You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@spamassassin.apache.org by Michelle Konzack <li...@tamay-dogan.net> on 2008/12/29 13:26:25 UTC
From: and To: Spamers
Hello *,
since arrount 5 days I am hit by several 10.000 very small (~2 kByte)
messages which use my email addresse in "From:" and "To:"...
Does anyone know, how to stop this shit effectively?
1st mail server is courier-mts + courier-imap + spamassassin + clamav
2nd mail server is postfix + dovecot + spamassassin + clamav
Thanks, Greetings and nice Day/Evening
Michelle Konzack
Systemadministrator
24V Electronic Engineer
Tamay Dogan Network
Debian GNU/Linux Consultant
--
Linux-User #280138 with the Linux Counter, http://counter.li.org/
##################### Debian GNU/Linux Consultant #####################
<http://www.tamay-dogan.net/> <http://www.can4linux.org/>
Michelle Konzack Apt. 917 ICQ #328449886
+49/177/9351947 50, rue de Soultz MSN LinuxMichi
+33/6/61925193 67100 Strasbourg/France IRC #Debian (irc.icq.com)
Re: From: and To: Spamers
Posted by Michelle Konzack <li...@tamay-dogan.net>.
Am 2008-12-29 20:39:46, schrieb ram:
> You could reject mailfrom your domain at the MTA (if your real mail
> never arrives there )
Unfortunately this does not work for me.
> One of the other ways is set up an SPF record and give a high score for
> SPF-FAIL for your domain, that is what I do and works great here
Hmmm, my domain <tamay-dogan.net> is hosted with domains of a bunch of
other customers on <server4.pinguin-hosting.de> and I do not know,
whether I (better my hoster) can setup this for MY domain since it is
only virtuell. If he does this globaly, it could have a negative impact
on other hosted domains AFAIK.
Thanks, Greetings and nice Day/Evening
Michelle Konzack
Systemadministrator
24V Electronic Engineer
Tamay Dogan Network
Debian GNU/Linux Consultant
--
Linux-User #280138 with the Linux Counter, http://counter.li.org/
##################### Debian GNU/Linux Consultant #####################
<http://www.tamay-dogan.net/> <http://www.can4linux.org/>
Michelle Konzack Apt. 917 ICQ #328449886
+49/177/9351947 50, rue de Soultz MSN LinuxMichi
+33/6/61925193 67100 Strasbourg/France IRC #Debian (irc.icq.com)
Re: From: and To: Spamers
Posted by ram <ra...@netcore.co.in>.
On Mon, 2008-12-29 at 13:26 +0100, Michelle Konzack wrote:
> Hello *,
>
> since arrount 5 days I am hit by several 10.000 very small (~2 kByte)
> messages which use my email addresse in "From:" and "To:"...
>
> Does anyone know, how to stop this shit effectively?
>
If the spammer is forging your domain in the from , thats very easy to
trap
You could reject mailfrom your domain at the MTA (if your real mail
never arrives there )
One of the other ways is set up an SPF record and give a high score for
SPF-FAIL for your domain, that is what I do and works great here
Re: From: and To: Spamers
Posted by Kai Schaetzl <ma...@conactive.com>.
Michelle Konzack wrote on Mon, 29 Dec 2008 13:26:25 +0100:
> Does anyone know, how to stop this shit effectively?
You are not the only one affected by this. Others asked before you.
Kai
--
Kai Schätzl, Berlin, Germany
Get your web at Conactive Internet Services: http://www.conactive.com
Re: From: and To: Spamers
Posted by Nigel Frankcom <ni...@blue-canoe.com>.
<aside> Does DynDNS allow SPF records?
On Mon, 29 Dec 2008 15:08:38 +0100, Matthias Haegele
<mh...@linuxrocks.dyndns.org> wrote:
>Michelle Konzack schrieb:
>> Hello *,
>>
>> since arrount 5 days I am hit by several 10.000 very small (~2 kByte)
>> messages which use my email addresse in "From:" and "To:"...
>>
>> Does anyone know, how to stop this shit effectively?
>>
>> 1st mail server is courier-mts + courier-imap + spamassassin + clamav
>> 2nd mail server is postfix + dovecot + spamassassin + clamav
>
>search for backscatter:
>
>http://www.postfix.org/BACKSCATTER_README.html
>
Re: From: and To: Spamers
Posted by Michelle Konzack <li...@tamay-dogan.net>.
Hello Sahil,
Am 2008-12-29 17:59:09, schrieb Sahil Tandon:
> id=EQUAL_001; action=REJECT sender is recipient; sender==$$recipient
I will forward this line to my Hosting Provider,
since the postfix is out of my control.
Thanks, Greetings and nice Day/Evening
Michelle Konzack
Systemadministrator
24V Electronic Engineer
Tamay Dogan Network
Debian GNU/Linux Consultant
--
Linux-User #280138 with the Linux Counter, http://counter.li.org/
##################### Debian GNU/Linux Consultant #####################
<http://www.tamay-dogan.net/> <http://www.can4linux.org/>
Michelle Konzack Apt. 917 ICQ #328449886
+49/177/9351947 50, rue de Soultz MSN LinuxMichi
+33/6/61925193 67100 Strasbourg/France IRC #Debian (irc.icq.com)
Re: From: and To: Spamers
Posted by Sahil Tandon <sa...@tandon.net>.
Matthias Haegele wrote:
> Michelle Konzack schrieb:
>
>> since arrount 5 days I am hit by several 10.000 very small (~2 kByte)
>> messages which use my email addresse in "From:" and "To:"...
>>
>> Does anyone know, how to stop this shit effectively?
>>
>> 1st mail server is courier-mts + courier-imap + spamassassin + clamav
>> 2nd mail server is postfix + dovecot + spamassassin + clamav
>
> search for backscatter:
>
> http://www.postfix.org/BACKSCATTER_README.html
This is a good README for general knowledge, but I do not believe
Michelle is describing backscatter.
Michelle, There are a few ways to address the problem of sender ==
recipient spam, but do familiarize yourself with all the consequences of
blocking such mail. As Kai mentioned, this is turning into somewhat of
a FAQ on a few mailing lists, so search the archives (here and on
postfix-users) for proposed solutions. Benny posted a method using
postfwd (http://postfwd.org) last week:
id=EQUAL_001; action=REJECT sender is recipient; sender==$$recipient
--
Sahil Tandon <sa...@tandon.net>
Re: From: and To: Spamers
Posted by Matthias Haegele <mh...@linuxrocks.dyndns.org>.
Michelle Konzack schrieb:
> Hello *,
>
> since arrount 5 days I am hit by several 10.000 very small (~2 kByte)
> messages which use my email addresse in "From:" and "To:"...
>
> Does anyone know, how to stop this shit effectively?
>
> 1st mail server is courier-mts + courier-imap + spamassassin + clamav
> 2nd mail server is postfix + dovecot + spamassassin + clamav
search for backscatter:
http://www.postfix.org/BACKSCATTER_README.html