Date: Wed, 27 Aug 2008 18:41:17 +0100 From: Matthew Seaman <m.seaman@infracaninophile.co.uk> To: Peter Ulrich Kruppa <ulrich@pukruppa.net> Cc: Steve Bertrand <steve@ibctech.ca>, FreeBSD-Questions <freebsd-questions@freebsd.org> Subject: Re: Spam sent to me from my own mail server ? Message-ID: <48B591BD.2030401@infracaninophile.co.uk> In-Reply-To: <48B58DDB.2090008@pukruppa.net> References: <48B566EA.2000406@pukruppa.net> <48B57570.9040707@ibctech.ca> <48B58DDB.2090008@pukruppa.net>
index | next in thread | previous in thread | raw e-mail
[-- Attachment #1 --]
Peter Ulrich Kruppa wrote:
> Steve Bertrand schrieb:
>> Peter Ulrich Kruppa wrote:
>>> for some time now I keep receiving spam mails from my own (small)
>>> mail server, some of them with faked usernames some of them even with
>>> my own (ulrich@...).
>> The only way to tell for certain is to review the headers of the message.
> Received: from 18971066005.user.veloxzone.com.br
> (18971066005.user.veloxzone.com
> .br [189.71.66.5] (may be forged))
> by pukruppa.net (8.14.2/8.14.2) with SMTP id m7RGmXTN038419
> for <ulrich@pukruppa.net>; Wed, 27 Aug 2008 18:48:34 +0200 (CEST)
> (envelope-from ixd@pukruppa.net)
It's a simple forgery by the spammer. They just claim to be sending from
your domain because there are apparently people that run internet connected
mail systems where doing that makes it easier to inject spam... Either
that, or the spammers figure they'll get you with the bounce-o-gramme even
if the first delivery doesn't work.
There are a number of measures you can take against such things. One thing
that is pretty easy to implement is to set up SPF records in the DNS. This
won't stop the spammers attacking you this way, but it does mean that
spamassassin will award them lots of spam points and probably reject the
mail.
If you're using sendmail as your MTA, then look at implementing the
following features in your $(hostname).mc:
FEATURE(greet_pause, `5000')dnl ## 5 seconds
FEATURE(block_bad_helo)dnl
FEATURE(badmx)dnl
FEATURE(require_rdns)dnl
These are pretty cheap resource wise and block many of the most egregious
spammers. There's a lot more you can do than that in setting up sendmail
to be spam-resistent -- much more than I can describe in an e-mail like
this.
Cheers,
Matthew
--
Dr Matthew J Seaman MA, D.Phil. 7 Priory Courtyard
Flat 3
PGP: http://www.infracaninophile.co.uk/pgpkey Ramsgate
Kent, CT11 9PW
[-- Attachment #2 --]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.9 (FreeBSD)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iEYEAREIAAYFAki1kcQACgkQ8Mjk52CukIzmSQCdH1NxjccvmVNUwY0N0dQetUtd
DKMAoI4o3OKcv8AN1DbAwqkAlwQ9ZmI+
=PNIu
-----END PGP SIGNATURE-----
help
Want to link to this message? Use this
URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?48B591BD.2030401>