Peter Ulrich Kruppa wrote:
Steve Bertrand schrieb:Peter Ulrich Kruppa wrote:
for some time now I keep receiving spam mails from my own (small) mail server, some of them with faked usernames some of them even with my own ([EMAIL PROTECTED]).
The only way to tell for certain is to review the headers of the message.
Received: from 18971066005.user.veloxzone.com.br
(18971066005.user.veloxzone.com
.br [189.71.66.5] (may be forged))
by pukruppa.net (8.14.2/8.14.2) with SMTP id m7RGmXTN038419
for <[EMAIL PROTECTED]>; Wed, 27 Aug 2008 18:48:34 +0200 (CEST)
(envelope-from [EMAIL PROTECTED])
It's a simple forgery by the spammer. They just claim to be sending from your domain because there are apparently people that run internet connected mail systems where doing that makes it easier to inject spam... Either that, or the spammers figure they'll get you with the bounce-o-gramme even if the first delivery doesn't work.
There are a number of measures you can take against such things. One thing that is pretty easy to implement is to set up SPF records in the DNS. Thiswon't stop the spammers attacking you this way, but it does mean that spamassassin will award them lots of spam points and probably reject the mail.
If you're using sendmail as your MTA, then look at implementing the following features in your $(hostname).mc:
FEATURE(greet_pause, `5000')dnl ## 5 seconds FEATURE(block_bad_helo)dnl FEATURE(badmx)dnl FEATURE(require_rdns)dnlThese are pretty cheap resource wise and block many of the most egregious spammers. There's a lot more you can do than that in setting up sendmail to be spam-resistent -- much more than I can describe in an e-mail like this.
Cheers,
Matthew
--
Dr Matthew J Seaman MA, D.Phil. 7 Priory Courtyard
Flat 3
PGP: http://www.infracaninophile.co.uk/pgpkey Ramsgate
Kent, CT11 9PW
signature.asc
Description: OpenPGP digital signature
