Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game. |
| Notices |
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
Are you new to LinuxQuestions.org? Visit the following links:
Site Howto |
Site FAQ |
Sitemap |
Register Now
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
|
 |
08-05-2005, 04:32 PM
|
#1
|
|
Member
Registered: Dec 2003
Posts: 235
Rep: 
|
Guarding Against Forged Email Bounces
I currently run a qmail+spamassassin+clamAV+vpopmail on a Slackware 10.1 server. One of the domains we currently host is being hit with bounced emails from spammers that forged our domain in their email headers. Is there any way I can guard against this or lessen the damange or anything at all? Or am I forced to just ride it out?
Thanks!
Justyn
|
|
|
|
|
08-05-2005, 05:25 PM
|
#2
|
|
LQ Guru
Registered: Nov 2004
Location: San Jose, CA
Distribution: Debian, Arch
Posts: 8,507
Rep:
|
Well, if they're coming into unused mailboxes, you could just redirect those to /dev/null with the .qmail files.  |
|
|
|
|
08-05-2005, 05:53 PM
|
#3
|
|
Member
Registered: Apr 2001
Location: Bremen, Germany
Distribution: Debian
Posts: 303
Rep:
|
I've had that happening with a site I once worked for. A few users were getting insane amounts (several thousand a day) of bounce messages. Management decided that moving the affected users to new addresses wasn't an option so we had to come up with a solution. Basically my idea was that bounce mail can only come from sites we actually send mail to. So what I ended up with was a script that parsed the log files and recorded every address the affected accounts sent mail to into a database and kept it there for a few days. On incoming bounce mail (checked with some typical regexp for bounce messages) the mta would do a database lookup and silently disregard the mail if the loopkup didn't return anything.
|
|
|
|
|
08-05-2005, 08:16 PM
|
#4
|
|
LQ Guru
Registered: Nov 2004
Location: San Jose, CA
Distribution: Debian, Arch
Posts: 8,507
Rep:
|
demian - quite an ingenious solution. Of course, it breaks down if users check email at home where it might go out through SMTP on their ISP, but every situation is different. |
|
|
|
|
08-05-2005, 08:51 PM
|
#5
|
|
Member
Registered: Apr 2001
Location: Bremen, Germany
Distribution: Debian
Posts: 303
Rep:
|
Quote:
Originally posted by Matir
Of course, it breaks down if users check email at home where it might go out through SMTP on their ISP
|
Yeah, I could exclude that possibility. Every piece of mail went through our servers. I'd say that's the case in most all situations: Say you have an account joe@somesite.com and then go and send out your mail through yourisp.net. Wouldn't
a) the mailserver at yourisp.net reject the mail as unauthorized relay and
b) the receiving mailserver reject it since it claims to be from somesite.com but was in fact sent through yourisp.net???
I'd most probably reject such mail or at least increase it's spam score by quite a bit for such suspicious routing. |
|
|
|
|
08-05-2005, 09:16 PM
|
#6
|
|
LQ Guru
Registered: Nov 2004
Location: San Jose, CA
Distribution: Debian, Arch
Posts: 8,507
Rep:
|
I hope not. I send outgoing SMTP through my isp's mailserver, and most webhosts reccomend that. My ISP's mailserver just requires I be on their netblock or authenticate via SMTP-AUTH. |
|
|
|
All times are GMT -5. The time now is 10:52 AM.
|
|
|
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
|
|
 Latest Threads
LQ News
|
|
