RE: [Exim] Relay Attack help

Pàgina inicial
Delete this message
Reply to this message
Autor: Simon Beale
Data:  
A: 'exim-users@exim.org'
Assumpte: RE: [Exim] Relay Attack help
> The symptoms we are getting is just bounced mails from addresses
> that dont exist. The bounce comes to us because it has a From and
> Reply-to header of
> xyz123@??? (or any such similar garbage local part).
>
> --------------------------------------------------------------
> Return-Path: Qm39j9RsR@???
> From: Qm39j9RsR@???

...
> Received: from Uo5P9K8w0 (ppp-45.tnt-2.hou.smartworld.net
> [64.38.20.205])
>         by mk.intermik.tpnet.pl (8.9.3/8.8.7) with SMTP id WAA13423;
>         Wed, 19 Apr 2000 22:55:46 +0200

...
> SUBJECT: COMPLETE ONLINE BUSINESS!!!
> --------------------------------------------------------------
> -------------------------
> I have a suspicion that the spammer is just faking the
> Reply-to and From
> headers. Is this right? And if so how do we stop this?


I've just had exactly the same problem with one of my domains, and from the
information you've provided, random email recipient names, subject and
original received lines, I would guess it's exactly the same person at
fault. But yes, you're right, it's a faked from line, and I couldn't see
anyway of stopping this at my end.

About the only thing to do is send copies of the emails to
abuse@??? (the original sending ISP) and they'll send back an
email saying they've deleted the account of the relevant person... and a few
days later you'll get more bounced messages from the same source (bitter?
cynical? nah).

Simon