Located issue Joe-Job attack Was Hijacked Returned domain
Peter Nitschke
email at ace.net.au
Tue Feb 3 15:59:57 GMT 2004
I don't think there is any simple way to defeat this.
If you want to get brutal, there was some stuff posted last year to add to
sendmail.mc that allowed you to block by various words in the subject, so
you could for eg block the following
undeliverable mail
undelivered mail returned
mail delivery fail
etc etc, breaks the rules though.
I got lucky as most of these return addresses had numbers in them, eg
joe25r at domain.com and I have never allowed numbers in the first part of the
email address - due to a limitation in the opriginal accounting system I
used. I managed to make an entry that rejected any To: address here that
had a number in it, and that has virtually eliminated the problem.
Peter
*********** REPLY SEPARATOR ***********
On 3/02/2004 at 2:05 PM Stephen Lane wrote:
>I've located what this is attack is called "Joe-Job" and I'm trying to
>figure out how to accept from=<> then discard it at the MTA. Does anyone
>have a sendmail.cf config rule that shows how to do this.
>
>Thanks in advance
>
>Steve
More information about the MailScanner
mailing list