy -- [---[system uptime]] 12:54am up 7 days, 4:21, 6 users, load average: 1.35, 1.33, 1.20
Re: Bogus MAIL FROM (SPAM)
On Fri, Oct 13, 2000 at 11:29:42PM -0400, Tony Publiski (tonyp) wrote: Notice that the HELO and the MAIL FROM: lines have completely different domains. The MAIL FROM they are using is a bogus address. What is the best way to prevent email like this from being accepted? You don't. You also will not be able to receive mail from a large percentage of the domains on the internet. Thanks, Aaron Newcomb, MCSE -- gee, that wasn't obvious. --Adam -- Adam McKenna [EMAIL PROTECTED] | "No matter how much it changes, http://flounder.net/publickey.html | technology's just a bunch of wires GPG: 17A4 11F7 5E7E C2E7 08AA| connected to a bunch of other wires." 38B0 05D0 8BF7 2C6D 110A| Joe Rogan, _NewsRadio_ 3:02am up 126 days, 18 min, 9 users, load average: 1.47, 1.03, 0.53
RE: Bogus MAIL FROM (SPAM)
hi There must be some way to block this mail from coming through. It would be ideal to block based on the HELO response since they can't fake that. ähem, and what about isp's hosting k's of domains and relaying for customers with their own domains? the sending mta would have to switch the domain for every mail? ;) a == Alexander Jernejcic email:[EMAIL PROTECTED] begin LOVE-LETTER-UND-NIX-DAZUGELERNT.txt.vbs I am a Signature, not a Virus! end
RE: Bogus MAIL FROM (SPAM)
So, are you saying there is no way to block certain hosts in qmail? I find that hard to believe. Qmail has been a pretty good package so far, and I can't believe that would be so limited in this area. Also, what do you mean I will not be able to "receive mail from a large percentage of the domains on the internet." I have not had any problems up to this point. Lastly, I am not sure what comment you are trying to make about my MCSE certification, but I am proud of the training I have had on all the operating systems I work with whether they be MS, UX, Linux or otherwise. Aaron -Original Message- From: Adam McKenna [mailto:[EMAIL PROTECTED]] Sent: Saturday, October 14, 2000 3:05 AM To: [EMAIL PROTECTED] Subject: Re: Bogus MAIL FROM (SPAM) On Fri, Oct 13, 2000 at 11:29:42PM -0400, Tony Publiski (tonyp) wrote: Notice that the HELO and the MAIL FROM: lines have completely different domains. The MAIL FROM they are using is a bogus address. What is the best way to prevent email like this from being accepted? You don't. You also will not be able to receive mail from a large percentage of the domains on the internet. Thanks, Aaron Newcomb, MCSE -- gee, that wasn't obvious. --Adam -- Adam McKenna [EMAIL PROTECTED] | "No matter how much it changes, http://flounder.net/publickey.html | technology's just a bunch of wires GPG: 17A4 11F7 5E7E C2E7 08AA| connected to a bunch of other wires." 38B0 05D0 8BF7 2C6D 110A| Joe Rogan, _NewsRadio_ 3:02am up 126 days, 18 min, 9 users, load average: 1.47, 1.03, 0.53
RE: Bogus MAIL FROM (SPAM)
What about ISP's? I am not one so why should I care? Aaron -Original Message- From: Alexander Jernejcic [mailto:[EMAIL PROTECTED]] Sent: Saturday, October 14, 2000 6:40 AM To: [EMAIL PROTECTED] Subject: RE: Bogus MAIL FROM (SPAM) hi There must be some way to block this mail from coming through. It would be ideal to block based on the HELO response since they can't fake that. ähem, and what about isp's hosting k's of domains and relaying for customers with their own domains? the sending mta would have to switch the domain for every mail? ;) a == Alexander Jernejcic email:[EMAIL PROTECTED] begin LOVE-LETTER-UND-NIX-DAZUGELERNT.txt.vbs I am a Signature, not a Virus! end
RE: Bogus MAIL FROM (SPAM)
Thanks for your advice, Andy. From the documentation I have been able to find on badmailfrom I am unable to determine if it will block an entire host or just certain senders addresses. I think in my case I need to block any mail that originates from a specific host. Otherwise, tomorrow the SPAMers may just decide to change the bogus MAIL FROM: address they are using. Can you clear this up? Or point me in the right direction? Thanks, Aaron -Original Message- From: Andy Bradford [mailto:[EMAIL PROTECTED]] Sent: Saturday, October 14, 2000 2:54 AM To: Aaron Newcomb Cc: [EMAIL PROTECTED] Subject: Re: Bogus MAIL FROM (SPAM) Thus said "Aaron Newcomb" on Fri, 13 Oct 2000 23:19:48 EDT: Notice that the HELO and the MAIL FROM: lines have completely different domains. The MAIL FROM they are using is a bogus address. What is the best way to prevent email like this from being accepted? Without some hacking you won't be able to block based on the From: header, however you can block based on the sender envelope. See the man page for qmail-smtpd which specifically references the use of the badmailfrom control file. Andy -- [---[system uptime]] 12:54am up 7 days, 4:21, 6 users, load average: 1.35, 1.33, 1.20
Re: Bogus MAIL FROM (SPAM)
On Sat, Oct 14, 2000 at 08:33:54PM -0400, Aaron Newcomb wrote: So, are you saying there is no way to block certain hosts in qmail? I find He might not have been saying it well, but blocking spam is a hard problem. If you're relatively new to the issue of spammers and how they quickly morph to avoid spam blocks, you might want to do a bit of research. that hard to believe. Qmail has been a pretty good package so far, and I can't believe that would be so limited in this area. It's limited because spam blocking has two severe problems. First there is no guaranteed way to identify all spam. Second spam filters give you false negatives. That is, you can accidentally block real mail because your spam filters are too aggressive. Perhaps for those reasons, qmail decided to largely stay out of the spam blocking game and leave it to others. qmail gives you two methods for blocking spam. badmailfrom if you can identify the envelope sender of the spammer and tcpserver if you can identify the ip address of the spammer. So, to return to your question, what do you mean by "block certain hosts"? Do you mean their IP address, do you mean their name in the envelope, or do you mean their name in the mail (such as From:)? Note that a good spammer will change all of these more quickly than you can eat breakfast... point. Lastly, I am not sure what comment you are trying to make about my MCSE certification, but I am proud of the training I have had on all the operating systems I work with whether they be MS, UX, Linux or otherwise. He's being facetious. Ignore it. If you're willing to learn, you're more than welcome on this list. Regards.
RE: Bogus MAIL FROM (SPAM)
Mark, Thanks for your comments. They have certainly been the most help so far. I have been doing some research on the SPAM dilemma over the past couple of weeks (mostly from the qmail homepage under the Spam prevention section) and find your remarks to be right on target. I am currently using rblsmtpd to at least try to combat known SPAMers, but it certainly is not 100% effective for the reasons you point out below. I have also noticed that I am receiving quite a bit of SPAM from the same source. So, my goal would be to find a way to block that host from sending me any more mail. I do realize that I would be blocking all other users that use that host as their mail server. At the moment I am using this server as a personal mail server so I am OK with that. I also realize that the SPAMer could just switch to a different relay box to send their mail. On this issue only time will tell. I hope this explains what I am trying to accomplish. If there is a way to do this with qmail that would be great. Otherwise I guess I could try to use hosts.deny and see if that works. Any suggestions are appreciated. Aaron -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Saturday, October 14, 2000 9:02 PM To: [EMAIL PROTECTED] Subject: Re: Bogus MAIL FROM (SPAM) On Sat, Oct 14, 2000 at 08:33:54PM -0400, Aaron Newcomb wrote: So, are you saying there is no way to block certain hosts in qmail? I find He might not have been saying it well, but blocking spam is a hard problem. If you're relatively new to the issue of spammers and how they quickly morph to avoid spam blocks, you might want to do a bit of research. that hard to believe. Qmail has been a pretty good package so far, and I can't believe that would be so limited in this area. It's limited because spam blocking has two severe problems. First there is no guaranteed way to identify all spam. Second spam filters give you false negatives. That is, you can accidentally block real mail because your spam filters are too aggressive. Perhaps for those reasons, qmail decided to largely stay out of the spam blocking game and leave it to others. qmail gives you two methods for blocking spam. badmailfrom if you can identify the envelope sender of the spammer and tcpserver if you can identify the ip address of the spammer. So, to return to your question, what do you mean by "block certain hosts"? Do you mean their IP address, do you mean their name in the envelope, or do you mean their name in the mail (such as From:)? Note that a good spammer will change all of these more quickly than you can eat breakfast... point. Lastly, I am not sure what comment you are trying to make about my MCSE certification, but I am proud of the training I have had on all the operating systems I work with whether they be MS, UX, Linux or otherwise. He's being facetious. Ignore it. If you're willing to learn, you're more than welcome on this list. Regards.
Re: Bogus MAIL FROM (SPAM)
for the reasons you point out below. I have also noticed that I am receiving quite a bit of SPAM from the same source. So, my goal would be to find a way to block that host from sending me any more mail. I do realize that I would You need to explain what you mean by "the same source". Same IP? Same server pool, same name in the From:? I hope this explains what I am trying to accomplish. If there is a way to do this with qmail that would be great. Otherwise I guess I could try to use hosts.deny and see if that works. That sounds irrelevant. hosts.deny is normally a tcpwrapper file. Unless you're running qmail-smtpd out of inetd, hosts.deny is not in the loop. On the matter of SPAM research. Check out www.abuse.net and spam.abuse.net. Regards.
Re: Bogus MAIL FROM (SPAM)
On Sat, Oct 14, 2000 at 08:45:11PM -0400, Aaron Newcomb wrote: Thanks for your advice, Andy. From the documentation I have been able to find on badmailfrom I am unable to determine if it will block an entire host or just certain senders addresses. I think in my case I need to block any mail that originates from a specific host. Otherwise, tomorrow the SPAMers may just decide to change the bogus MAIL FROM: address they are using. Can you clear this up? Or point me in the right direction? It's easy to block mail from a specific host. Let's say its IP address is 1.2.3.4. You can deny the connection in your tcp rules file: 1.2.3.4:deny Or you can block it with rblsmtpd (even if it's not listed in RSS or ORBS or whatever you're using) with this in your rules file: 1.2.3.4:allow,"RBLSMTPD=-Go away, fathead!" What's the IP address of the host that all this spam is coming from? Chris
RE: Bogus MAIL FROM (SPAM)
Chris, Yes. That makes sense. I knew there had to be a way. Thanks for the help. The most offending address is 210.133.28.162. Thanks, Aaron -Original Message- From: Chris Johnson [mailto:[EMAIL PROTECTED]] Sent: Sunday, October 15, 2000 1:07 AM To: Aaron Newcomb Cc: [EMAIL PROTECTED] Subject: Re: Bogus MAIL FROM (SPAM) On Sat, Oct 14, 2000 at 08:45:11PM -0400, Aaron Newcomb wrote: Thanks for your advice, Andy. From the documentation I have been able to find on badmailfrom I am unable to determine if it will block an entire host or just certain senders addresses. I think in my case I need to block any mail that originates from a specific host. Otherwise, tomorrow the SPAMers may just decide to change the bogus MAIL FROM: address they are using. Can you clear this up? Or point me in the right direction? It's easy to block mail from a specific host. Let's say its IP address is 1.2.3.4. You can deny the connection in your tcp rules file: 1.2.3.4:deny Or you can block it with rblsmtpd (even if it's not listed in RSS or ORBS or whatever you're using) with this in your rules file: 1.2.3.4:allow,"RBLSMTPD=-Go away, fathead!" What's the IP address of the host that all this spam is coming from? Chris
Bogus MAIL FROM (SPAM)
I am having trouble with SPAM from people who provide bogus From and To lines when talking to my qmail server. Here is an example. Oct 12 21:47:49 linux1 smtpd: 971401669.546402 2385 220 ns1.newcombnet.com ES Oct 12 21:47:52 linux1 smtpd: 971401672.921618 2385 HELO att.attsoken.co.jp? Oct 12 21:47:52 linux1 smtpd: 971401672.922747 2385 250 ns1.newcombnet.com? Oct 12 21:47:53 linux1 smtpd: 971401673.298142 2385 MAIL FROM:[EMAIL PROTECTED] Oct 12 21:47:53 linux1 smtpd: 971401673.299236 2385 250 ok? Oct 12 21:47:53 linux1 smtpd: 971401673.568619 2385 RCPT TO:[EMAIL PROTECTED] Notice that the HELO and the MAIL FROM: lines have completely different domains. The MAIL FROM they are using is a bogus address. What is the best way to prevent email like this from being accepted? Thanks, Aaron Newcomb, MCSE http://www.newcombnet.com [EMAIL PROTECTED]
RE: Bogus MAIL FROM (SPAM)
Title: RE: Bogus MAIL FROM (SPAM) No matter what they're always going to be able to send mail to a domain hosted on your box...your only chance is to learn to use your delete key... Tony -Original Message- From: Aaron Newcomb [mailto:[EMAIL PROTECTED]] Sent: Friday, October 13, 2000 11:20 PM To: [EMAIL PROTECTED] Subject: Bogus MAIL FROM (SPAM) I am having trouble with SPAM from people who provide bogus From and To lines when talking to my qmail server. Here is an example. Oct 12 21:47:49 linux1 smtpd: 971401669.546402 2385 220 ns1.newcombnet.com ES Oct 12 21:47:52 linux1 smtpd: 971401672.921618 2385 HELO att.attsoken.co.jp? Oct 12 21:47:52 linux1 smtpd: 971401672.922747 2385 250 ns1.newcombnet.com? Oct 12 21:47:53 linux1 smtpd: 971401673.298142 2385 MAIL FROM:[EMAIL PROTECTED] Oct 12 21:47:53 linux1 smtpd: 971401673.299236 2385 250 ok? Oct 12 21:47:53 linux1 smtpd: 971401673.568619 2385 RCPT TO:[EMAIL PROTECTED] Notice that the HELO and the MAIL FROM: lines have completely different domains. The MAIL FROM they are using is a bogus address. What is the best way to prevent email like this from being accepted? Thanks, Aaron Newcomb, MCSE http://www.newcombnet.com [EMAIL PROTECTED]
RE: Bogus MAIL FROM (SPAM)
Title: RE: Bogus MAIL FROM (SPAM) There must be some way to block this mail from coming through. It would be ideal to block based on the HELO response since they can't fake that. Aaron -Original Message-From: Tony Publiski (tonyp) [mailto:[EMAIL PROTECTED]]Sent: Friday, October 13, 2000 11:30 PMTo: 'Aaron Newcomb'; [EMAIL PROTECTED]Subject: RE: Bogus MAIL FROM (SPAM) No matter what they're always going to be able to send mail to a domain hosted on your box...your only chance is to learn to use your delete key... Tony -Original Message- From: Aaron Newcomb [mailto:[EMAIL PROTECTED]] Sent: Friday, October 13, 2000 11:20 PM To: [EMAIL PROTECTED] Subject: Bogus MAIL FROM (SPAM) I am having trouble with SPAM from people who provide bogus From and To lines when talking to my qmail server. Here is an example. Oct 12 21:47:49 linux1 smtpd: 971401669.546402 2385 220 ns1.newcombnet.com ES Oct 12 21:47:52 linux1 smtpd: 971401672.921618 2385 HELO att.attsoken.co.jp? Oct 12 21:47:52 linux1 smtpd: 971401672.922747 2385 250 ns1.newcombnet.com? Oct 12 21:47:53 linux1 smtpd: 971401673.298142 2385 MAIL FROM:[EMAIL PROTECTED] Oct 12 21:47:53 linux1 smtpd: 971401673.299236 2385 250 ok? Oct 12 21:47:53 linux1 smtpd: 971401673.568619 2385 RCPT TO:[EMAIL PROTECTED] Notice that the HELO and the MAIL FROM: lines have completely different domains. The MAIL FROM they are using is a bogus address. What is the best way to prevent email like this from being accepted? Thanks, Aaron Newcomb, MCSE http://www.newcombnet.com [EMAIL PROTECTED]