LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Security (https://www.linuxquestions.org/questions/linux-security-4/)
-   -   SPAM question - General Internet Security question (https://www.linuxquestions.org/questions/linux-security-4/spam-question-general-internet-security-question-582700/)

LuggerHouse 09-06-2007 11:04 AM
SPAM question - General Internet Security question
 
Hello Guys,

I am posting in this forum because I don't realy know where else to post my question. Read, you will understand ;-)

I own a dommain, hosted on my own Linux server trough a cable connection.

I have a problem with my mail since I receive hundreds of non delivered mails witch I never sent.

I dig the maillog of PostFix (witch security is pretty tight) and I can't find traces of intrusion or any kind of relaying.

I know it is pretty simple to mangle the email header to set the FROM adress of the mail.

Now the real question is : Since the mail does not realy come from my dommain and only the FROM and RETURN adresses have been set to my dommain, is there any way I could avoid this ??

Here is a sample of non delivered message I receive:


Quote:
This message was created automatically by mail delivery software.

A message that you have sent could not be delivered to one or more
recipients. This is a permanent error. The following address(es) failed:

<susan@charlesligeti.com>: 554 Denied [CS] (Mode: normal)
<ray@charlesligeti.com>: 554 Denied [CS] (Mode: normal)
<pinkee@charlesligeti.com>: 554 Denied [CS] (Mode: normal)
<marierose@charlesligeti.com>: 554 Denied [CS] (Mode: normal)



Included is a copy of the message header:
-----------------------------------------
Received: from unknown [82.177.36.10] (EHLO mail.gemappraisers.com)
by p02c11m022.mxlogic.net (mxl_mta-5.1.0-1)
with ESMTP id 1e4d2d64.2594122672.175488.00-189.p02c11m022.mxlogic.net (envelope-from <duggeniecieljit@genieciel.com>);
Mon, 27 Aug 2007 07:42:57 -0600 (MDT)
Return-Path: <duggeniecieljit@genieciel.com>
Received: from 204.16.252.100 (HELO mail1.no-ip.com)
by charlesligeti.com with esmtp (YA000*:;RH0 Z,+5)
id .*A2QB-S+?9G+-<;
for hector@charlesligeti.com; Mon, 27 Aug 2007 13:42:58 -0100
Date: Mon, 27 Aug 2007 13:42:58 -0100
From: "Janet Sherwood" <duggeniecieljit@genieciel.com>
X-Mailer: The Bat! (v3.71.14) UNREG / CD5BF9353B3B7091
X-Priority: 3 (Normal)
Message-ID: <387309795.18581765740758@thhebat.net>
To: hector@charlesligeti.com
Subject: Last chance to supercharge your performance
MIME-Version: 1.0
Content-Type: multipart/alternative;
boundary="----------09092C4016E16E16"
X-Spam: Not detected
Received: from unknown [82.177.36.10] (EHLO mail.gemappraisers.com)=> this is not my dommain ;-)

Any advise would be nice :-)

Thanks!

choogendyk 09-07-2007 08:30 AM
Everyone who manages a mail server has to deal with this crap. Some spammers use the return address as a way of getting mail through, since mail sent directly might more easily be recognized as spam.

We run sendmail with mimedefang, spamassassin, milter-greylist, procmail filters, . . . And we are constantly monitoring and tuning parameters in all of these to keep the spam out.

The level of spam is way up from last year, and way up from last spring. It just keeps escalating. You can probably blame it on all those zombies coming out of Redmond.


All times are GMT -5. The time now is 09:11 AM.