From owner-freebsd-questions@FreeBSD.ORG Wed Aug 27 17:41:34 2008 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 15A7D1065676 for ; Wed, 27 Aug 2008 17:41:34 +0000 (UTC) (envelope-from m.seaman@infracaninophile.co.uk) Received: from smtp.infracaninophile.co.uk (gate6.infracaninophile.co.uk [IPv6:2001:8b0:151:1::1]) by mx1.freebsd.org (Postfix) with ESMTP id 8F0038FC14 for ; Wed, 27 Aug 2008 17:41:33 +0000 (UTC) (envelope-from m.seaman@infracaninophile.co.uk) Received: from happy-idiot-talk.infracaninophile.co.uk (localhost [IPv6:::1]) (authenticated bits=0) by smtp.infracaninophile.co.uk (8.14.2/8.14.2) with ESMTP id m7RHfOM0002035; Wed, 27 Aug 2008 18:41:25 +0100 (BST) (envelope-from m.seaman@infracaninophile.co.uk) X-DKIM: Sendmail DKIM Filter v2.7.0 smtp.infracaninophile.co.uk m7RHfOM0002035 DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=infracaninophile.co.uk; s=200708; t=1219858886; bh=i5izjBvRJd8W7N wJDLW3n8VtpqhugEMfzQM7O1wOZJQ=; h=Message-ID:Date:From:MIME-Version: To:CC:Subject:References:In-Reply-To:Content-Type:Cc:Content-Type: Date:From:In-Reply-To:Message-ID:Mime-Version:References:To; z=Mes sage-ID:=20<48B591BD.2030401@infracaninophile.co.uk>|Date:=20Wed,=2 027=20Aug=202008=2018:41:17=20+0100|From:=20Matthew=20Seaman=20|Organization:=20Infracaninophile|User -Agent:=20Thunderbird=202.0.0.16=20(X11/20080726)|MIME-Version:=201 .0|To:=20Peter=20Ulrich=20Kruppa=20|CC:=20Stev e=20Bertrand=20,=20=0D=0A=20FreeBSD-Questions=20< freebsd-questions@freebsd.org>|Subject:=20Re:=20Spam=20sent=20to=20 me=20from=20my=20own=20mail=20server=20?|References:=20<48B566EA.20 00406@pukruppa.net>=20<48B57570.9040707@ibctech.ca>=20<48B58DDB.209 0008@pukruppa.net>|In-Reply-To:=20<48B58DDB.2090008@pukruppa.net>|X -Enigmail-Version:=200.95.6|Content-Type:=20multipart/signed=3B=20m icalg=3Dpgp-sha256=3B=0D=0A=20protocol=3D"application/pgp-signature "=3B=0D=0A=20boundary=3D"------------enig2A1A8CC1416A339F749734CE"; b=3+qsGTm/YD72bkPvt5nVww24yIDV8/8WHV4DEcwn72mLmvJFm5yO/TCcEv7sWZ5pY TgMYZxy6Zn8agzVEn5Royf3t+TpY9XsemcBD8dxxgzYtt70xEu0CLd7xgmwjbYsqr0I 6R/HirVwH1XsWoy1BEXH2RDQwINuw1iT/F5OtO8= Message-ID: <48B591BD.2030401@infracaninophile.co.uk> Date: Wed, 27 Aug 2008 18:41:17 +0100 From: Matthew Seaman Organization: Infracaninophile User-Agent: Thunderbird 2.0.0.16 (X11/20080726) MIME-Version: 1.0 To: Peter Ulrich Kruppa References: <48B566EA.2000406@pukruppa.net> <48B57570.9040707@ibctech.ca> <48B58DDB.2090008@pukruppa.net> In-Reply-To: <48B58DDB.2090008@pukruppa.net> X-Enigmail-Version: 0.95.6 Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="------------enig2A1A8CC1416A339F749734CE" X-Virus-Scanned: ClamAV 0.93.3/8099/Wed Aug 27 14:14:40 2008 on happy-idiot-talk.infracaninophile.co.uk X-Virus-Status: Clean X-Spam-Status: No, score=-2.4 required=5.0 tests=AWL,BAYES_00,DKIM_SIGNED, DKIM_VERIFIED, NO_RELAYS, NUMERIC_HTTP_ADDR, URI_HEX autolearn=no version=3.2.5 X-Spam-Checker-Version: SpamAssassin 3.2.5 (2008-06-10) on happy-idiot-talk.infracaninophile.co.uk Cc: Steve Bertrand , FreeBSD-Questions Subject: Re: Spam sent to me from my own mail server ? X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 27 Aug 2008 17:41:34 -0000 This is an OpenPGP/MIME signed message (RFC 2440 and 3156) --------------enig2A1A8CC1416A339F749734CE Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: quoted-printable Peter Ulrich Kruppa wrote: > Steve Bertrand schrieb: >> Peter Ulrich Kruppa wrote: >>> for some time now I keep receiving spam mails from my own (small)=20 >>> mail server, some of them with faked usernames some of them even with= =20 >>> my own (ulrich@...). >> The only way to tell for certain is to review the headers of the messa= ge. > Received: from 18971066005.user.veloxzone.com.br=20 > (18971066005.user.veloxzone.com > .br [189.71.66.5] (may be forged)) > by pukruppa.net (8.14.2/8.14.2) with SMTP id m7RGmXTN038419 > for ; Wed, 27 Aug 2008 18:48:34 +0200 (CES= T) > (envelope-from ixd@pukruppa.net) It's a simple forgery by the spammer. They just claim to be sending from= =20 your domain because there are apparently people that run internet connect= ed=20 mail systems where doing that makes it easier to inject spam... Either=20 that, or the spammers figure they'll get you with the bounce-o-gramme eve= n=20 if the first delivery doesn't work. There are a number of measures you can take against such things. One thi= ng that is pretty easy to implement is to set up SPF records in the DNS. Th= is won't stop the spammers attacking you this way, but it does mean that=20 spamassassin will award them lots of spam points and probably reject the = mail. If you're using sendmail as your MTA, then look at implementing the=20 following features in your $(hostname).mc: FEATURE(greet_pause, `5000')dnl ## 5 seconds FEATURE(block_bad_helo)dnl FEATURE(badmx)dnl FEATURE(require_rdns)dnl These are pretty cheap resource wise and block many of the most egregious= =20 spammers. There's a lot more you can do than that in setting up sendmail= =20 to be spam-resistent -- much more than I can describe in an e-mail like=20 this. Cheers, Matthew --=20 Dr Matthew J Seaman MA, D.Phil. 7 Priory Courtyard Flat 3 PGP: http://www.infracaninophile.co.uk/pgpkey Ramsgate Kent, CT11 9PW --------------enig2A1A8CC1416A339F749734CE Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.9 (FreeBSD) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEAREIAAYFAki1kcQACgkQ8Mjk52CukIzmSQCdH1NxjccvmVNUwY0N0dQetUtd DKMAoI4o3OKcv8AN1DbAwqkAlwQ9ZmI+ =PNIu -----END PGP SIGNATURE----- --------------enig2A1A8CC1416A339F749734CE--