Bouncing to spoofed domain name
Gareth
list-mailscanner at linguaphone.com
Thu Apr 12 15:16:15 IST 2007
Yes sorry for some reason I thought you were running Postfix.
Yes it is a replacement for Sendmail. Personally I have used Sendmail,
Exim and Postfix and I much prefer Postfix as it seems very easy to
configure and is highly customisable. Its hold queue is very usefull for
Mailscanner as you only need a single instance running.
I dont know what platform you are running but on the Fedora system I use
there is just a single command to switch everything over from using
sendmail to postfix and then you just have to make the simple
configuration to get Postfix working.
On Thu, 2007-04-12 at 15:01, John Rowan wrote:
> Gareth, thanks for the quick reply. I do not use Postfix and don't
> know anything about it.
> I read the ADDRESS_VERIFICATION_README.html. Does Postfix replace
> Sendmail
> as the MTA or does it work in conjunction with it? I have two months
> worth of projects
> in my queue and don't have time right now to reconfigure and test
> email server configurations
> if Postfix needs to replace Sendmail as the MTA. From what I see
> Googling Postfix it is a replacement
> for Sendmail. I'll have to revisit this when I close out some of the
> projects I'm working on.
>
> Thanks.
>
>
> Gareth wrote:
> > You can get Postfix to verify that the sender address exists. It does
> > this by connecting to the mail server for the domain and checks to see
> > if the server accepts the senders email address. For more information
> > see http://www.postfix.org/ADDRESS_VERIFICATION_README.html
> >
> > The downside of this is that your mail server pauses while it checks the
> > address so if it takes a while the sender may time out. This is rare
> > though as most timeouts are quite long. All check results are cached.
> >
> > I use this myself but on the destination address so Postfix rejects mail
> > to users who dont exist at our domains.
> >
> > On Thu, 2007-04-12 at 14:33, John Rowan wrote:
> >
> > > Is there any way to configure MailScanner to bounce mail to the abuse
> > > contact of an IP Netblock rather than what happened below.
> > > The sender was falsified and MailScanner sent it to the non existent
> > > person at watermaster.org. Watermaster.org rejected the bounce
> > > since ktf doesn't exist. I'm dealing with the same problem on several
> > > servers where garbage is being sent out saying it is from domains
> > > I support and then it's bounced to me but my /etc/mail/virtusertable
> > > is similarly configured to that mail to non existent users is not
> > > accepted.
> > >
> > > In the example below the mail came from 219.134.77.247 which is in
> > > China
> > >
> > > inetnum: 219.128.0.0 - 219.137.255.255
> > > netname: CHINANET-GD
> > > descr: CHINANET Guangdong province network
> > > descr: Data Communication Division
> > > descr: China Telecom
> > > country: CN
> > > I would want to bounce to the correct: abuse at gddc.com.cn
> > >
> > > -------- Original Message --------
> > > Subject:
> > > Bad Filename Detected
> > > Date:
> > > Thu, 12 Apr 2007 04:20:57 -0400
> > > From:
> > > MailScanner
> > > <postmaster at corvette.deleted.com>
> > > To:
> > > postmaster at corvette.deleted.com
> > >
> > > The following e-mails were found to have: Bad Filename Detected
> > >
> > > Sender: ktf at watermaster.org
> > > IP Address: 219.134.77.247
> > > Recipient: username at deleted.com
> > > Subject: I Love You Because
> > > MessageID: l3C8KHHg013901
> > > Report: MailScanner: Executable DOS/Windows programs are dangerous in email (greeting card.exe)
> > >
> >
>
>
>
> ______________________________________________________________________
> --
> MailScanner mailing list
> mailscanner at lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
> Before posting, read http://wiki.mailscanner.info/posting
>
> Support MailScanner development - buy the book off the website!
More information about the MailScanner
mailing list