Date: Sat, 7 Jan 2006 21:03:30 -0800 From: "Ted Mittelstaedt" <tedm@toybox.placo.com> To: "Robert Slade" <bsd@bathnetworks.com> Cc: questions@freebsd.org Subject: RE: Spamcop listed - need help to diagnose why Message-ID: <LOBBIFDAGNMAMLGJJCKNCEDNFDAA.tedm@toybox.placo.com> In-Reply-To: <1136618623.15229.17.camel@lmail.bathnetworks.co.uk>
next in thread | previous in thread | raw e-mail | index | archive | help
>-----Original Message----- >From: owner-freebsd-questions@freebsd.org >[mailto:owner-freebsd-questions@freebsd.org]On Behalf Of Robert Slade >Sent: Friday, January 06, 2006 11:24 PM >To: David Banning >Cc: questions@freebsd.org >Subject: Re: Spamcop listed - need help to diagnose why > > > >There is your problem TMDA is most likely the cause. Such programmes are >in effect adding to the spam problem. Nearly all spam has a forged from >address and all programmes such as TMDA do is send a challenge to an >innocent 3rd party. Whist it looks like it reduces your spam all you do >is in effect spam someone else. When your e-mail address has been used >in a spam run by a spammer and you start getting 10s of these challenge >an hour it is quite easy to report 1 my accident. If you look at the >Spamcop reporting page you will see a warning about just this situation. > >I suppose that the real answer is to stop compounding the spam problem >and use a combination of spamassassin and block lists. > >BTW I make it a point never to respond to challenges. > Ditto, and for the same reasons. I've removed David from the cc list on this for that reason as well. Also we need to be aware of another trick that spammers have figured out, that applies to anyone running multiple MX records on a domain (I don't know if David is in that situation) Normally if a domain has a single mailserver processing incoming mail, there's a single MX record pointing to a single machine. But in many cases it's desirable to relay mail through a prefilter system before it gets to the actual mailserver. In those cases a common trick is to block the highest priority MX host off with an access list. Senders try the highest priority, it fails, they then go to the next highest priority host which is the relay host. That host gets it, does it's thing, then tries to send it to the highest priority server which should work since the access list permits that server. This technique has been mentioned in the sendmail book among others. The problem is what spammers are doing now is they find one of these hosts, and pump millions of messages to the secondary, with the VICTIM address as the senders address, and a bogus address as the recipient address. The secondary gets the mail, and tries relaying it to the primary, the primary rejects the mail as user-not-found and the secondary tries to return the message to the sender - which is the victim address. So the spam targets get messages from mailer-daemon that originate from a legitimate host, but are spam. It's a warzone out there, folks. Ted
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?LOBBIFDAGNMAMLGJJCKNCEDNFDAA.tedm>