[lug] Email spam

Hugh Brown hugh at vecna.com
Wed Apr 24 15:39:42 MDT 2002 

It should be possible to give a no such user reply.

In sendmail, you could try putting this in your /etc/mail/virtusertable


www at jackmoves.com	error:nouser No such user at jackmoves.com


Hugh


On Wed, 2002-04-24 at 17:15, Justin wrote:
> Hmm, well I have no idea what could be doing the "autoreply." This 
> account is solely for apache and nothing else. At first I had www 
> aliased to me so I would get the emails sent to that address, but I got 
> tired of all the spam. So now the mail spool is just filling up over 
> time. I wonder if I could just alias www to /dev/null in 
> the /etc/aliases file, or something like that?
> 
> Justin
> 
> > It looks like you are set to autoreply to the messages sent to www at ...
> > 
> > So, the bounce reply comes because the autoreply mechanism can't find
> > anyone to send the message to, so it is letting you know that your
> > message back to the spammer failed.
> > 
> > That's what it looks like to me, whatever that's worth.
> > 
> > Hugh
> > 
> > 
> > On Wed, 2002-04-24 at 10:15, Justin wrote:
> > > I have been getting spam email in my www mailbox on my server for 
> quite 
> > > a while now. I have the from header being rejected by the mail 
> server 
> > > but I'm still getting messages in the www box. I don't know if 
> > > something is configured wrong with my mail server or what is 
> allowing 
> > > someone to still do something like this. The emails come daily and 
> are 
> > > always exactly the same thing. Below is the actuall text for the 
> email 
> > > box from /var/spool/mail/www:
> > > 
> > > ++++
> > > >From MAILER-DAEMON  Mon Apr 22 15:44:07 2002
> > > Return-Path: <>
> > > Delivered-To: www at jackmoves.com
> > > Received: by oldschool.jackmoves.com (Postfix) via BOUNCE
> > >         id C5D413D3E; Mon, 22 Apr 2002 15:44:07 -0600 (MDT)
> > > Date: Mon, 22 Apr 2002 15:44:07 -0600 (MDT)
> > > From: MAILER-DAEMON at jackmoves.com (Mail Delivery System)
> > > Subject: Undelivered Mail Returned to Sender
> > > To: www at jackmoves.com
> > > MIME-Version: 1.0
> > > Content-Type: multipart/report; report-type=delivery-status;
> > >         boundary="B5E693D3D.1019511847/oldschool.jackmoves.com"
> > > Message-Id: <20020422214407.C5D413D3E at oldschool.jackmoves.com>
> > > 
> > > This is a MIME-encapsulated message.
> > > 
> > > --B5E693D3D.1019511847/oldschool.jackmoves.com
> > > Content-Description: Notification
> > > Content-Type: text/plain
> > > 
> > > This is the Postfix program at host oldschool.jackmoves.com.
> > > 
> > > I'm sorry to have to inform you that the message returned
> > > below could not be delivered to one or more destinations.
> > > 
> > > For further assistance, please send mail to <postmaster>
> > > 
> > > If you do so, please include this problem report. You can
> > > delete your own text from the message returned below.
> > > 
> > >                         The Postfix program
> > > 
> > > <unknown>: Message processing aborted: No recipients specified
> > > 
> > > --B5E693D3D.1019511847/oldschool.jackmoves.com
> > > Content-Description: Delivery error report
> > > Content-Type: message/delivery-status
> > > 
> > > Reporting-MTA: dns; oldschool.jackmoves.com
> > > Arrival-Date: Mon, 22 Apr 2002 15:44:07 -0600 (MDT)
> > > 
> > > Final-Recipient: rfc822; unknown
> > > Action: failed
> > > Status: 5.0.0
> > > Diagnostic-Code: X-Postfix; Message processing aborted: No 
> recipients 
> > > specified
> > > 
> > > --B5E693D3D.1019511847/oldschool.jackmoves.com
> > > Content-Description: Undelivered Message
> > > Content-Type: message/rfc822
> > > 
> > > Received: by oldschool.jackmoves.com (Postfix, from userid 80)
> > >         id B5E693D3D; Mon, 22 Apr 2002 15:44:07 -0600 (MDT)
> > > To: 
> > > From: BritneySpears at hollywood.net
> > > Reply-To: BritneySpears at hollywood.net
> > > Subject: new site feedback
> > > Message-Id: <20020422214407.B5E693D3D at oldschool.jackmoves.com>
> > > Date: Mon, 22 Apr 2002 15:44:07 -0600 (MDT)
> > > 
> > > Whatup, foo.  Somebody said something about your site.
> > > --B5E693D3D.1019511847/oldschool.jackmoves.com--
> > > ++++
> > > 
> > > I'm not sure why the bounce message comes first? 
> > > 
> > > And here is what was in my /var/log/maillog for the same time frame:
> > > 
> > > ++++
> > > Apr 22 15:44:07 oldschool postfix/cleanup[24411]: B5E693D3D: 
> reject: 
> > > header From: 
> > > BritneySpears at hollywood.net; from=<www at jackmoves.com> to=<unknown>
> > > ++++
> > > 
> > > I have a feeling something is not right with my mail server. I'm 
> > > running Postfix and other than this everything is fine. Can anyone 
> shed 
> > > some light on this? TIA.
> > > 
> > > Justin
> > 
> > 
> > _______________________________________________
> > Web Page:  http://lug.boulder.co.us
> > Mailing List: http://lists.lug.boulder.co.us/mailman/listinfo/lug
> > Join us on IRC: lug.boulder.co.us port=6667 channel=#colug
> > 
> > 
> 
> -----
> glow at jackmoves.com
> www.jackmoves.com
> _______________________________________________
> Web Page:  http://lug.boulder.co.us
> Mailing List: http://lists.lug.boulder.co.us/mailman/listinfo/lug
> Join us on IRC: lug.boulder.co.us port=6667 channel=#colug
-- 
------------------------------------
System Administrator/Unix Consultant
hugh at vecna.com
Vecna Technologies, Inc
6525 Belcrest Rd, Suite 612
Hyattsville MD, 20782
301.864.7253
http://www.vecna.com
------------------------------------
Linux Professional Institute Certified - Level 1
Sair Linux and GNU Certified Administrator
AIX Certified Specialist - System Support
------------------------------------

More information about the LUG mailing list