LinuxQuestions.org
Share your knowledge at the LQ Wiki.
Go Back   LinuxQuestions.org > Forums > Linux > Linux - Software
Reload this Page Exim Spam - spoofing From: same as To:
User Name
Password
Linux - Software This forum is for Software issues.
Having a problem installing a new program? Want to know which application is best for the job? Post your question in this forum.

Notices

Reply
 
Thread Tools
Old 03-05-2009, 11:40 AM   #1
ergotron
LQ Newbie
 
Registered: Mar 2009
Posts: 1
Thanked: 0
Exim Spam - spoofing From: same as To:

[Log in to get rid of this advertisement]
I have an Exim4 installation on Debian and have noticed the last few months a sharp rise in spam where the From: is spoofing the To: and bypasses my reverse dns checking. He'here's an example:

2009-03-05 03:52:06 1Lf9JB-00049c-Sl <= shadow@<mydomain>.ca H=82-135-198-57.static.zebra.lt [82.135.198.57] P=smtp S=3389
2009-03-05 03:52:06 1Lf9JB-00049c-Sl => blackhole (local_scan discarded recipients)

I have the reverse dns checking setup and it works very well but somehow when it claims to be an email from my domain it gets by. The only thing to catch it is spamassassin which blackholes it.

Another example:

2009-03-05 10:52:39 1LfFs7-0004Yc-CV <= postmaster@<mydomain>.ca H=adsl-89-132-26-102.monradsl.monornet.hu [89.132.26.102] P=smtp S=5661
2009-03-05 10:52:39 1LfFs7-0004Yc-CV => blackhole (local_scan discarded recipients)


Is there a way to stop this spoofing or reject it the same way reverse dns checking does for fake domains?
ergotron is offline     Reply With Quote
Old 03-05-2009, 02:14 PM   #2
norobro
Member
 
Registered: Feb 2006
Location: tejas
Distribution: Debian Sid
Posts: 209
Thanked: 23
I recently had what I thought was an exim relay problem (link). Turned out to be something else.

Anyway, in my searching for a solution I found this on the Exim forum.

HTH

Norm
norobro is offline     Reply With Quote

Reply

Bookmarks


Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
LXer: Spam prevention with Exim and greylistd - Part 1 LXer Syndicated Linux News 0 09-22-2008 10:20 AM
Exim+ASSP(Anti Spam SMTP Proxy) piyushmap Linux - Networking 0 02-29-2008 10:44 AM
Exim mail monitor for discovering outgoing spam/viruses TheSpork Linux - Software 0 11-30-2004 04:14 AM
Exim4/ sa-exim/Spamassassin - Flags as Spam but Still Accepts jonwatson Linux - Software 4 11-29-2004 07:18 PM
EXIM - sending spam from PHP scrips GRisha Linux - Software 0 06-05-2004 12:07 PM


All times are GMT -5. The time now is 09:58 AM.

Contact Us - Advertising Info - Rules - LQ Merchandise - Donations - Contributing Member - LQ Sitemap - LinuxQuestions.org - Linux Forums
Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
RSS2  LQ Podcast
RSS2  LQ Radio
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: @linuxquestions
Open Source Consulting | Domain Registration