Welcome to WebmasterWorld Guest from 188.8.131.52
Forum Moderators: bakedjake
I have a straight forward LAMP server with sendmail. The server is not configured as an open relay so it can't be used for spam in that way. But I've been getting a number of returned emails from a valid user account which are spam.
I control that user account so I know no emails are being sent out legitimately, is it just a spammer using the email address as a spoof sender or is the mail going through my server in some way?
You can get 'backscatter' when a SPAMmer's outbound mails fraudulently (mis)use your legit address but pass nowhere near your machines.
Sometimes this is used specifically to make people angry with you or to DoS your mail system.
One way to reduce this is to set up something like SPF so that fewer remote mail servers will accept the mails being sent in your name because those servers will be able to tell that the mails are bogus/fraudulent. SPF only requires a single additional text record in the DNS info for your mail domain.
[edited by: DamonHD at 8:58 am (utc) on June 5, 2008]
Thanks for your reply, the problem (I think) with setting up an spf record is that in general mail is not generated on the server (ie users don't use a webmail package) they use client based (ie outlook) however the server does generate email for this address when sending out confirmations and the like, so for the spf it does have to allow mail from the server (albeit limited and automatically generated) but it then has to allow mail from an unspecifiable number of isps... does this make sense?
Quick update ... I've just tried generating an spf for this domain because I'm the only one that would use the email. If it works then it will be great, if it doesn't then I'll be the only one affected.
But this morning I had this in my logwatch ouptut :
Top relays (recipients/connections - min 10 rcpts, max 50 lines):
32/32: localhost.localdomain [127.0.0.1]
19/19: mailgate2.arcor-ip.de [184.108.40.206]
I could legitmately expect the top two (although given that the server only sent out 10 messages as apache that still confuses me) but the .de shouldn't be there.
Below is one of the email pairs associated with that relay.
Jun 19 16:36:09 #*$!#*$!x1 sendmail: m5JFa98w028057: from=<>, size=7988, class=0, nrcpts=1, msgid=<20080619153601.6AB64F0D681@mailgate1.adm.arcor.net>, proto=ESMTP, daemon=MTA, relay=mailgate2.arcor-ip.de [220.127.116.11]
Jun 19 16:36:12 #*$!#*$!x1 sendmail: m5JFa98w028057: to=<enquire@#*$!#*$!#*$!#*$!.co.uk>, delay=00:00:03, xdelay=00:00:03, mailer=local, pri=38213, dsn=2.0.0, stat=Sent
Can someone help me understand this please.