Re: Spam sent through xmission

Kezdőlap
Üzenet törlése
Válasz az üzenetre
Szerző: John Henders
Dátum:  
Címzett: Exim Mailing List
CC: pashdown, lazlo
Tárgy: Re: Spam sent through xmission
>From what I can see, they just put that address on the to: line. The
real addresses on the envelope should be in your mainlog if you search
for the message id and the => sign. I don't know how you have your
anti-relay rules set up but exim should be checking the envelope to
addresses to see if they are local before passing the mail on. As
someone pointed out to me recently you can find out a lot about how exim
processes it's filter rules by running a copy on an alternate port in
debugging mode.

The incantation I used for this is

exim -bd -C /alternate/config/file -oX testport -d99 2>&1 | tee /tmp/exim.out

This lets you watch the output and save a record if you miss something,
as d99 produces a lot of output.


On Thu, Aug 07/97, Pete Ashdown <pashdown@???> wrote:
> This is a bizarre one, more so because it shouldn't be able to happen.
>
> There are no exploders, lists, or aliases at XMission named "zack" or
> "laurel". As far as I can tell, it is addressed that way to get past our
> relay rules, which allow relaying for internal hosts and domains. How it
> gets delivered to you in the end is a mystery to me.
>
> Here's the exim logs for a couple of their spams:
>
> 1997-08-05 15:01:05 0wvqj1-0006GJ-00 <= chat-announce@??? H=prince.sonicnet.com [204.253.180.100] P=smtp S=2499 id=33E7510B.5921@??? T="7th Dose!"
> 1997-08-07 12:04:36 0wwWvK-00020U-00 <= zack@??? H=prince.sonicnet.com [204.253.180.100] P=smtp S=2117 id=33EA2A7B.56D4@??? T="LOLLAPALOOZA CYBERCAST"
>
> Anyone on the Exim list got a solution for this kind of relaying?
>
> Lazlo Nibble said once upon a time:
> >
> >Please note the headers on the article below, which imply that this message
> >got to me via an exploder set up at "zack@???". I've been
> >trying to get off these idiots' mailing list for several days now, and it's
> >*really* galling to see their junk coming through xmission!
> >
> >> From zack@???  Thu Aug  7 12:04:58 1997
> >> Received: from mail.xmission.com (mail.xmission.com [198.60.22.22]) by kitsune.swcp.com (8.8.5/1.2.3) with SMTP id MAA17371 for <lazlo@???>; Thu, 7 Aug 1997 12:04:54 -0600 (MDT)
> >> Received: from prince.sonicnet.com [204.253.180.100] 
> >>     by mail.xmission.com with smtp (Exim 1.62 #4)
> >>     id 0wwWvK-00020U-00; Thu, 7 Aug 1997 12:04:35 -0600
> >> Received: from [204.253.180.11] by prince.sonicnet.com
> >>           (Post.Office MTA v3.0 release 0122 ID# 0-34097U100L100S0)
> >>           with SMTP id AAA102; Thu, 7 Aug 1997 14:01:07 -0400
> >> Message-ID: <33EA2A7B.56D4@???>
> >> Date: Thu, 07 Aug 1997 14:05:14 -0600
> >> From: zack@??? (Zack Kurland)
> >> Reply-To: zack@???
> >> Organization: sonicnet
> >> X-Mailer: Mozilla 3.01 (Macintosh; I; PPC)
> >> MIME-Version: 1.0
> >> To: zack@???
> >> CC: laurel@???
> >> Subject: LOLLAPALOOZA CYBERCAST
> >> Content-Type: text/plain; charset=us-ascii
> >> Content-Transfer-Encoding: 7bit

> >>
> >> TOMMORROW IT'S ON
> >>
> >> Hey folks,
> >>
> >> LOLLAPALOOZA '97 will be cybercasted live this FRIDAY, AUGUST 8th from
> >> Devore, CA on SonicNet.
> >>
> >> Perry Farrell's mystic brainchild Lollapalooza is again
> >> touring this summer and featuring another round of great
> >> new artists currently burning themselves into the public
> >> consciousness. This wild collection of rap, techno and pop
> >> is sure to leave with a pleasant sense of virtual vertigo!
> >>
> >> Artists include:
> >> The Prodigy
> >> Snoop Doggy Dogg
> >> James
> >> Orbital
> >> Tricky
> >> (Please note: Not all artists have yet to confirm audio and video
> >> rights)
> >>
> >> Go to www.sonicnet.com/supercasts/ to register and to find out more on
> >> how you can experience this event!
> >>
> >> Now SonicNet can serve these banners directly to your site dynamically.
> >> This means your site will always have the best,
> >> latest and most lucrative SonicNet promotional banners automatically. To
> >> have banners served to your site in this way, simply
> >> copy and paste the following code onto the site pages where you (plan
> >> to) display banners:
> >>
> >> <a href="http://www.sonicnet.com/feature/clickcash/clickcash.cgi"> <img
> >> src="http://www.sonicnet.com/feature/clickcash/images/sonicbanners/sex3.gif"></A>
> >
> >--
> >::: Lazlo (lazlo@???; http://www.swcp.com/lazlo)
> >::: Internet Music Wantlists: http://www.swcp.com/lazlo/Wantlists
> >
>


-- 
  Artificial Intelligence stands no chance against Natural Stupidity.
            GAT d- -p+(--) c++++ l++ u++ t- m--- W--- !v
                 b+++ e* s-/+ n-(?) h++ f+g+ w+++ y*