[lug] Email spam

Wed Apr 24 15:15:00 MDT 2002

Hmm, well I have no idea what could be doing the "autoreply." This 
account is solely for apache and nothing else. At first I had www 
aliased to me so I would get the emails sent to that address, but I got 
tired of all the spam. So now the mail spool is just filling up over 
time. I wonder if I could just alias www to /dev/null in 
the /etc/aliases file, or something like that?

Justin

> It looks like you are set to autoreply to the messages sent to www at ...
> 
> So, the bounce reply comes because the autoreply mechanism can't find
> anyone to send the message to, so it is letting you know that your
> message back to the spammer failed.
> 
> That's what it looks like to me, whatever that's worth.
> 
> Hugh
> 
> 
> On Wed, 2002-04-24 at 10:15, Justin wrote:
> > I have been getting spam email in my www mailbox on my server for 
quite 
> > a while now. I have the from header being rejected by the mail 
server 
> > but I'm still getting messages in the www box. I don't know if 
> > something is configured wrong with my mail server or what is 
allowing 
> > someone to still do something like this. The emails come daily and 
are 
> > always exactly the same thing. Below is the actuall text for the 
email 
> > box from /var/spool/mail/www:
> > 
> > ++++
> > >From MAILER-DAEMON  Mon Apr 22 15:44:07 2002
> > Return-Path: <>
> > Delivered-To: www at jackmoves.com
> > Received: by oldschool.jackmoves.com (Postfix) via BOUNCE
> >         id C5D413D3E; Mon, 22 Apr 2002 15:44:07 -0600 (MDT)
> > Date: Mon, 22 Apr 2002 15:44:07 -0600 (MDT)
> > From: MAILER-DAEMON at jackmoves.com (Mail Delivery System)
> > Subject: Undelivered Mail Returned to Sender
> > To: www at jackmoves.com
> > MIME-Version: 1.0
> > Content-Type: multipart/report; report-type=delivery-status;
> >         boundary="B5E693D3D.1019511847/oldschool.jackmoves.com"
> > Message-Id: <20020422214407.C5D413D3E at oldschool.jackmoves.com>
> > 
> > This is a MIME-encapsulated message.
> > 
> > --B5E693D3D.1019511847/oldschool.jackmoves.com
> > Content-Description: Notification
> > Content-Type: text/plain
> > 
> > This is the Postfix program at host oldschool.jackmoves.com.
> > 
> > I'm sorry to have to inform you that the message returned
> > below could not be delivered to one or more destinations.
> > 
> > For further assistance, please send mail to <postmaster>
> > 
> > If you do so, please include this problem report. You can
> > delete your own text from the message returned below.
> > 
> >                         The Postfix program
> > 
> > <unknown>: Message processing aborted: No recipients specified
> > 
> > --B5E693D3D.1019511847/oldschool.jackmoves.com
> > Content-Description: Delivery error report
> > Content-Type: message/delivery-status
> > 
> > Reporting-MTA: dns; oldschool.jackmoves.com
> > Arrival-Date: Mon, 22 Apr 2002 15:44:07 -0600 (MDT)
> > 
> > Final-Recipient: rfc822; unknown
> > Action: failed
> > Status: 5.0.0
> > Diagnostic-Code: X-Postfix; Message processing aborted: No 
recipients 
> > specified
> > 
> > --B5E693D3D.1019511847/oldschool.jackmoves.com
> > Content-Description: Undelivered Message
> > Content-Type: message/rfc822
> > 
> > Received: by oldschool.jackmoves.com (Postfix, from userid 80)
> >         id B5E693D3D; Mon, 22 Apr 2002 15:44:07 -0600 (MDT)
> > To: 
> > From: BritneySpears at hollywood.net
> > Reply-To: BritneySpears at hollywood.net
> > Subject: new site feedback
> > Message-Id: <20020422214407.B5E693D3D at oldschool.jackmoves.com>
> > Date: Mon, 22 Apr 2002 15:44:07 -0600 (MDT)
> > 
> > Whatup, foo.  Somebody said something about your site.
> > --B5E693D3D.1019511847/oldschool.jackmoves.com--
> > ++++
> > 
> > I'm not sure why the bounce message comes first? 
> > 
> > And here is what was in my /var/log/maillog for the same time frame:
> > 
> > ++++
> > Apr 22 15:44:07 oldschool postfix/cleanup[24411]: B5E693D3D: 
reject: 
> > header From: 
> > BritneySpears at hollywood.net; from=<www at jackmoves.com> to=<unknown>
> > ++++
> > 
> > I have a feeling something is not right with my mail server. I'm 
> > running Postfix and other than this everything is fine. Can anyone 
shed 
> > some light on this? TIA.
> > 
> > Justin
> 
> 
> _______________________________________________
> Web Page:  http://lug.boulder.co.us
> Mailing List: http://lists.lug.boulder.co.us/mailman/listinfo/lug
> Join us on IRC: lug.boulder.co.us port=6667 channel=#colug
> 
> 

-----
glow at jackmoves.com
www.jackmoves.com