Re: Spam sent to me from my own mail server ?

---

• From: Matthew Seaman <m.seaman@xxxxxxxxxxxxxxxxxxxxxx>
• Date: Wed, 27 Aug 2008 18:41:17 +0100

---

Peter Ulrich Kruppa wrote:

Steve Bertrand schrieb:

Peter Ulrich Kruppa wrote:

for some time now I keep receiving spam mails from my own (small) mail server, some of them with faked usernames some of them even with my own (ulrich@...).

The only way to tell for certain is to review the headers of the message.

Received: from 18971066005.user.veloxzone.com.br (18971066005.user.veloxzone.com
.br [189.71.66.5] (may be forged))
by pukruppa.net (8.14.2/8.14.2) with SMTP id m7RGmXTN038419
for <ulrich@xxxxxxxxxxxx>; Wed, 27 Aug 2008 18:48:34 +0200 (CEST)
(envelope-from ixd@xxxxxxxxxxxx)

It's a simple forgery by the spammer. They just claim to be sending from your domain because there are apparently people that run internet connected mail systems where doing that makes it easier to inject spam... Either that, or the spammers figure they'll get you with the bounce-o-gramme even if the first delivery doesn't work.

There are a number of measures you can take against such things. One thing
that is pretty easy to implement is to set up SPF records in the DNS. This
won't stop the spammers attacking you this way, but it does mean that spamassassin will award them lots of spam points and probably reject the mail.

If you're using sendmail as your MTA, then look at implementing the following features in your $(hostname).mc:

FEATURE(greet_pause, `5000')dnl ## 5 seconds
FEATURE(block_bad_helo)dnl
FEATURE(badmx)dnl
FEATURE(require_rdns)dnl

These are pretty cheap resource wise and block many of the most egregious spammers. There's a lot more you can do than that in setting up sendmail to be spam-resistent -- much more than I can describe in an e-mail like this.

Cheers,

Matthew

--
Dr Matthew J Seaman MA, D.Phil. 7 Priory Courtyard
Flat 3
PGP: http://www.infracaninophile.co.uk/pgpkey Ramsgate
Kent, CT11 9PW

Attachment: signature.asc
Description: OpenPGP digital signature

---

• References:
  • Spam sent to me from my own mail server ?
    • From: Peter Ulrich Kruppa
  • Re: Spam sent to me from my own mail server ?
    • From: Steve Bertrand
  • Re: Spam sent to me from my own mail server ?
    • From: Peter Ulrich Kruppa

• Prev by Date: Re: Spam sent to me from my own mail server ?
• Next by Date: RPC: Authentication error
• Previous by thread: Re: Spam sent to me from my own mail server ?
• Next by thread: Re: Spam sent to me from my own mail server ?
• Index(es):
  • Date
  • Thread

---

Relevant Pages Re: increase in spam and what to do about it ... because your potential customer is using an ISP that happens to get ... As fast as you can come up with a trechnical solution the spammers will ... doesn't stop spam but is very likely to make the innocent pay for it. ... organization, ie. ISP - include hefty fines in your customer contract, ... (comp.os.vms) Ethics of Deterrence ... against spammers' sites. ... community really was involved in a DDoS. ... complain about spam you receive. ... just complain about spam messages reaching us. ... (comp.dcom.telecom) Re: increase in spam and what to do about it ... RBL at a different place. ... but I can assure you there is no way for spammers ... doesn't stop spam but is very likely to make the innocent pay for it. ... You put serious penalties in the contract. ... (comp.os.vms) Re: Why not virus/worm blocklist? ... to do with the connection between virus writers and spammers. ... spam until they were thrown off the site. ... Turning now to virus and worm writers. ... The method of distribution is now thousands of Windows computers, ... (comp.os.linux.security) Re: Why not virus/worm blocklist? ... to do with the connection between virus writers and spammers. ... spam until they were thrown off the site. ... Turning now to virus and worm writers. ... The method of distribution is now thousands of Windows computers, ... (comp.os.linux.networking)

---

We are proud to have Web Hosting and Rack Housing from 9 Net Avenue Deutschland.
(14)