No,no, you didn't get spammed.
Just that I've not figured out how to deal with this
type.
Suppose that you are a adscammer -- someone who is making
a living by exploding email. You get a client, *he*
has a virtual domain, in this case buffalojerky.com.
He sends mail to you, and for a pre-arranged fee
he sends it to a zillion addresses.
Now on receipt, I add *.buffalojerky.com to my spam list
BUT this may well have been a one shot affair. What I really
want to do is figure out a way to spot when more than one spammer
has come through the relay point, (repulse.concentric.net) and
and then block mail from that relay.
1. How do I block a relay, instead of a sender?
Sender_*_*_relay allows me to control what hosts use
me as a relay.
I think we may need an option such as
relay_direct_accept_from
relay_direct_reject_from
relay_accept_from
relay_reject_from
The first two control which hosts we accept a direct
relay. That is, regardless of who the message is from,
we won't accept a message connecting from the relay box.
The second form is stronger. In it's case, we won't accept
a message that has passed through the relay box.
Current common situation:
Spam -> Me
I add Spam to my sender_host_reject. No problem.
The message that prompted me:
Spam -> Relay -> Me
I can add Spam to sender_host_reject, but I'm still vulnerable to
Relay's next sale to Spam2.
But if I add Relay to relay_direct_reject_from, then
all of Relay's crap will be filtered out. Normally I'd
do this only after getting several spams passed through Relay.
Now a truly enterprising adspammer would do this:
Spam -> Relay -> RelayVictim -> Me
(This happened to me. One of my boxes was relaying porn mail for a site
in the Netherlands.)
In this case I want to add Relay to relay_reject_from
meaning that no matter how it got here, I won't accept any mail
that has been through this box.
I make a distinction because the direct form can be blocked at
an earlier stage. The more general form requires accepting all
the data first.
Thoughts?
I've included the headers from the message for your amusement.
A -> B -> C -> Me
sender*relay allows me to add A to my list, and never see him again.
Sherwood Botsford | email avatar@???
Sorcerers Apprentice | Office CAB 642B
System Administrator | Tel: 403 492 5728
Trouble shooter | Fax: 403 492 6826
Log entry:
1998-01-23 12:49:33 0xvp6a-0007TX-00 <= marketing@???
H=(repulse.concentric.net) [207.155.248.4]
P=esmtp S=1401 id=199801231936.OAA01832@???
---------- Forwarded message ----------
Received: from (repulse.concentric.net) [207.155.248.4]
by vega.math.ualberta.ca with esmtp (Exim 1.82 #3)
id 0xvp6a-0007TX-00 ; Fri, 23 Jan 1998 12:49:32 -0700
Received: from buffalojerky.com (ts027d42.lax-ca.concentric.net [206.173.248.102])
by repulse.concentric.net (8.8.5/)
id OAA01832; Fri, 23 Jan 1998 14:36:21 -0500 (EST)
[ConcentricHost SMTP Relay]
Date: Fri, 23 Jan 1998 14:36:21 -0500 (EST)
From: marketing@???
Message-ID: <199801231936.OAA01832@???>
Errors-To: <marketing@???>
To: marketing@???
Subject: Buffalo Jerky
EXPERIENCE THE FLAVOR OF THE OLD WEST!
[munch]
--
*** Exim information can be found at
http://www.exim.org/ ***
