Localhost forgery

Kevin Miller Kevin_Miller at ci.juneau.ak.us
Thu Aug 20 19:10:38 IST 2009 

No - On the MTA (sendmail) I'm running greet pause, smf-spf and smf-sav.  Everytime I read about greylisting I don't quite get the difference between it and greet pause.  Guess I'm just slow.  Does it do more than greet pause?  If I implement it, sould I discontinue use of greet pause or use them in conjunction w/each other?


...Kevin
--
Kevin Miller                Registered Linux User No: 307357
CBJ MIS Dept.               Network Systems Admin., Mail Admin.
155 South Seward Street     ph: (907) 586-0242
Juneau, Alaska 99801        fax: (907 586-4500



________________________________
From: mailscanner-bounces at lists.mailscanner.info [mailto:mailscanner-bounces at lists.mailscanner.info] On Behalf Of Eduardo Casarero
Sent: Thursday, August 20, 2009 9:22 AM
To: MailScanner discussion
Subject: Re: Localhost forgery



2009/8/20 Kevin Miller <Kevin_Miller at ci.juneau.ak.us<mailto:Kevin_Miller at ci.juneau.ak.us>>
I'm being bombarded with a ton of spam that claims to be from localhost (but the IP isn't in the 127. range).  They are false NDRs, bouncing off of foreign servers.  A large number of my users are being joe-jobbed, and the remote servers send the NDRs here.  Here's a couple of examples from the the mail log:

Aug 20 06:32:30 mx2 sendmail-in[25703]: n7KEVnN7025703: from=<qvmanifestation at grahamevinson.com<mailto:qvmanifestation at grahamevinson.com>>, size=0, class=0, nrcpts=0, proto=ESMTP, daemon=MTA, relay=localhost [123.26.216.57] (may be forged)
Aug 20 07:34:33 mx2 sendmail-in[29611]: n7KFYJdI029611: from=<kzmatrimony at ivory.plala.or.jp<mailto:kzmatrimony at ivory.plala.or.jp>>, size=0, class=0, nrcpts=0, proto=ESMTP, daemon=MTA, relay=localhost [222.254.108.100] (may be forged)

I'd really like to be able to block them at the MTA level, but barring that, a spamassassin rule would do nicely.  Anybody have a rule available that would fit the bill?  There are too many sources to try to blacklist - I'd be playing whack-a-mole all day long.

do you use greylisting?



(I've been on vacation the past few weeks, so if this has been discussed please let me know the subject line.)

Thanks...

...Kevin
--
Kevin Miller                Registered Linux User No: 307357
CBJ MIS Dept.               Network Systems Admin., Mail Admin.
155 South Seward Street     ph: (907) 586-0242
Juneau, Alaska 99801        fax: (907 586-4500 --
MailScanner mailing list
mailscanner at lists.mailscanner.info<mailto:mailscanner at lists.mailscanner.info>
http://lists.mailscanner.info/mailman/listinfo/mailscanner

Before posting, read http://wiki.mailscanner.info/posting

Support MailScanner development - buy the book off the website!

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20090820/3e319c2c/attachment.html

More information about the MailScanner mailing list