From owner-freebsd-questions@FreeBSD.ORG Thu Dec 16 14:15:37 2010 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id AA5141065670 for ; Thu, 16 Dec 2010 14:15:37 +0000 (UTC) (envelope-from smithi@nimnet.asn.au) Received: from sola.nimnet.asn.au (paqi.nimnet.asn.au [115.70.110.159]) by mx1.freebsd.org (Postfix) with ESMTP id 26CF88FC1B for ; Thu, 16 Dec 2010 14:15:36 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by sola.nimnet.asn.au (8.14.2/8.14.2) with ESMTP id oBGEFPKw018769; Fri, 17 Dec 2010 01:15:25 +1100 (EST) (envelope-from smithi@nimnet.asn.au) Date: Fri, 17 Dec 2010 01:15:24 +1100 (EST) From: Ian Smith To: Bruce Cran In-Reply-To: <20101216120053.58A8F1065712@hub.freebsd.org> Message-ID: <20101217000955.D83735@sola.nimnet.asn.au> References: <20101216120053.58A8F1065712@hub.freebsd.org> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Cc: freebsd-questions@freebsd.org, Michelle Konzack Subject: Re: Spam with fake address from the list? X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 16 Dec 2010 14:15:37 -0000 Re: freebsd-questions Digest, Vol 341, Issue 6, Message: 27 On Thu, 16 Dec 2010 11:44:09 +0000 Bruce Cran wrote: > On Thu, 16 Dec 2010 12:40:35 +0100 > Michelle Konzack wrote: > > > does someone get this kind of spam too? > > Yes, lots of people have been getting that for a few months. > parklogic claim there's not anything they can do about it despite it > apparently coming from their servers. If you researched the mob running parklogic, I suspect you'd tend to give any claims they may make scant credence, to say the very least. These forged messages were blocked inbound to the FreeBSD mailservers in August, but continue to be sent individually to participants harvested from messages posted to this list, and likely will continue to be. Since this is becoming a FAQ: To date all of these forged messages contain the following mail headers: > Return-Path: > Received: from dusk.parklogic.com (allmail.0b2.net [64.38.11.26]) Having your mailserver refuse connections from IP address 64.38.11.26 or domain 0b2.net, or envelopes sent by parklogic.com, definitively solves this problem. In sendmail /etc/mail/access syntax, use any or all of: From:parklogic.com REJECT Connect:64.38.11.26 REJECT Connect:0b2.net REJECT For those without control over their inbound mailserver, try to block or filter mail based on those Return-Path: or Received: headers above, or on the Message-ID: header which has always contained 'parklogic.com': > Message-ID: <20101110202251.16589.qmail@dusk.parklogic.com> And don't forget to wash your hands after flushing :) cheers, Ian