Help answer threads with 0 replies.
Go Back > Forums > Linux Forums > Linux - Security
User Name
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.


  Search this Thread
Old 09-06-2007, 11:04 AM   #1
Registered: May 2004
Location: Montreal,QC,Canada
Distribution: Fedora Core 7
Posts: 210

Rep: Reputation: 30
SPAM question - General Internet Security question

Hello Guys,

I am posting in this forum because I don't realy know where else to post my question. Read, you will understand ;-)

I own a dommain, hosted on my own Linux server trough a cable connection.

I have a problem with my mail since I receive hundreds of non delivered mails witch I never sent.

I dig the maillog of PostFix (witch security is pretty tight) and I can't find traces of intrusion or any kind of relaying.

I know it is pretty simple to mangle the email header to set the FROM adress of the mail.

Now the real question is : Since the mail does not realy come from my dommain and only the FROM and RETURN adresses have been set to my dommain, is there any way I could avoid this ??

Here is a sample of non delivered message I receive:

This message was created automatically by mail delivery software.

A message that you have sent could not be delivered to one or more
recipients. This is a permanent error. The following address(es) failed:

<>: 554 Denied [CS] (Mode: normal)
<>: 554 Denied [CS] (Mode: normal)
<>: 554 Denied [CS] (Mode: normal)
<>: 554 Denied [CS] (Mode: normal)

Included is a copy of the message header:
Received: from unknown [] (EHLO
by (mxl_mta-5.1.0-1)
with ESMTP id (envelope-from <>);
Mon, 27 Aug 2007 07:42:57 -0600 (MDT)
Return-Path: <>
Received: from (HELO
by with esmtp (YA000*:;RH0 Z,+5)
id .*A2QB-S+?9G+-<;
for; Mon, 27 Aug 2007 13:42:58 -0100
Date: Mon, 27 Aug 2007 13:42:58 -0100
From: "Janet Sherwood" <>
X-Mailer: The Bat! (v3.71.14) UNREG / CD5BF9353B3B7091
X-Priority: 3 (Normal)
Message-ID: <>
Subject: Last chance to supercharge your performance
MIME-Version: 1.0
Content-Type: multipart/alternative;
X-Spam: Not detected
Received: from unknown [] (EHLO> this is not my dommain ;-)

Any advise would be nice :-)

Old 09-07-2007, 08:30 AM   #2
Senior Member
Registered: Aug 2007
Location: Massachusetts, USA
Distribution: Solaris 9 & 10, Mac OS X, Ubuntu Server
Posts: 1,194

Rep: Reputation: 105Reputation: 105
Everyone who manages a mail server has to deal with this crap. Some spammers use the return address as a way of getting mail through, since mail sent directly might more easily be recognized as spam.

We run sendmail with mimedefang, spamassassin, milter-greylist, procmail filters, . . . And we are constantly monitoring and tuning parameters in all of these to keep the spam out.

The level of spam is way up from last year, and way up from last spring. It just keeps escalating. You can probably blame it on all those zombies coming out of Redmond.


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
General security question packetsmacker Linux - Security 3 03-13-2007 05:41 PM
General OS question, newb question ty13 General 14 04-11-2006 08:21 PM
Question about vsftpd security (or just ftp in general) scorbett Linux - Security 8 03-31-2006 04:56 PM
General wireless security question zba78 Linux - Wireless Networking 3 03-17-2006 03:33 PM
Security question {newbie question} Radio Linux - Security 3 05-17-2002 06:32 PM > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 06:29 AM.

Main Menu
Write for LQ is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration