Re: Spammers using a non-existant address as return-path

To: debian-security@lists.debian.org
Subject: Re: Spammers using a non-existant address as return-path
From: Patrick Maheral <pmaheral@AAI.ca>
Date: Mon, 25 Nov 2002 18:08:34 -0500
Message-id: <[🔎] 20021125230834.GA14286@AAI.ca>
In-reply-to: <[🔎] 200211252238.10554.kjetil@kjernsmo.net>
References: <[🔎] 200211252238.10554.kjetil@kjernsmo.net>

We have the same problem here.  Someone has been using our domain name
in their headers since January.  At times, we were getting a few
thousand bounces from mail to over-quota or non-existant accounts.

I added the following line to my exim.conf

  receiver_try_verify = true

This results in an immediate error result to the RCPT command if the
user is unknown.  I run a script to grep for these errors in the log
file just after they are rotated so I know how many of these messages
were rejected in the last 24 hours.  Currently, there are up to 100
messages a day that get rejected this way.

Once in a while, I accept the messages and comb through them to find
valid headers, but there is a startling number of USELESS error messages
(ie. only From, To, Date, and Subject of bounced message).

Patrick.

On Mon, Nov 25, 2002 at 10:38:10PM +0100, Kjetil Kjernsmo wrote:
> I have just received a spam complaint, and unfortunately, some spammers 
> have been using an address on one of my domains in their Return-Path 
> and From-headers. How nice of them :-( . This address has never 
> existed. I'm using the Exim packages from Woody. 
[...]
> Kjetil

Reply to:

References:
- Spammers using a non-existant address as return-path
  - From: Kjetil Kjernsmo <kjetil@kjernsmo.net>

Prev by Date: Re: Spammers using a non-existant address as return-path
Next by Date: Re: [SECURITY] [DSA-200-1] Samba buffer overflow
Previous by thread: Re: Spammers using a non-existant address as return-path
Next by thread: RE: Spammers using a non-existant address as return-path
Index(es):
- Date
- Thread