[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: More on spam



On 20 Oct 2003, Alan Chandler wrote:
> On Monday 20 October 2003 09:02, Anthony Campbell wrote:
> 
> > I've realized recently that I'm inadvertently sending out lots of spam.
> > I'd obviously wish to prevent this but how? I've been to the site you
> > recommend but I find the information there too complex for me to be sure
> > how to do it; it seems to be aimed at sysadmins of large sites and is
> > well above the head of a single user like me. I downloaded a small perl
> > script (Mail-SPF-Query-1.6) but I'm not clear how to use it. A simple
> > guide for the uninitiated would be useful.
> 
> Needs some more details, like why do you think you are sending out spam, what
> is your mail server (MTA) thats doing it?
> 
> If you have a badly configured MTA, it can act as a mail relay for others
> (normally a mail server has mail coming in to deliver to local users -
> possibly on a local lan, or mail going out from local users to the outside
> world - what you want to prevent is mail coming and and being send out
> again).  Most have simple ways of doing that.
> 
> 

I'm using exim4 now, having just changed from exim3, but it happens with
both of them. I hadn't changed any settings in ages so it can hardly be
the configuration. I'm not on a network; just a single user with a
dialup connection. I use spamprobe as a filter.

The problem has appeared in the last few weeks, since when I've been
seeing an increasing number of messages to say that outgoing mail has
not been delivered (see below for some examples). None of these are
messages I have sent myself (obviously). The failures are only a small
subset of the emails that are being sent, presumably "successfully",
because when I ran mailq this morning there were 20 or 30 spam messages
waiting to go (I deleted them manually, of course). I looked at these
before deleting them; they were a very mixed bunch indeed, so it can
hardly be just one spammer.

Some sample message failures:

-------------------------------------

Date: 20 Oct 2003 09:20:15 -0000
From: MAILER-DAEMON@bud.indirect.com
Subject: failure notice
To: ac@acampbell.org.uk

Hi. This is the qmail-send program at bud.indirect.com.
I'm afraid I wasn't able to deliver your message to the following addresses.
This is a permanent error; I've given up. Sorry it didn't work out.

<ailer-daemon@indirect.com>:
Sorry, no mailbox here by that name. (#5.1.1)

--- Below this line is a copy of the message.

Return-Path: <ac@acampbell.org.uk>
Received: (qmail 95450 invoked from network); 20 Oct 2003 09:20:15 -0000
Received: from unknown (HELO 58.221.33.65.cfl.rr.com) (65.33.221.58)
  by 0 with SMTP; 20 Oct 2003 09:20:15 -0000
Received: from [246.152.52.238] by 58.221.33.65.cfl.rr.com with ESMTP id DF1E37F7CF8; Mon, 20 Oct 2003 09:08:26 -0100
Message-ID: <68bkz-6$51bb-g073-1x@jjv7.z.8eajdj>
From: "Lilia Downs" <ac@acampbell.org.uk>
Reply-To: "Lilia Downs" <ac@acampbell.org.uk>
To: <ailer-daemon@indirect.com>
Subject: Make your Penis Huge ccht acndym
Date: Mon, 20 Oct 03 09:08:26 GMT
X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2910.0)
MIME-Version: 1.0
Content-Type: multipart/alternative;
	boundary="E_AB_52_AC5F."
X-Priority: 3
X-MSMail-Priority: Normal

[text snipped]
------------------------------------------

Date: Mon, 20 Oct 2003 12:04:45 +0200 (CEST)
From: Mail Delivery Subsystem <MAILER-DAEMON@mx02.komtel.net>
Subject: Returned mail: User unknown
To: ac@acampbell.org.uk

The original message was received at Mon, 20 Oct 2003 12:04:40 +0200 (CEST)
from sif.komtel.net [212.7.128.165]

   ----- The following addresses had permanent delivery errors -----
<alf-ritter@foni.net>
------------------------------------------------

Date: Mon, 20 Oct 2003 03:52:07 -0700
From: Mail Delivery System <Mailer-Daemon@callisto.ultraservers.net>
Subject: Mail delivery failed: returning message to sender
To: ac@acampbell.org.uk

This message was created automatically by mail delivery software.

A message that you sent could not be delivered to one or more of its
recipients. This is a permanent error. The following address(es) failed:

  feedback@bestads.com
    

------ This is a copy of the message, including all the headers. ------

Return-path: <ac@acampbell.org.uk>
Received: from [64.144.103.50] (helo=216.218.233.200)
	by callisto.ultraservers.net with smtp (Exim 4.24)
	id 1ABXdu-000132-OA
	for feedback@bestads.com; Mon, 20 Oct 2003 03:52:07 -0700
Received: from [95.231.67.32] by 216.218.233.200 with SMTP for <feedback@bestads.com>; Mon, 20 Oct 2003 04:46:06 -0700
Message-ID: <er4o-76rh$kg3f99w@12mj0>
From: "Etta Good" <ac@acampbell.org.uk>
Reply-To: "Etta Good" <ac@acampbell.org.uk>
To: <feedback@bestads.com>
Subject: hi james how are you doing
Date: Mon, 20 Oct 03 04:46:06 GMT
X-Mailer: The Bat! (v1.52f) Business
MIME-Version: 1.0
Content-Type: multipart/alternative;
	boundary="E__181FF5.D6A_ABE_1E.B"
X-Priority: 1
X-MSMail-Priority: High


---------------------------------------------------


Anthony

-- 
ac@acampbell.org.uk    ||  http://www.acampbell.org.uk
using Linux GNU/Debian ||  for book reviews, electronic 
Windows-free zone      ||  books and skeptical articles



Reply to: