Blocking empty To with rules
mike at TECHINTER.COM
Mon Feb 17 18:48:59 GMT 2003
I found out that an empty To: field is filled with MAILER-DAEMON by
sendmail. This is used for purposes such as when an email message bounces.
This is exactly what was happening. Some spammer decided to use a return
address of one of our domains and is sending spam to dictionary of AOL
users. For the return address they chose about 7 names such as mail offer
newest special host webhost and tryit. Then they appended a random number
of 5-8 digits to the end of the username. So what we ended up with was
mail324365 at domain.com as the return address. We use a mail gateway that
accepts all main, scans it and then delivers it to the real mail server.
Tried to block it using Local_Ruleset in Sendmail but no luck. Finally I
had to add email@example.com ect... to the blacklist and then to the Virus
Scanning and Spam Checks lists. Then in the spam actions I listed each one
with a bounce delete action. It is now bouncing all the mail back to AOL so
maybe they will shut this spammer down who is abusing their system but I am
not holding my breath...
From: MailScanner mailing list [mailto:MAILSCANNER at JISCMAIL.AC.UK]On
Behalf Of Julian Field
Sent: Friday, February 14, 2003 4:38 PM
To: MAILSCANNER at JISCMAIL.AC.UK
Subject: Re: Blocking empty To with rules
At 16:06 14/02/2003, you wrote:
>Is it possible to block a spam message where the To is empty? We are
>getting a ton of spam from AOL and in the sendmail logfile the To is
>I wouldn't mind shutting AOL down from having access to our server but
>sure our customers would complain :)
In a ruleset you can specify arbitrary regular expressions, which is
perfect for this.
You could write a ruleset for the "Is Definitely Spam" parameter that
contains the line
To: /^$/ yes
which would say that all mail with no To address is spam.
MailScanner thanks transtec Computers for their support
More information about the MailScanner