homepage Welcome to WebmasterWorld Guest from 50.19.206.49
register, free tools, login, search, pro membership, help, library, announcements, recent posts, open posts,
Become a Pro Member
Home / Forums Index / Hardware and OS Related Technologies / Linux, Unix, and *nix like Operating Systems
Forum Library, Charter, Moderators: bakedjake

Linux, Unix, and *nix like Operating Systems Forum

    
possible spam issue
is this a problem and if so how do I stop it?
adwhite




msg:3667396
 8:17 am on Jun 5, 2008 (gmt 0)

Hi,

I have a straight forward LAMP server with sendmail. The server is not configured as an open relay so it can't be used for spam in that way. But I've been getting a number of returned emails from a valid user account which are spam.
I control that user account so I know no emails are being sent out legitimately, is it just a spammer using the email address as a spoof sender or is the mail going through my server in some way?

 

DamonHD




msg:3667412
 8:57 am on Jun 5, 2008 (gmt 0)

Hi,

You can get 'backscatter' when a SPAMmer's outbound mails fraudulently (mis)use your legit address but pass nowhere near your machines.

Sometimes this is used specifically to make people angry with you or to DoS your mail system.

One way to reduce this is to set up something like SPF so that fewer remote mail servers will accept the mails being sent in your name because those servers will be able to tell that the mails are bogus/fraudulent. SPF only requires a single additional text record in the DNS info for your mail domain.

Rgds

Damon

[edited by: DamonHD at 8:58 am (utc) on June 5, 2008]

adwhite




msg:3667434
 9:38 am on Jun 5, 2008 (gmt 0)

Hi Damon,

Thanks for your reply, the problem (I think) with setting up an spf record is that in general mail is not generated on the server (ie users don't use a webmail package) they use client based (ie outlook) however the server does generate email for this address when sending out confirmations and the like, so for the spf it does have to allow mail from the server (albeit limited and automatically generated) but it then has to allow mail from an unspecifiable number of isps... does this make sense?

Quick update ... I've just tried generating an spf for this domain because I'm the only one that would use the email. If it works then it will be great, if it doesn't then I'll be the only one affected.

mcavic




msg:3668361
 12:17 pm on Jun 6, 2008 (gmt 0)

In order for SPF to work, all of your users need to use your server for sending mail. If you set up SMTP authentication, then they can do so from any IP.

adwhite




msg:3679347
 8:52 am on Jun 20, 2008 (gmt 0)

I still seem to have an ongoing problem, I've checked the server via abuse.net and it all came back relay denied.

But this morning I had this in my logwatch ouptut :

Top relays (recipients/connections - min 10 rcpts, max 50 lines):
32/32: localhost.localdomain [127.0.0.1]
30/30: apache@localhost

19/19: mailgate2.arcor-ip.de [145.253.2.48]

I could legitmately expect the top two (although given that the server only sent out 10 messages as apache that still confuses me) but the .de shouldn't be there.

Below is one of the email pairs associated with that relay.

Jun 19 16:36:09 #*$!#*$!x1 sendmail[28057]: m5JFa98w028057: from=<>, size=7988, class=0, nrcpts=1, msgid=<20080619153601.6AB64F0D681@mailgate1.adm.arcor.net>, proto=ESMTP, daemon=MTA, relay=mailgate2.arcor-ip.de [145.253.2.48]
Jun 19 16:36:12 #*$!#*$!x1 sendmail[28058]: m5JFa98w028057: to=<enquire@#*$!#*$!#*$!#*$!.co.uk>, delay=00:00:03, xdelay=00:00:03, mailer=local, pri=38213, dsn=2.0.0, stat=Sent

Can someone help me understand this please.

Global Options:
 top home search open messages active posts  
 

Home / Forums Index / Hardware and OS Related Technologies / Linux, Unix, and *nix like Operating Systems
rss feed

All trademarks and copyrights held by respective owners. Member comments are owned by the poster.
Home ¦ Free Tools ¦ Terms of Service ¦ Privacy Policy ¦ Report Problem ¦ About ¦ Library ¦ Newsletter
WebmasterWorld is a Developer Shed Community owned by Jim Boykin.
© Webmaster World 1996-2014 all rights reserved