FreeBSD Mail Archives

Date:      Thu, 14 Feb 2002 12:06:16 -0500
From:      "William J. Petch" <twofour@etherworx.com>
To:        <freebsd-security@FreeBSD.ORG>
Subject:   Re: sendmail ; bogus letters
Message-ID:  <002001c1b579$eab38b70$4e00000a@twofour>
References:  <Pine.BSF.4.44.0202140740060.52689-100000@R181172.resnet.ucsb.edu> <02021413401002.02159@hercules.avint.net>


[-- Attachment #1 --]
I have been having a spam problem as well.  I use ordb.org to block spam,
and have noticed a significant decrease in the amount of spam that comes to
my server.

The problem I am having is I am only getting bounced spam.  (And quite a lot
of it too.)  The original messages are not being relayed, or even touching
my server.
I have a couple of excerpts of some email headers here...  Our mail server's
name is mail.etherworx.com, and our server's class C is 216.58.72.xx.

*****
Received: from mail.etherworx.com (210.42.64.33 [210.42.64.33]) by
mailsrv.hbeeh.edu.cn with SMTP (Microsoft Exchange Internet Mail Service
Version 5.5.1960.3)
*****
Received: from mail.etherworx.com (61.129.53.123 [61.129.53.123]) by
mail.ecepdi.stn.sh.cn with SMTP (Microsoft Exchange Internet Mail Service
Version 5.5.1960.3)
*****

These messages are being sent as Mark.Cella@etherlinx.ca (A domain that is
hosted on my server.)

Clearly, these emails are not being routed through my servers.  However,
whenever these spam mails bounce, they are coming back to
mail.etherworx.com.
I have no idea whatsoever as to how I can stop these...

Anybody???

William J. Petch
System Administrator
EtherworX, Inc.

----- Original Message -----
From: "Graham Rose" <graham@avint.net>
To: <freebsd-security@FreeBSD.ORG>
Sent: Thursday, February 14, 2002 12:05 PM
Subject: Re: sendmail ; bogus letters


> Add entries for the Open Relay Database (www.ordb.org &
> www.ordb.org/faq/#sendmail) and spamcop.net  (www.spamcop.net)
> Configuring your mail server to use these lists of known spammers will
block
> most spam. I've noticed a 10 fold decrease on my mail server, with
thousands of
> spam blocked each day.
> Note: Setup instructions vary depending on the version of sendmail you
run. See
> above urls for details.
>
> --
> Graham Rose
> Network Administrator
> Avalon InterConnect & Infotech Canada
> graham@infotechcanada.com
> graham@avint.net
> http://www.avint.net
> http://www.infotechcanada.com
>
>
>
> On Thu, 14 Feb 2002, Dave wrote:
> > Some of my accounts are getting some spam (what else is new on the
> > internet?).  However, the "from" addresses of these letters are not even
> > valid (as is with a lot of spam).  In a couple of cases they are, but I
> > question the letter actually came from the sender listed.
> >
> > Is there something I can do in the sendmail.cf file or other
configuration
> > change to drop these kinds of letters?  Other solutions?
> >
> > I've thought of denying messages from free mail sites, but I imagine
some
> > spam is from elsewhere.  I would think it is possible to ditch bulkmail,
I
> > know that yahoo.com has a bulkmail folder -- and I heard yahoo runs
> > FreeBSD too :)  How are the letters discriminated from eachother as a
bulk
> > versus a possible real one?
> >
> >
> > To Unsubscribe: send mail to majordomo@FreeBSD.org
> > with "unsubscribe freebsd-security" in the body of the message
>
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-security" in the body of the message
>

[-- Attachment #2 --]
0�	*�H��
��0�10	+0�	*�H��
���0��0�����0
	*�H��
0��10	UZA10UWestern Cape10U	Cape Town10
U
Thawte10UCertificate Services1(0&UPersonal Freemail RSA 2000.8.300
020117033759Z
030117033759Z0G10UThawte Freemail Member1$0"	*�H��
	twofour@etherworx.com0��0
	*�H��
��0�����_��[ll��E�D3O܎�g
V�d3��!��y�A�T_���I6V��I��㾞��OJ�����Ӕ�S�ͦ-1
�H�7��A;%߰����;r����ȲL�.���#˳�'��ATg������&S�k�2000 U0�twofour@etherworx.com0U�00
	*�H��
��5���m�ݤ]	�|�\�3e�������MR;�r��[�����.4�źS��z�#�����?�2e���O�L]�@��]0��~��̭�R��]$�U��szBmD��Ԑ.#U(�	d�Ǫ�|3xC0�-0���0
	*�H��
0��10	UZA10UWestern Cape10U	Cape Town10U
Thawte Consulting1(0&UCertification Services Division1$0"UThawte Personal Freemail CA1+0)	*�H��
	personal-freemail@thawte.com0
960101000000Z
201231235959Z0��10	UZA10UWestern Cape10U	Cape Town10U
Thawte Consulting1(0&UCertification Services Division1$0"UThawte Personal Freemail CA1+0)	*�H��
	personal-freemail@thawte.com0��0
	*�H��
��0�����i�԰�d[q�G�Q��r���^}-
�{߅%u(t:B,c'��{K�~���ݹΖd�nD�|��Mq@8���x����^���^v���]nz|�KU)��&�j�8$j�Ǳڣ���y��Z���00U�0�0
	*�H��
����~N����gb*��M`�o�`Xa�&�R5\�0��J��bB#���d��G)ߝ�^�l`q\���y��nG�
(�������|���_#&	��s��C��%��/�����u��Q�k����w��0�80���fEr��t��cvE��.�0
	*�H��
0��10	UZA10UWestern Cape10U	Cape Town10U
Thawte Consulting1(0&UCertification Services Division1$0"UThawte Personal Freemail CA1+0)	*�H��
	personal-freemail@thawte.com0
000830000000Z
040827235959Z0��10	UZA10UWestern Cape10U	Cape Town10
U
Thawte10UCertificate Services1(0&UPersonal Freemail RSA 2000.8.300��0
	*�H��
��0�����32�c�	%E>�nx'g��ڈ���D)�c5*mp<�ܮ��to0�3��4q��m���O�e�
�K���a����U�5��u�'��r���װ�����|CBPQ��<�9��T������If-	��k�i�N0L0)U"0 �010UPrivateLabel1-2970U�0�0U0
	*�H��
��1�KG]�q��Sl]y�=��&b�"��"��I�'{9����$����
*8�PU�l�
�L����G�l�X�1B	l�i�+�@]j�y��.%݊���
��Z��<�D�&i�H�Υ����bb��1��0��0��0��10	UZA10UWestern Cape10U	Cape Town10
U
Thawte10UCertificate Services1(0&UPersonal Freemail RSA 2000.8.30��0	+���0	*�H��
	1	*�H��
0	*�H��
	1
020214170616Z0#	*�H��
	1�
 Y�������?2<D�0[	*�H��
	1N0L0
*�H��
0*�H��
�0
*�H��
@0+0
*�H��
(0+0
	*�H��
���ۛ1�����\ve�ޏ���k�a�W,�ĚoH띳���C�L��%V�24E��5�n�m�Y���v%ȵ���_>}���v
}���E��Z��a��]�35m���#�Qբ��k

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?002001c1b579$eab38b70$4e00000a>

Header And Logo

Peripheral Links

Site Navigation

Header And Logo

Peripheral Links

Search

Site Navigation