Date: Tue, 25 Apr 2000 09:56:01 -0700 (PDT) From: David Babler <root@Rigel.orionsys.com> To: dima@mmc.net.ge Cc: freebsd-security@FreeBSD.ORG Subject: Re: SPAM Problem!! Message-ID: <Pine.BSF.4.21.0004250948090.2061-100000@Rigel.orionsys.com> In-Reply-To: <390567C0.AD1ADC3E@mmc.net.ge>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, 25 Apr 2000 dima@mmc.net.ge wrote:
> Someone, claiming to be my mail user (different usernames), sends spam
> mails to the internet.
> I have recieved a lot of messages from admins and postmasters of
> different servers.
> At the same time I have the following in my mail log, look below.
> What shall I do to find this spamer, or how can I protect my domain
> reputation.
The log entries are bounces ("from=<>"), which are coming to you because,
as you said, some spammer is forging addresses in your domain as the
envelope sender and/or "from" address. I'd contact the postmasters of the
systems sending you bounces or complaints to see if they can send you
complete copies (or sendmail logs) of the spam they are bouncing. Using
that, you may be able to track down the spammer (only if you can get at
least one message with complete headers). If the bounces continue to
arrive from the forged addresses (like "polaris1050racer@mmc.net.ge"),
define an alias for these phony addresses so you can receive one or two so
you can examine them.
Good luck.
-Dave
> ------
> Apr 25 13:21:07 nic sendmail[24796]: NAA24796:
> <polaris1050racer@mmc.net.ge>... User unknown
> Apr 25 13:21:08 nic sendmail[24796]: NAA24796: from=<>, size=8645,
> class=0, pri=0, nrcpts=0, proto=ESMTP, relay=lisa.ionsys.com
> [206.49.34.7]
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.21.0004250948090.2061-100000>