Date: Thu, 28 Aug 2008 06:32:30 +0200 From: Peter Ulrich Kruppa <ulrich@pukruppa.net> To: FreeBSD-Questions <freebsd-questions@freebsd.org>, Matthew Seaman <m.seaman@infracaninophile.co.uk> Subject: Re: Spam sent to me from my own mail server ? Message-ID: <48B62A5E.9050007@pukruppa.net>
next in thread | raw e-mail | index | archive | help
Sorry, I forgot to post to the list!
------------------------------------
Matthew Seaman schrieb:
> Peter Ulrich Kruppa wrote:
>> Steve Bertrand schrieb:
>>> Peter Ulrich Kruppa wrote:
>
>>>> for some time now I keep receiving spam mails from my
>>>> own (small) mail server, some of them with faked
>>>> usernames some of them even with my own (ulrich@...).
>
>>> The only way to tell for certain is to review the headers
>>> of the message.
>
>> Received: from 18971066005.user.veloxzone.com.br
(18971066005.user.veloxzone.com .br [189.71.66.5] (may be
>> forged)) by pukruppa.net (8.14.2/8.14.2) with SMTP id
>> m7RGmXTN038419 for <ulrich@pukruppa.net>; Wed, 27 Aug 2008
>> 18:48:34 +0200 (CEST) (envelope-from ixd@pukruppa.net)
>
> It's a simple forgery by the spammer. They just claim to be
> sending from your domain because there are apparently people
> that run internet connected mail systems where doing that
> makes it easier to inject spam... Either that, or the spammers
> figure they'll get you with the bounce-o-gramme even if the
> first delivery doesn't work.
>
> There are a number of measures you can take against such
> things. One thing that is pretty easy to implement is to set
> up SPF records in the DNS. This won't stop the spammers
> attacking you this way, but it does mean that spamassassin
> will award them lots of spam points and probably reject the mail.
>
> If you're using sendmail as your MTA, then look at
> implementing the following features in your $(hostname).mc:
Would that mean a file called
/etc/mail/pukruppa.net.mc
in my case? Since I get
# hostname
pukruppa.net
or do I leave away the .net ?
Thanks,
Uli.
>
> FEATURE(greet_pause, `5000')dnl ## 5 seconds
FEATURE(block_bad_helo)dnl FEATURE(badmx)dnl FEATURE(require_rdns)dnl
>
> These are pretty cheap resource wise and block many of the
> most egregious spammers. There's a lot more you can do than
> that in setting up sendmail to be spam-resistent -- much more
> than I can describe in an e-mail like this.
>
> Cheers,
>
> Matthew
>
--
Peter Ulrich Kruppa
Wuppertal
Germany
--
Peter Ulrich Kruppa
Wuppertal
Germany
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?48B62A5E.9050007>