Date: Wed, 27 Aug 2008 18:41:17 +0100 From: Matthew Seaman <m.seaman@infracaninophile.co.uk> To: Peter Ulrich Kruppa <ulrich@pukruppa.net> Cc: Steve Bertrand <steve@ibctech.ca>, FreeBSD-Questions <freebsd-questions@freebsd.org> Subject: Re: Spam sent to me from my own mail server ? Message-ID: <48B591BD.2030401@infracaninophile.co.uk> In-Reply-To: <48B58DDB.2090008@pukruppa.net> References: <48B566EA.2000406@pukruppa.net> <48B57570.9040707@ibctech.ca> <48B58DDB.2090008@pukruppa.net>
next in thread | previous in thread | raw e-mail | index | archive | help
This is an OpenPGP/MIME signed message (RFC 2440 and 3156)
--------------enig2A1A8CC1416A339F749734CE
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: quoted-printable
Peter Ulrich Kruppa wrote:
> Steve Bertrand schrieb:
>> Peter Ulrich Kruppa wrote:
>>> for some time now I keep receiving spam mails from my own (small)=20
>>> mail server, some of them with faked usernames some of them even with=
=20
>>> my own (ulrich@...).
>> The only way to tell for certain is to review the headers of the messa=
ge.
> Received: from 18971066005.user.veloxzone.com.br=20
> (18971066005.user.veloxzone.com
> .br [189.71.66.5] (may be forged))
> by pukruppa.net (8.14.2/8.14.2) with SMTP id m7RGmXTN038419
> for <ulrich@pukruppa.net>; Wed, 27 Aug 2008 18:48:34 +0200 (CES=
T)
> (envelope-from ixd@pukruppa.net)
It's a simple forgery by the spammer. They just claim to be sending from=
=20
your domain because there are apparently people that run internet connect=
ed=20
mail systems where doing that makes it easier to inject spam... Either=20
that, or the spammers figure they'll get you with the bounce-o-gramme eve=
n=20
if the first delivery doesn't work.
There are a number of measures you can take against such things. One thi=
ng
that is pretty easy to implement is to set up SPF records in the DNS. Th=
is
won't stop the spammers attacking you this way, but it does mean that=20
spamassassin will award them lots of spam points and probably reject the =
mail.
If you're using sendmail as your MTA, then look at implementing the=20
following features in your $(hostname).mc:
FEATURE(greet_pause, `5000')dnl ## 5 seconds
FEATURE(block_bad_helo)dnl
FEATURE(badmx)dnl
FEATURE(require_rdns)dnl
These are pretty cheap resource wise and block many of the most egregious=
=20
spammers. There's a lot more you can do than that in setting up sendmail=
=20
to be spam-resistent -- much more than I can describe in an e-mail like=20
this.
Cheers,
Matthew
--=20
Dr Matthew J Seaman MA, D.Phil. 7 Priory Courtyard
Flat 3
PGP: http://www.infracaninophile.co.uk/pgpkey Ramsgate
Kent, CT11 9PW
--------------enig2A1A8CC1416A339F749734CE
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.9 (FreeBSD)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iEYEAREIAAYFAki1kcQACgkQ8Mjk52CukIzmSQCdH1NxjccvmVNUwY0N0dQetUtd
DKMAoI4o3OKcv8AN1DbAwqkAlwQ9ZmI+
=PNIu
-----END PGP SIGNATURE-----
--------------enig2A1A8CC1416A339F749734CE--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?48B591BD.2030401>