[exim] (fwd) Re: stopping spammers from sending via your mai…

Top Page
Delete this message
Reply to this message
Author: George R Kasica
Date:  
To: exim-users
Subject: [exim] (fwd) Re: stopping spammers from sending via your mailing list
Can someone offer some insight as to why this would not function as
advertised? Or where I should start looking to troubleshoot this one?

George



>On Sun, 10 Jul 2005 08:50:42 -0400 (EDT), "William Dudley Jr." <wfd99@???> wrote:


>Not knowing anything about how you specify aliases or anything
>else about exim, I have no idea. The advice I offered is just
>standard advice given to users of sendmail and majordomo.
>
>dud
>
>> Subject: Re: stopping spammers from sending via your mailing list
>> Date: Sun, 10 Jul 2005 07:37:51 -0500
>>
>> >On Fri, 08 Jul 2005 13:53:57 -0500, you wrote:
>>
>> >Thanks for the note!
>> >
>> >Now, slight catch, I run exim here. Any thoughts on how that would
>> >function for the alias changes or should I take that up with the exim
>> >users list and the gurus there.
>> >
>> >As far as changing the outgoing aliases names, that is how this is
>> >happening I'm almost certain. I'll work on modifying them all this
>> >weekend. I don't know about the ,null though will need to look at that
>> >or do you think exim would tolerate that one??
>> >
>> >George
>> >
>> >
>> >
>> >>On Thu, 7 Jul 2005 16:37:06 -0400 (EDT), you wrote:
>> >
>> >>George,
>> >>
>> >>First it's paramount that you determine what address the spam is being
>> >>sent to. Once that is determined, you can act:
>> >>
>> >>I assume the list is closed and only list members are allowed to post
>> >>messages.
>> >>
>> >>If so, then either a) a list member is spamming the list (unlikely) or
>> >>b) there is a hole through which spammers are able to address the
>> >>list that bypasses the list membership requirement.
>> >>
>> >>The following is only useful if you run sendmail:
>> >>
>> >>I had this problem a couple of years ago, and found that the problem
>> >>was well-known: if the list is called foo, then foo-outgoing will
>> >>be mentioned in the headers of each outgoing message. This is a
>> >>mail alias on your machine that BYPASSES majordomo, so ANY mail to
>> >>it will just get sent to the list. Spammer programs on zombie
>> >>Windoze computers were harvesting the addresses from the headers
>> >>of any email stored on the luser's computer.
>> >>
>> >>The standard fixes are:
>> >>
>> >>1. change your alias for each list so that instead of:
>> >>
>> >>foo: "|/usr/local/majordomo/demime '|/usr/local/majordomo/wrapper resend -p
>> >> bulk -M 10000 -l foo -h dudley.casano.com -I foo foo-outgoing'
>> >>"
>> >>
>> >>You put
>> >>
>> >>foo: "|/usr/local/majordomo/demime '|/usr/local/majordomo/wrapper resend -p
>> >> bulk -M 10000 -l foo -h dudley.casano.com -I foo f0o-0utgoing,null'
>> >>"
>> >>
>> >>Note the addition of ",null" to the alias. This prevents sendmail
>> >>from putting the outgoing address in the headers. As an extra step,
>> >>I changed my outgoing address from foo-outgoing to f0o-0utgoing in
>> >>order to invalidate the old compromised outgoing address.
>> >>
>> >>2. Add this magic recipe to your virtusertable:
>> >>
>> >>f0o-0utgoing@???    error:nouser User unknown
>> >>owner-f0o-0utgoing@???    error:nouser User unknown

>> >>
>> >>and do whatever it is on your machine that causes virtusertable.db
>> >>to be rebuilt. ("make" on FreeBSD).
>> >>
>> >>This causes sendmail to bounce any message sent to your outgoing alias.
>> >>
>> >>I hope this helps.
>> >>
>> >>Bill Dudley
>> >>Jackson, NJ
>> >>
>> >>P.S. funny coincidence on the city name, huh?
>> >>
>>
>> Bill:
>>
>> Tried your suggestion in the part of changing the outgoing names here
>> in both the majordomo-aliases and majordomo-private-aliases files and
>> did 2 replaces, outgoing to Outgoing and digestify to Digestify and
>> got the following error on attempting to send a message. It seems that
>> it doesn't know the user.
>>
>> What am I missing? If I switch it back to what it was no problems....
>>
>> To: owner-acg-l@???
>> Subject: Mail delivery failed: returning message to sender
>> From: Mail Delivery System <Mailer-Daemon@???>
>> Date: Sun, 10 Jul 2005 07:24:27 -0500
>>
>> This message was created automatically by mail delivery software
>> (Exim).
>>
>> A message that you sent could not be delivered to one or more of its
>> recipients. This is a permanent error. The following address(es)
>> failed:
>>
>>   acg-l-Outgoing@???
>>     unknown local-part "acg-l-Outgoing" in domain "netwrx1.com"

>>
>> ------ This is a copy of the message, including all the headers.
>> ------
>>
>> Return-path: <owner-acg-l@???>
>> Received: from majordom by eagle.netwrx1.com with local (Exim 3.36 #1)
>>     id 1Drar8-0004BT-00
>>     for acg-l-Outgoing@???; Sun, 10 Jul 2005 07:24:22
>> -0500
>> Received: from mail by eagle.netwrx1.com with spam-scanned (Exim 3.36
>>   #1) id 1Draqt-0004BH-00 for acg-l@???; Sun, 10 Jul 2005
>>   07:24:16 -0500
>> Received: from [68.248.203.45] (helo=NOTEBOOK-LOCAL.netwrx1.com) by
>>   eagle.netwrx1.com with smtp (Exim 3.36 #1) id 1Draql-0004B6-00 for
>>   acg-l@???; Sun, 10 Jul 2005 07:23:59 -0500
>> From: George R. Kasica <georgek@???>
>> To: acg-l@???
>> Subject: ACG: TEST
>> Date: Sun, 10 Jul 2005 07:23:24 -0500
>> Organization: Netwrx Consulting Inc.
>> Message-ID: <lp42d1paqb2s07s1ertqorb3dili1e6ueb@???>
>> X-Mailer: Forte Agent 3.0/32.731
>> MIME-Version: 1.0
>> Content-Type: text/plain; charset=us-ascii
>> Content-Transfer-Encoding: 7bit
>> X-Scanner: exiscan *1Draql-0004B6-00*i.1LLeRY9V.* (Netwrx Consulting
>>   Inc., Jackson, WI USA)
>> X-Spam-Checker-Version: SpamAssassin 3.0.4 (2005-06-05) on
>>   eagle.netwrx1.com
>> X-Spam-Status: No, score=-5.2 required=5.0
>>   tests=ALL_TRUSTED,BAYES_00,TW_WR  autolearn=ham version=3.0.4
>> Sender: owner-acg-l@???
>> Precedence: list
>> Reply-To: acg-l@???

>>
>> !DSPAM:42d116ac944281587018259!
>>
>>