Welcome to WebmasterWorld Guest from 23.22.46.195

Forum Moderators: bakedjake

possible spam issue

is this a problem and if so how do I stop it?

   
8:17 am on Jun 5, 2008 (gmt 0)

10+ Year Member



Hi,

I have a straight forward LAMP server with sendmail. The server is not configured as an open relay so it can't be used for spam in that way. But I've been getting a number of returned emails from a valid user account which are spam.
I control that user account so I know no emails are being sent out legitimately, is it just a spammer using the email address as a spoof sender or is the mail going through my server in some way?

8:57 am on Jun 5, 2008 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member



Hi,

You can get 'backscatter' when a SPAMmer's outbound mails fraudulently (mis)use your legit address but pass nowhere near your machines.

Sometimes this is used specifically to make people angry with you or to DoS your mail system.

One way to reduce this is to set up something like SPF so that fewer remote mail servers will accept the mails being sent in your name because those servers will be able to tell that the mails are bogus/fraudulent. SPF only requires a single additional text record in the DNS info for your mail domain.

Rgds

Damon

[edited by: DamonHD at 8:58 am (utc) on June 5, 2008]

9:38 am on Jun 5, 2008 (gmt 0)

10+ Year Member



Hi Damon,

Thanks for your reply, the problem (I think) with setting up an spf record is that in general mail is not generated on the server (ie users don't use a webmail package) they use client based (ie outlook) however the server does generate email for this address when sending out confirmations and the like, so for the spf it does have to allow mail from the server (albeit limited and automatically generated) but it then has to allow mail from an unspecifiable number of isps... does this make sense?

Quick update ... I've just tried generating an spf for this domain because I'm the only one that would use the email. If it works then it will be great, if it doesn't then I'll be the only one affected.

12:17 pm on Jun 6, 2008 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member



In order for SPF to work, all of your users need to use your server for sending mail. If you set up SMTP authentication, then they can do so from any IP.
8:52 am on Jun 20, 2008 (gmt 0)

10+ Year Member



I still seem to have an ongoing problem, I've checked the server via abuse.net and it all came back relay denied.

But this morning I had this in my logwatch ouptut :

Top relays (recipients/connections - min 10 rcpts, max 50 lines):
32/32: localhost.localdomain [127.0.0.1]
30/30: apache@localhost

19/19: mailgate2.arcor-ip.de [145.253.2.48]

I could legitmately expect the top two (although given that the server only sent out 10 messages as apache that still confuses me) but the .de shouldn't be there.

Below is one of the email pairs associated with that relay.

Jun 19 16:36:09 #*$!#*$!x1 sendmail[28057]: m5JFa98w028057: from=<>, size=7988, class=0, nrcpts=1, msgid=<20080619153601.6AB64F0D681@mailgate1.adm.arcor.net>, proto=ESMTP, daemon=MTA, relay=mailgate2.arcor-ip.de [145.253.2.48]
Jun 19 16:36:12 #*$!#*$!x1 sendmail[28058]: m5JFa98w028057: to=<enquire@#*$!#*$!#*$!#*$!.co.uk>, delay=00:00:03, xdelay=00:00:03, mailer=local, pri=38213, dsn=2.0.0, stat=Sent

Can someone help me understand this please.

 

Featured Threads

My Threads

Hot Threads This Week

Hot Threads This Month