Nicolas Michel put forth on 8/9/2010 9:29 AM:
> For example : a host with IP WWW.XXX.YYY.ZZZ try so send a mail to my
> domain (we'll call it mydomain.be) and claims that the sender is
> u...@otherdomain.com
Example of forging, typical of spammers:
Return-Path: <coltenarmi...@yahoo.dk>
X-Original-To: XXXXXXXX
Delivered-To: XXXXXXXX
Received: from [59.95.115.27] (unknown [59.95.115.27])
by XXXXXXXX (Postfix) with ESMTP id A1ABC6C35B
for <XXXXXXXX>; Mon, 9 Aug 2010 07:52:49 -0500 (CDT)
Received: from [59.95.115.27] by mx1.mail.eu.yahoo.com; Mon, 9 Aug 2010
18:22:49 +0530
From: "DUSTY MORRISON" <dustymorri...@yahoo.dk>
Note that both the display name and return path are different addresses, but
both claim to be from Yahoo Germany infrastructure. Note that the sending MTA
is within the network of BSNL Internet in New Delhi India.
This is probably very similar to what you're seeing, and what we're all
seeing. 99%+ of all spam is forged, sometimes, as in this case, at multiple
levels. This spammer even went as far as inserting a fake transaction in the
header to make it look like the email went through yahoo.dk servers at one
point, when in fact it did not.
Unfortunately the SMTP protocol does not really allow us to discern forged
email. If it did, spam would never have become the scourge of the internet
that it has.
There is no magic bullet to kill spam. It would probably be beneficial if you
shared your main.cf of 'postconf -n' output with us. We can then suggest
additional configuration settings that will help reject spam.
Do you use Spamassassin or another email content filter?
--
Stan
