Re: [exim] Seeking advice how to deal with spam faked to app…

Startseite
Nachricht löschen
Nachricht beantworten
Autor: Exim User
Datum:  
To: Exim User's Mailing List
Betreff: Re: [exim] Seeking advice how to deal with spam faked to appear as coming from my domain
Just the same here and a lot of them.
My special problem: The faked addresses are non existant, and I get the
following frozen messages from my own mailer-daemon for every single bounce:

>Message IPU3LU-00078D-LK has been frozen (delivery error message).
>The sender is <>.


>The following address(es) have yet to be delivered:
>ittay@??? <ittay@???>: User unknown

where "ittay@???" was the fake address used by the spammer.

My ACL already uses
require verify = header_syntax
!verify = header_sender

so how can this happen?

Thanks for help
Sebastian




Am 13.11.2005 22:27 Uhr schrieb "Aaron Stromas" unter <ams@???>:

> Greetings,
>
> Some S.O.B. is sending spam faking the sender to be from my domain,
> izoard.com, so the postmaster get all that mail bounced by spam filters
> (see below). Is there anything I can do about it?
>
> A related question, given the IP address od the sender, which does not
> the purported sender's DNS, I'd expect the filter to be a little smarter
> in bouncing spam, realising that the sender's email domain id faked. Or
> am I missing something?
>
>
> Regards,
>
> -a
>
>
> From  Thu Jan  1 00:00:01 1970
> Received: from ns1.netwain.com ([202.134.99.162])
>         by localhost.localdomain with esmtp (Exim 4.50)
>         id 1EbPGB-0000pf-0e
>         for Charlotte.Elmore@???; Sun, 13 Nov 2005 16:19:35 -0500
> X-TeaTime-Auth-LOCAL: LOCAL
> Received: from localhost (localhost.netwain.com [127.0.0.1])
>         by ns1.netwain.com (Postfix) with ESMTP id C480E44C4D
>         for <Charlotte.Elmore@???>; Mon, 14 Nov 2005 04:18:33
> +0800 (HKT)
> MIME-Version: 1.0
> In-Reply-To: <534w233c.3439002@???>
> Message-Id: <SS01099-03-2@???>
> Content-Type: multipart/report; report-type=delivery-status;
>  boundary="----------=_1131913113-1099-3"
> From: "Content-filter at ns1.netwain.com" <postmaster@???>
> To: <Charlotte.Elmore@???>
> Date: Mon, 14 Nov 2005 04:18:33 +0800 (HKT)
> X-SA-Exim-Connect-IP: 202.134.99.162
> X-SA-Exim-Mail-From:
> Subject: Considered UNSOLICITED BULK EMAIL from you
> X-Spam-Checker-Version: SpamAssassin 3.0.3 (2005-04-27) on gavia
> X-Spam-Level:
> X-Spam-Status: No, score=0.0 required=5.0 tests=none autolearn=ham
>         version=3.0.3
> X-SA-Exim-Version: 4.2 (built Thu, 03 Mar 2005 10:44:12 +0100)
> X-SA-Exim-Scanned: Yes (on localhost.localdomain)

>
> This is a multi-part message in MIME format...
>
> ------------=_1131913113-1099-3
> Content-Type: text/plain; charset="iso-8859-1"
> Content-Disposition: inline
> Content-Transfer-Encoding: 7bit
>
> Your message to:
> -> christine@???
>
> was considered unsolicited bulk e-mail (UBE).
> Subject: live life like a millionaire
> Return-Path: <Charlotte.Elmore@???>
> Our internal reference code for your message is 01099-03-2.
>
> Delivery of the email was stopped!
>
> ------------=_1131913113-1099-3
> ------------=_1131913113-1099-3
> Content-Type: message/delivery-status
> Content-Disposition: inline
> Content-Transfer-Encoding: 7bit
> Content-Description: Delivery error report
>
> Reporting-MTA: dns; ns1.netwain.com
> Received-From-MTA: smtp; ns1.netwain.com ([127.0.0.1])
> Arrival-Date: Mon, 14 Nov 2005 04:18:22 +0800 (HKT)
>
> Final-Recipient: rfc822; christine@???
> Action: failed
> Status: 5.7.1
> Diagnostic-Code: smtp; 550 5.7.1 Message content rejected, UBE,
> id=01099-03-2
> Last-Attempt-Date: Mon, 14 Nov 2005 04:18:33 +0800 (HKT)
>
> ------------=_1131913113-1099-3
> Content-Type: text/rfc822-headers
> Content-Disposition: inline
> Content-Transfer-Encoding: 7bit
> Content-Description: Undelivered-message headers
>
> X-TeaTime-Auth-LOCAL: LOCAL
> X-TeaTime-Auth-SASL: SASL
> X-TeaTime-Auth-NONE: NONE
> Received: from static-67-62-164-92.dsl.cavtel.net
> (static-67-62-164-92.dsl.cavtel.net [67.62.164.92])
>         by ns1.netwain.com (Postfix) with SMTP id 6175744C6C
>         for <christine@???>; Mon, 14 Nov 2005 04:18:15 +0800 (HKT)
> Received: by 192.168.0.8 with HTTP; Sun, 13 Nov 2005 12:18:16 -0800
> Message-ID: <534w233c.3439002@???>
> Date: Sun, 13 Nov 2005 12:18:16 -0800
> From: "marne Henson" <Charlotte.Elmore@???>
> User-Agent: Apple Mail (2.728)
> X-PGP-Key:
> gORkbfmcs286hzktQz23QLEmsgdkxDKySQ6rrCaK8VgNBXSxC6fNLD8bD6GE0Tjz==
> MIME-Version: 1.0
> To: christine@???
> Subject: live life like a millionaire
> Content-Type: multipart/related;
>  boundary="------------AttPart_29983722==.OLA"

>
> ------------=_1131913113-1099-3--