Re: Pipe characters in From and To's
Hi Spiro, At 13:37 11-02-10, Spiro Harvey wrote: We're getting a boatload of To and From addresses starting with pipe characters on one of our clients' mailservers. The messages themselves don't appear particularly malicious -- the ones we've seen are just pill spam -- but there are craploads of them. If it's in the "To" address and you know that the local-part does not exist, you can configure your MTA to reject the message. So I'm just wondering if others encounter this with enough regularity, Yes. and if so what your thoughts and advice are. I don't particularly want to add rules into sendmail, so SA is my avenue of choice. Having a rule in sendmail is less work. Regards, -sm
Re: Pipe characters in From and To's
In article <20100212103757.4dde0...@goof.off.knossos.net.nz>, Spiro Harvey writes >So I'm just wondering if others encounter this with enough regularity, >and if so what your thoughts and advice are. I don't particularly want >to add rules into sendmail, so SA is my avenue of choice. I've seen a few, but I've seen the same messages without the pipe too. I've been assuming it's a problem with their address file more than anything else since the subject often has the user part both with and without the pipe also. Kevin
Re: Pipe characters in From and To's
Am 11.02.2010 22:37, schrieb Spiro Harvey: > We're getting a boatload of To and From addresses starting with pipe > characters on one of our clients' mailservers. The messages themselves > don't appear particularly malicious -- the ones we've seen are just > pill spam -- but there are craploads of them. > > I was thinking about configuring an SA rule to just bump the scores up > a few points (most of those that are getting thru seem to be scoring > about 8 or 9), so adding a few points will push them into reject > territory. > > Oh, and the client has historically allowed catch-all mail domains > hence why so many of these are being delivered. We've managed to get > them to not allow catch-alls now, but they still have 20-odd-thousand > historical domains that haven't had the catch-alls removed yet.. > > So I'm just wondering if others encounter this with enough regularity, > and if so what your thoughts and advice are. I don't particularly want > to add rules into sendmail, so SA is my avenue of choice. > > Cheers > I also had a lot of load for this kind of mail until I added a header_checks rule Ralph
