RE: Spammers using a non-existant address as return-path

To: "'Kjetil Kjernsmo'" <kjetil@kjernsmo.net>, debian-security@lists.debian.org
Subject: RE: Spammers using a non-existant address as return-path
From: "Jones, Steven" <sjones08@eds.com>
Date: Tue, 26 Nov 2002 11:05:52 +1300
Message-id: <[🔎] 3CE8E66CCD5A9E44A31436D8774C89E90AA563@nzlsm201>

ive had a few cases of this myself, an irrate admin somewhere else whining
its my fault ad i have , yet the relay test via telent shows all OK. I
wonder if they firge known addresses on purpsoe to seed discontent.

I dont want to teach you to suck eggs, but I would suggest this test is run
as an independant way to verify your safe. I always run it after a sendmail
change, as i pay for volume personally and at 2 gig + a day a spam hit would
do to me would break me finiancially.

I have found Debian always passes by default, but sleeping at night is good.

regards

Thing



-----Original Message-----
From: Kjetil Kjernsmo [mailto:kjetil@kjernsmo.net]
Sent: Tuesday, 26 November 2002 10:39 
To: debian-security@lists.debian.org
Subject: Spammers using a non-existant address as return-path


Dear all,

I have just received a spam complaint, and unfortunately, some spammers 
have been using an address on one of my domains in their Return-Path 
and From-headers. How nice of them :-( . This address has never 
existed. I'm using the Exim packages from Woody. 

For quite some time, I have seen it show up in my server logs, I'm 
rotating them too often, I guess, and I don't remember exactly what I 
have seen long ago, but recently I have seen things like:
2002-11-15 01:48:08 verify failed for SMTP recipient 
denis6012563@skepsis.no from <> H=mta458.mail.yahoo.com 
[216.136.130.123]

I allow VRFY, and most of these come from yahoo.com or hotmail.com, I 
guess that has to do with spam filters they use. This address is 
probably getting a lot of bounces, which is then bounced off my server, 
and I don't want to waste my resources with accepting those, all in all 
I want to conserve as much as I can.

But, is there something I _should_ do in this situation, like including 
some text in the bounce saying that this address has never existed, and 
is being abused by spammers? If yes, _how_ should I do it?

I hope this is the right forum to ask... 

Cheers,

Kjetil
-- 
Kjetil Kjernsmo
Astrophysicist/IT Consultant/Skeptic/Ski-orienteer/Orienteer/Mountaineer
kjetil@kjernsmo.net  webmaster@skepsis.no  editor@learn-orienteering.org
Homepage: http://www.kjetil.kjernsmo.net/


-- 
To UNSUBSCRIBE, email to debian-security-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact
listmaster@lists.debian.org

Reply to:

Follow-Ups:
- Re: Spammers using a non-existant address as return-path
  - From: Kjetil Kjernsmo <kjetil@kjernsmo.net>

Prev by Date: Re: Spammers using a non-existant address as return-path
Next by Date: Re: Spammers using a non-existant address as return-path
Previous by thread: RE: Spammers using a non-existant address as return-path
Next by thread: Re: Spammers using a non-existant address as return-path
Index(es):
- Date
- Thread