Re: [exim] Mail claims to be sent by my self

Top Page
Delete this message
Reply to this message
Author: Richard Pitt
Date:  
To: Terry
CC: exim-users
Subject: Re: [exim] Mail claims to be sent by my self
Congratulations - you are the victim of a "joe job" where the spammers
use your address as the "sending" and "reply to" address.

I have one such address that gets between 15,000 and 25,000 "replies"
per day and has for over 2 years that I can track. (klbypcu@???
which has never been used by the owner of that domain)

In severe cases (such as the above) only a change in your address will
stop the flood. Most however will tail off after a few days or weeks. My
own address has suffered a couple of times but seems to be fine at this
time.

For the above joe job I have a special error message crafted to send to
reply hosts after the envelope but before the body. Most severe case
I've ever run across - anyone able to top it?

richard

On Sun, 2008-12-21 at 17:45 +0000, Terry wrote:
> Hi over the last 2 weeks I am suddenly getting a lot of spam that claims
> I sent it which of course i didnt.
> What sort of acl could I use to catch it ?
>
> Here is what shows in my logs
>
> ---------
> 2008-12-21 17:39:36 1LESH5-0009Zl-3u <= terry@???
> H=host81-153-121-27.range81-153.btcentralplus.com [81.153.121.27]:2656
> I=[217.112.92.232]:25 P=smtp S=3067 T="Your sales agent for consumer
> healthcare products" from <terry@???> for terry@???
> 2008-12-21 17:39:38 1LESH5-0009Zl-3u => terry@???
> <terry@???> F=<terry@???> P=<terry@???>
> R=dnslookup T=remote_smtp S=3128 H=mail.bluelight.org.uk
> [80.229.144.50]:25 C="250 OK id=1LESHQ-00019y-Si" QT=7s DT=1s
> 2008-12-21 17:39:38 1LESH5-0009Zl-3u Completed QT=7s
>
> Thanks
>

-- 
Richard C. Pitt                 Pacific Data Capture
rcpitt@???               604-644-9265
http://blog.pacdat.net       www.pacdat.net
PGP Fingerprint: FCEF 167D 151B 64C4 3333  57F0 4F18 AF98 9F59 DD73