From owner-freebsd-questions@FreeBSD.ORG Thu Aug 28 04:30:07 2008 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 93567106566C for ; Thu, 28 Aug 2008 04:30:07 +0000 (UTC) (envelope-from ulrich@pukruppa.net) Received: from pukruppa.net (pukruppa.net [213.146.114.24]) by mx1.freebsd.org (Postfix) with ESMTP id EBFA98FC08 for ; Thu, 28 Aug 2008 04:30:06 +0000 (UTC) (envelope-from ulrich@pukruppa.net) Received: from pukruppa.net (pukruppa.net [213.146.114.24]) by pukruppa.net (8.14.2/8.14.2) with ESMTP id m7S4WUeJ063845; Thu, 28 Aug 2008 06:32:31 +0200 (CEST) (envelope-from ulrich@pukruppa.net) Message-ID: <48B62A5E.9050007@pukruppa.net> Date: Thu, 28 Aug 2008 06:32:30 +0200 From: Peter Ulrich Kruppa User-Agent: Thunderbird 2.0.0.16 (X11/20080822) MIME-Version: 1.0 To: FreeBSD-Questions , Matthew Seaman Content-Type: text/plain; charset=ISO-8859-15; format=flowed Content-Transfer-Encoding: 7bit Cc: Subject: Re: Spam sent to me from my own mail server ? X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 28 Aug 2008 04:30:07 -0000 Sorry, I forgot to post to the list! ------------------------------------ Matthew Seaman schrieb: > Peter Ulrich Kruppa wrote: >> Steve Bertrand schrieb: >>> Peter Ulrich Kruppa wrote: > >>>> for some time now I keep receiving spam mails from my >>>> own (small) mail server, some of them with faked >>>> usernames some of them even with my own (ulrich@...). > >>> The only way to tell for certain is to review the headers >>> of the message. > >> Received: from 18971066005.user.veloxzone.com.br (18971066005.user.veloxzone.com .br [189.71.66.5] (may be >> forged)) by pukruppa.net (8.14.2/8.14.2) with SMTP id >> m7RGmXTN038419 for ; Wed, 27 Aug 2008 >> 18:48:34 +0200 (CEST) (envelope-from ixd@pukruppa.net) > > It's a simple forgery by the spammer. They just claim to be > sending from your domain because there are apparently people > that run internet connected mail systems where doing that > makes it easier to inject spam... Either that, or the spammers > figure they'll get you with the bounce-o-gramme even if the > first delivery doesn't work. > > There are a number of measures you can take against such > things. One thing that is pretty easy to implement is to set > up SPF records in the DNS. This won't stop the spammers > attacking you this way, but it does mean that spamassassin > will award them lots of spam points and probably reject the mail. > > If you're using sendmail as your MTA, then look at > implementing the following features in your $(hostname).mc: Would that mean a file called /etc/mail/pukruppa.net.mc in my case? Since I get # hostname pukruppa.net or do I leave away the .net ? Thanks, Uli. > > FEATURE(greet_pause, `5000')dnl ## 5 seconds FEATURE(block_bad_helo)dnl FEATURE(badmx)dnl FEATURE(require_rdns)dnl > > These are pretty cheap resource wise and block many of the > most egregious spammers. There's a lot more you can do than > that in setting up sendmail to be spam-resistent -- much more > than I can describe in an e-mail like this. > > Cheers, > > Matthew > -- Peter Ulrich Kruppa Wuppertal Germany -- Peter Ulrich Kruppa Wuppertal Germany