[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

RE: Spammers using a non-existant address as return-path

ive had a few cases of this myself, an irrate admin somewhere else whining
its my fault ad i have , yet the relay test via telent shows all OK. I
wonder if they firge known addresses on purpsoe to seed discontent.

I dont want to teach you to suck eggs, but I would suggest this test is run
as an independant way to verify your safe. I always run it after a sendmail
change, as i pay for volume personally and at 2 gig + a day a spam hit would
do to me would break me finiancially.

I have found Debian always passes by default, but sleeping at night is good.



-----Original Message-----
From: Kjetil Kjernsmo [mailto:kjetil@kjernsmo.net]
Sent: Tuesday, 26 November 2002 10:39 
To: debian-security@lists.debian.org
Subject: Spammers using a non-existant address as return-path

Dear all,

I have just received a spam complaint, and unfortunately, some spammers 
have been using an address on one of my domains in their Return-Path 
and From-headers. How nice of them :-( . This address has never 
existed. I'm using the Exim packages from Woody. 

For quite some time, I have seen it show up in my server logs, I'm 
rotating them too often, I guess, and I don't remember exactly what I 
have seen long ago, but recently I have seen things like:
2002-11-15 01:48:08 verify failed for SMTP recipient 
denis6012563@skepsis.no from <> H=mta458.mail.yahoo.com 

I allow VRFY, and most of these come from yahoo.com or hotmail.com, I 
guess that has to do with spam filters they use. This address is 
probably getting a lot of bounces, which is then bounced off my server, 
and I don't want to waste my resources with accepting those, all in all 
I want to conserve as much as I can.

But, is there something I _should_ do in this situation, like including 
some text in the bounce saying that this address has never existed, and 
is being abused by spammers? If yes, _how_ should I do it?

I hope this is the right forum to ask... 


Kjetil Kjernsmo
Astrophysicist/IT Consultant/Skeptic/Ski-orienteer/Orienteer/Mountaineer
kjetil@kjernsmo.net  webmaster@skepsis.no  editor@learn-orienteering.org
Homepage: http://www.kjetil.kjernsmo.net/

To UNSUBSCRIBE, email to debian-security-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact

Reply to: