You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@spamassassin.apache.org by Michelle Konzack <li...@tamay-dogan.net> on 2008/12/29 13:26:25 UTC

From: and To: Spamers

Hello *,

since arrount 5 days I am hit by several 10.000  very  small  (~2 kByte)
messages which use my email addresse in "From:" and "To:"...

Does anyone know, how to stop this shit effectively?

1st mail server is courier-mts + courier-imap + spamassassin + clamav
2nd mail server is postfix + dovecot + spamassassin + clamav

Thanks, Greetings and nice Day/Evening
    Michelle Konzack
    Systemadministrator
    24V Electronic Engineer
    Tamay Dogan Network
    Debian GNU/Linux Consultant


-- 
Linux-User #280138 with the Linux Counter, http://counter.li.org/
##################### Debian GNU/Linux Consultant #####################
<http://www.tamay-dogan.net/>               <http://www.can4linux.org/>
Michelle Konzack   Apt. 917                  ICQ #328449886
+49/177/9351947    50, rue de Soultz         MSN LinuxMichi
+33/6/61925193     67100 Strasbourg/France   IRC #Debian (irc.icq.com)

Re: From: and To: Spamers

Posted by Michelle Konzack <li...@tamay-dogan.net>.

Am 2008-12-29 20:39:46, schrieb ram:
> You could reject mailfrom your domain at the MTA (if your real mail
> never arrives there ) 

Unfortunately this does not work for me.

> One of the other ways is set up an SPF record and give a high score for
> SPF-FAIL for your domain, that is what I do and works great here 

Hmmm, my domain <tamay-dogan.net> is hosted with domains of a  bunch  of
other customers on  <server4.pinguin-hosting.de>  and  I  do  not  know,
whether I (better my hoster) can setup this for MY domain  since  it  is
only virtuell.  If he does this globaly, it could have a negative impact
on other hosted domains AFAIK.

Thanks, Greetings and nice Day/Evening
    Michelle Konzack
    Systemadministrator
    24V Electronic Engineer
    Tamay Dogan Network
    Debian GNU/Linux Consultant


-- 
Linux-User #280138 with the Linux Counter, http://counter.li.org/
##################### Debian GNU/Linux Consultant #####################
<http://www.tamay-dogan.net/>               <http://www.can4linux.org/>
Michelle Konzack   Apt. 917                  ICQ #328449886
+49/177/9351947    50, rue de Soultz         MSN LinuxMichi
+33/6/61925193     67100 Strasbourg/France   IRC #Debian (irc.icq.com)

Re: From: and To: Spamers

Posted by ram <ra...@netcore.co.in>.

On Mon, 2008-12-29 at 13:26 +0100, Michelle Konzack wrote:
> Hello *,
> 
> since arrount 5 days I am hit by several 10.000  very  small  (~2 kByte)
> messages which use my email addresse in "From:" and "To:"...
> 

> Does anyone know, how to stop this shit effectively?
> 


If the spammer is forging your domain in the from , thats very easy to
trap 

You could reject mailfrom your domain at the MTA (if your real mail
never arrives there ) 

One of the other ways is set up an SPF record and give a high score for
SPF-FAIL for your domain, that is what I do and works great here

Re: From: and To: Spamers

Posted by Kai Schaetzl <ma...@conactive.com>.

Michelle Konzack wrote on Mon, 29 Dec 2008 13:26:25 +0100:

> Does anyone know, how to stop this shit effectively?

You are not the only one affected by this. Others asked before you.

Kai

-- 
Kai Schätzl, Berlin, Germany
Get your web at Conactive Internet Services: http://www.conactive.com

Re: From: and To: Spamers

Posted by Nigel Frankcom <ni...@blue-canoe.com>.

<aside> Does DynDNS allow SPF records?

On Mon, 29 Dec 2008 15:08:38 +0100, Matthias Haegele
<mh...@linuxrocks.dyndns.org> wrote:

>Michelle Konzack schrieb:
>> Hello *,
>> 
>> since arrount 5 days I am hit by several 10.000  very  small  (~2 kByte)
>> messages which use my email addresse in "From:" and "To:"...
>> 
>> Does anyone know, how to stop this shit effectively?
>> 
>> 1st mail server is courier-mts + courier-imap + spamassassin + clamav
>> 2nd mail server is postfix + dovecot + spamassassin + clamav
>
>search for backscatter:
>
>http://www.postfix.org/BACKSCATTER_README.html
>

Re: From: and To: Spamers

Posted by Michelle Konzack <li...@tamay-dogan.net>.

Hello Sahil,

Am 2008-12-29 17:59:09, schrieb Sahil Tandon:
> id=EQUAL_001; action=REJECT sender is recipient; sender==$$recipient 

I will forward this line to my Hosting Provider,
since the postfix is out of my control.

Thanks, Greetings and nice Day/Evening
    Michelle Konzack
    Systemadministrator
    24V Electronic Engineer
    Tamay Dogan Network
    Debian GNU/Linux Consultant


-- 
Linux-User #280138 with the Linux Counter, http://counter.li.org/
##################### Debian GNU/Linux Consultant #####################
<http://www.tamay-dogan.net/>               <http://www.can4linux.org/>
Michelle Konzack   Apt. 917                  ICQ #328449886
+49/177/9351947    50, rue de Soultz         MSN LinuxMichi
+33/6/61925193     67100 Strasbourg/France   IRC #Debian (irc.icq.com)

Re: From: and To: Spamers

Posted by Sahil Tandon <sa...@tandon.net>.

Matthias Haegele wrote:

> Michelle Konzack schrieb:
>
>> since arrount 5 days I am hit by several 10.000  very  small  (~2 kByte)
>> messages which use my email addresse in "From:" and "To:"...
>>
>> Does anyone know, how to stop this shit effectively?
>>
>> 1st mail server is courier-mts + courier-imap + spamassassin + clamav
>> 2nd mail server is postfix + dovecot + spamassassin + clamav
>
> search for backscatter:
>
> http://www.postfix.org/BACKSCATTER_README.html

This is a good README for general knowledge, but I do not believe
Michelle is describing backscatter.  

Michelle, There are a few ways to address the problem of sender ==
recipient spam, but do familiarize yourself with all the consequences of
blocking such mail.  As Kai mentioned, this is turning into somewhat of
a FAQ on a few mailing lists, so search the archives (here and on
postfix-users) for proposed solutions.  Benny posted a method using
postfwd (http://postfwd.org) last week:

id=EQUAL_001; action=REJECT sender is recipient; sender==$$recipient 

-- 
Sahil Tandon <sa...@tandon.net>

Re: From: and To: Spamers

Posted by Matthias Haegele <mh...@linuxrocks.dyndns.org>.

Michelle Konzack schrieb:
> Hello *,
> 
> since arrount 5 days I am hit by several 10.000  very  small  (~2 kByte)
> messages which use my email addresse in "From:" and "To:"...
> 
> Does anyone know, how to stop this shit effectively?
> 
> 1st mail server is courier-mts + courier-imap + spamassassin + clamav
> 2nd mail server is postfix + dovecot + spamassassin + clamav

search for backscatter:

http://www.postfix.org/BACKSCATTER_README.html