|
List Info
Thread: Spammer and dbmail
|
|
| Spammer and dbmail |
 
Austria |
2007-09-24 06:58:29 |
I've got such a SPAM:
Received: from ip101.dyn1.gkk.schedom-europe.net (unknown
[83.101.13.101])
by protegate5.zmi.at (Postfix) with ESMTP id 37ED547D
for <info krausse.de>; Sun, 23 Sep 2007 15:59:13
+0200 (CEST)
Received: from [83.101.13.101] by mailgate2.brunel.ac.uk; ,
23 Sep 2007
15:00:25 +0100
Message-ID: <01c7fdea$16f35990$650d65530adt98pad>
From: "Michel Nadeau"
To: <infokrausse.de>
Subject: RE: Thanks for taking our survey
As you can see, the "From" address does not
contain any e-mail address
nor domain, but the users sees this then:
From: Michel Nadeauzmi.at ()
"zmi.at" is the domain our server is running at,
so I'm not sure it's
not the fault of the e-mail program of our customer, or our
server.
Does anyone know how to prevent such an expansion? As this
is only the
message "From:" line, our spam filters don't care
about the content,
the envelope "From" is checked.
mfg zmi
--
// Michael Monnerie, Ing.BSc ----- http://it-management.at
// Tel: 0676/846 914 666
.network.your.ideas.
// PGP Key: "curl -s http://zmi.at/zmi.asc | gpg
--import"
// Fingerprint: EA39 8918 EDFF 0A68 ACFB 11B7 BA2D 060F
1C6F E6B0
// Keyserver: www.keyserver.net Key-ID:
1C6FE6B0
_______________________________________________
DBmail mailing list
DBmaildbmail.org
htt
ps://mailman.fastxs.nl/mailman/listinfo/dbmail
|
|
| RE: Spammer and dbmail |
 
Russian Federation |
2007-09-25 04:10:27 |
|
> From: michael.monnerieit-management.at
> To: dbmaildbmail.org
> Date: Mon, 24 Sep 2007 13:58:29 +0200
> Subject: [Dbmail] Spammer and dbmail
>;
> I've got such a SPAM:
>
> Received: from ip101.dyn1.gkk.schedom-europe.net (unknown
> [83.101.13.101])
> by protegate5.zmi.at (Postfix) with ESMTP id 37ED547D
> for <infokrausse.de>; Sun, 23 Sep 2007 15:59:13 +0200 (CEST)
>; Received: from [83.101.13.101] by mailgate2.brunel.ac.uk; , 23 Sep 2007
> 15:00:25 +0100
> Message-ID: <01c7fdea$16f35990$650d65530adt98pad>
> From: "Michel Nadeau"
> To: <infokrausse.de>
> Subject: RE: Thanks for taking our survey
>;
> As you can see, the "From" address does not contain any e-mail address
> nor domain, but the users sees this then:
> From: Michel Nadeauzmi.at ()
>
> "zmi.at" is the domain our server is running at, so I'm not sure it's
> not the fault of the e-mail program of our customer, or our server.
> Does anyone know how to prevent such an expansion? As this is only the
> message "From:" line, our spam filters don't care about the content,
> the envelope "From" is checked.
>
> mfg zmi
> --
> // Michael Monnerie, Ing.BSc ----- http://it-management.at
> // Tel: 0676/846 914 666 .network.your.ideas.
> // PGP Key: "curl -s http://zmi.at/zmi.asc | gpg --import"
> // Fingerprint: EA39 8918 EDFF 0A68 ACFB 11B7 BA2D 060F 1C6F E6B0
> // Keyserver: www.keyserver.net Key-ID: 1C6FE6B0
See pls http://www.gabacho-net.jp/en/anti-spam/anti-spam-system.html
The only method I know is a
1. protocol delay 20-35 s before obtaining mail (resources required) or
2. complitely reject mail
from host names like "ip101.dyn1.gkk.schedom-europe.net (unknown
[83.101.13.101])", if not AUTH.
Require SMTP AUTH from Your real clients.
I think, all *real* MX host *must* have reverse DNS name. Some hosts, where ;reverse FQDN corresponds to multiple IP addresses, may be whitelisted manualy.
Direct mail from private adsl, ppp, etc... hosts to many different MX is a preffered SPAM method now. Blacklists is not effect in this case. ;
Best regards
Vladimir
Explore the seven wonders of the world Learn more! |
| Re: Spammer and dbmail |
Austria |
2007-09-25 17:15:27 |
On Dienstag, 25. September 2007 11:10 Vladimir Likhachev
wrote:
> See pls http://www.gabacho-net.jp/en/anti-spam/anti-spam-sys
tem.html
> The only method I know is a
> 1. protocol delay 20-35 s before obtaining mail
(resources required)
> or 2. complitely reject mail
We use a combined delay (66s) + greylisting, see
http://k
2net.hakuba.jp/targrey/index.en.html
> from host names like
"ip101.dyn1.gkk.schedom-europe.net (unknown
> [83.101.13.101])", if not AUTH. Require SMTP AUTH
from Your real
> clients.
>
> I think, all *real* MX host *must* have reverse DNS
name. Some hosts,
> where reverse FQDN corresponds to multiple IP
addresses, may be
> whitelisted manualy.
We do NOT accept e-mail from hosts without reverse DNS.
> Direct mail from private adsl, ppp, etc... hosts to
many different MX
> is a preffered SPAM method now. Blacklists is not
effect in this
> case.
But my question was about the part of the e-mail
"From:" line containing
just the name, no e-mail address. It looks like some program
is puzzled
by that, and extends it with zmi.at. I'd like to know if
it's dbmail,
the MTA (postfix), or the MUA (Outlook) - any hints?
mfg zmi
--
// Michael Monnerie, Ing.BSc ----- http://it-management.at
// Tel: 0676/846 914 666
.network.your.ideas.
// PGP Key: "curl -s http://zmi.at/zmi.asc | gpg
--import"
// Fingerprint: EA39 8918 EDFF 0A68 ACFB 11B7 BA2D 060F
1C6F E6B0
// Keyserver: www.keyserver.net Key-ID:
1C6FE6B0
_______________________________________________
DBmail mailing list
DBmaildbmail.org
htt
ps://mailman.fastxs.nl/mailman/listinfo/dbmail
|
|
| Re: Spammer and dbmail |
 
Canada |
2007-09-25 17:23:07 |
On Tuesday 25 September 2007 15:15, Michael Monnerie
<michael.monnerieit-management.at> wrote:
> But my question was about the part of the e-mail
"From:" line
> containing just the name, no e-mail address. It looks
like some
> program is puzzled by that, and extends it with zmi.at.
I'd like to
> know if it's dbmail, the MTA (postfix), or the MUA
(Outlook) - any
> hints?
Probably postfix.
See remote_header_rewrite_domain and
local_header_rewrite_clients
parameters (I believe).
--
"Corruptissima republica, plurimae leges" (The
more corrupt the state,
the more laws.) - Tacitus
_______________________________________________
DBmail mailing list
DBmaildbmail.org
htt
ps://mailman.fastxs.nl/mailman/listinfo/dbmail
|
|
| Re: Spammer and dbmail |
Austria |
2007-09-25 17:54:16 |
On Mittwoch, 26. September 2007 00:23 Alan Hodgson wrote:
> Probably postfix.
> See remote_header_rewrite_domain and
local_header_rewrite_clients
> parameters (I believe).
http://www.postfix.org/postconf.5.html#remote
_header_rewrite_domain
http://www.postfix.org/postconf.5.html#local_
header_rewrite_clients
I've tried setting this now in main.cf:
local_header_rewrite_clients =
That should prevent any extension, we'll see...
mfg zmi
--
// Michael Monnerie, Ing.BSc ----- http://it-management.at
// Tel: 0676/846 914 666
.network.your.ideas.
// PGP Key: "curl -s http://zmi.at/zmi.asc | gpg
--import"
// Fingerprint: EA39 8918 EDFF 0A68 ACFB 11B7 BA2D 060F
1C6F E6B0
// Keyserver: www.keyserver.net Key-ID:
1C6FE6B0
_______________________________________________
DBmail mailing list
DBmaildbmail.org
htt
ps://mailman.fastxs.nl/mailman/listinfo/dbmail
|
|
| Re: Spammer and dbmail |
Austria |
2007-09-26 06:02:48 |
On Mittwoch, 26. September 2007 08:54 Paul J Stevens wrote:
> So, clearly the expansion did *not* occur in postfix,
but rather in
> the mailclient.
Shitty Outlook... thanks for the analyzation. So there's
nothing I can
do about it?
mfg zmi
--
// Michael Monnerie, Ing.BSc ----- http://it-management.at
// Tel: 0676/846 914 666
.network.your.ideas.
// PGP Key: "curl -s http://zmi.at/zmi.asc | gpg
--import"
// Fingerprint: EA39 8918 EDFF 0A68 ACFB 11B7 BA2D 060F
1C6F E6B0
// Keyserver: www.keyserver.net Key-ID:
1C6FE6B0
_______________________________________________
DBmail mailing list
DBmaildbmail.org
htt
ps://mailman.fastxs.nl/mailman/listinfo/dbmail
|
|
| RE: Spammer and dbmail |
Russian Federation |
2007-09-26 23:55:02 |
|
> From: michael.monnerieit-management.at
> To: dbmaildbmail.org
> Subject: Re: [Dbmail] Spammer and dbmail
>; Date: Wed, 26 Sep 2007 13:02:48 +0200
>
> On Mittwoch, 26. September 2007 08:54 Paul J Stevens wrote:
>; > So, clearly the expansion did *not* occur in postfix, but rather in
> > the mailclient.
>
> Shitty Outlook... thanks for the analyzation. So there's nothing I can
> do about it?
Not only Outlook... :(
Your "mail polisy" now (at whole, as I think):
Get and deliver mail from anywhere to registered mail addresses.
Drop mail from spammer MX-es or networks (blacklist).
Send mail from registered mail addresses (??) to anywhere.
Drop other mail.
To stop such spam, it must be
Get and deliver mail from smtp auth (Your) clients from any host to anywhere.
Get and deliver mail from well-known hosts without reverse FQDN (aol.com, gmail.com, etc... - put it's IP addrs into whitelist) to registered addresses.
Drop mail from spammer MX-es ;(blacklist).
Get and deliver mail from hosts with *good* reverse FQDN to registered addresses. "Good FQDN" is not auto names like 11-222-33-44.adsl.provider.net - details in http://www.gabacho-net.jp/en/anti-spam/anti-spam-system.html
(maybe) Greylist other mail or protocol wait. ;
(best choise) Drop other mail.
Main idea is to drop direct mail sent from any host (without reverse FQDN or with auto reverse FQDN) to Your registered mail addresses *directly* by Your MX.
>
> mfg zmi
> --
> // Michael Monnerie, Ing.BSc ----- http://it-management.at
> // Tel: 0676/846 914 666 .network.your.ideas.
> // PGP Key: "curl -s http://zmi.at/zmi.asc | gpg --import"
> // Fingerprint: EA39 8918 EDFF 0A68 ACFB 11B7 BA2D 060F 1C6F E6B0
> // Keyserver: www.keyserver.net Key-ID: 1C6FE6B0
Discover the new Windows Vista Learn more! |
| Re: Spammer and dbmail |
Austria |
2007-09-27 02:11:52 |
On Donnerstag, 27. September 2007 06:55 Vladimir Likhachev
wrote:
> Get and deliver mail from well-known hosts without
reverse FQDN
> (aol.com, gmail.com, etc... - put it's IP addrs into
whitelist) to
> registered addresses.
I don't believe aol or gmail have SMTP servers without Rev.
DNS.
> Get and deliver mail from hosts with *good* reverse
FQDN to
> registered addresses. "Good FQDN" is not auto
names like
> 11-222-33-44.adsl.provider.net - details in
> http://www.gabacho-net.jp/en/anti-spam/anti-spam-sys
tem.html
Yes, I heard of S25R, but it has a high FP rate, leading to
"about 1000
whitelist entries" needed. Quite a lot of manual work.
I prefer
automatic filters. We have a self developed zombielisting to
defend
against non SMTP servers, which works quite well.
But that's all nothing about dbmail, therefore OT, and I'll
stop here.
mfg zmi
--
// Michael Monnerie, Ing.BSc ----- http://it-management.at
// Tel: 0676/846 914 666
.network.your.ideas.
// PGP Key: "curl -s http://zmi.at/zmi.asc | gpg
--import"
// Fingerprint: EA39 8918 EDFF 0A68 ACFB 11B7 BA2D 060F
1C6F E6B0
// Keyserver: www.keyserver.net Key-ID:
1C6FE6B0
_______________________________________________
DBmail mailing list
DBmaildbmail.org
htt
ps://mailman.fastxs.nl/mailman/listinfo/dbmail
|
|
| Re: Spammer and dbmail |
|
2007-09-27 05:55:14 |
Hi,
here i would suggest using Greylisting policy for all
incoming mail.
Here's the explanation of how it works:
http://pro
jects.puremagic.com/greylisting/
And here's Postgrey, Greylisting policy server for Postfix:
http://postgrey.schwei
kert.ch/
It really prevents most of the (I mean more than 95% maybe)
spam.
Currently I don't have any anti-spam solution on my servers
except
postgrey.
regards,
Kerem HADIMLI
On 9/27/07, Vladimir Likhachev <vlikhachevhotmail.com> wrote:
>
>
>
>
>
>
> ________________________________
>
> > From: michael.monnerieit-management.at
> > To: dbmaildbmail.org
> > Subject: Re: [Dbmail] Spammer and dbmail
> > Date: Wed, 26 Sep 2007 13:02:48 +0200
> >
> > On Mittwoch, 26. September 2007 08:54 Paul J
Stevens wrote:
> > > So, clearly the expansion did *not* occur in
postfix, but rather in
> > > the mailclient.
> >
> > Shitty Outlook... thanks for the analyzation. So
there's nothing I can
> > do about it?
> Not only Outlook... :(
> Your "mail polisy" now (at whole, as I
think):
> Get and deliver mail from anywhere to registered mail
addresses.
> Drop mail from spammer MX-es or networks (blacklist).
> Send mail from registered mail addresses (??) to
anywhere.
> Drop other mail.
>
> To stop such spam, it must be
> Get and deliver mail from smtp auth (Your) clients
from any host to
> anywhere.
> Get and deliver mail from well-known hosts without
reverse FQDN (aol.com,
> gmail.com, etc... - put it's IP addrs into whitelist)
to registered
> addresses.
> Drop mail from spammer MX-es (blacklist).
> Get and deliver mail from hosts with *good* reverse
FQDN to registered
> addresses. "Good FQDN" is not auto names like
11-222-33-44.adsl.provider.net
> - details in
> http://www.gabacho-net.jp/en/anti-spam/anti-spam-sys
tem.html
> (maybe) Greylist other mail or protocol wait.
> (best choise) Drop other mail.
>
> Main idea is to drop direct mail sent from any host
(without reverse FQDN
> or with auto reverse FQDN) to Your registered mail
addresses *directly* by
> Your MX.
>
> >
> > mfg zmi
> > --
> > // Michael Monnerie, Ing.BSc ----- http://it-management.at
> > // Tel: 0676/846 914 666 .network.your.ideas.
> > // PGP Key: "curl -s http://zmi.at/zmi.asc | gpg
--import"
> > // Fingerprint: EA39 8918 EDFF 0A68 ACFB 11B7 BA2D
060F 1C6F E6B0
> > // Keyserver: www.keyserver.net Key-ID: 1C6FE6B0
>
>
> ________________________________
> Discover the new Windows Vista Learn more!
> _______________________________________________
> DBmail mailing list
> DBmaildbmail.org
> htt
ps://mailman.fastxs.nl/mailman/listinfo/dbmail
>
>
_______________________________________________
DBmail mailing list
DBmaildbmail.org
htt
ps://mailman.fastxs.nl/mailman/listinfo/dbmail
|
|
| Re: Spammer and dbmail |
 
Belgium |
2007-09-27 07:20:58 |
If you want to use greylisting I recommend SQLgrey. This
Postfix
policy server works with SQLite, MySQL and PostgreSQL.
It auto-whitelists but also keeps the whitelist lean. I.e.
whitelist
entries that haven't come back in x time (1 month for
example) will
be removed again.
And you have OPTIN/OPTOUT support per domain/email accounts.
Handy
for ISP's and such.
See http://sqlgrey.source
forge.net/ for more info.
Hope this helps.
Regards,
Robert
On 27-sep-2007, at 12:55, Kerem Hadimli wrote:
> Hi,
> here i would suggest using Greylisting policy for all
incoming mail.
>
> Here's the explanation of how it works:
> http://pro
jects.puremagic.com/greylisting/
>
> And here's Postgrey, Greylisting policy server for
Postfix:
> http://postgrey.schwei
kert.ch/
>
> It really prevents most of the (I mean more than 95%
maybe) spam.
> Currently I don't have any anti-spam solution on my
servers except
> postgrey.
>
> regards,
> Kerem HADIMLI
>
_______________________________________________
DBmail mailing list
DBmaildbmail.org
htt
ps://mailman.fastxs.nl/mailman/listinfo/dbmail
|
|
|
|