From owner-freebsd-security Tue Apr 25 9:56:28 2000 Delivered-To: freebsd-security@freebsd.org Received: from Rigel.orionsys.com (rigel.orionsys.com [205.148.224.9]) by hub.freebsd.org (Postfix) with ESMTP id EE30337BFFF for ; Tue, 25 Apr 2000 09:56:20 -0700 (PDT) (envelope-from root@Rigel.orionsys.com) Received: from localhost (root@localhost) by Rigel.orionsys.com (8.9.3/8.9.3) with ESMTP id JAA45844; Tue, 25 Apr 2000 09:56:02 -0700 (PDT) (envelope-from root@Rigel.orionsys.com) X-Envelope-From: root@Rigel.orionsys.com X-Envelope-To: freebsd-security@FreeBSD.ORG X-Envelope-Host: freebsd.org. Date: Tue, 25 Apr 2000 09:56:01 -0700 (PDT) From: David Babler To: dima@mmc.net.ge Cc: freebsd-security@FreeBSD.ORG Subject: Re: SPAM Problem!! In-Reply-To: <390567C0.AD1ADC3E@mmc.net.ge> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Tue, 25 Apr 2000 dima@mmc.net.ge wrote: > Someone, claiming to be my mail user (different usernames), sends spam > mails to the internet. > I have recieved a lot of messages from admins and postmasters of > different servers. > At the same time I have the following in my mail log, look below. > What shall I do to find this spamer, or how can I protect my domain > reputation. The log entries are bounces ("from=<>"), which are coming to you because, as you said, some spammer is forging addresses in your domain as the envelope sender and/or "from" address. I'd contact the postmasters of the systems sending you bounces or complaints to see if they can send you complete copies (or sendmail logs) of the spam they are bouncing. Using that, you may be able to track down the spammer (only if you can get at least one message with complete headers). If the bounces continue to arrive from the forged addresses (like "polaris1050racer@mmc.net.ge"), define an alias for these phony addresses so you can receive one or two so you can examine them. Good luck. -Dave > ------ > Apr 25 13:21:07 nic sendmail[24796]: NAA24796: > ... User unknown > Apr 25 13:21:08 nic sendmail[24796]: NAA24796: from=<>, size=8645, > class=0, pri=0, nrcpts=0, proto=ESMTP, relay=lisa.ionsys.com > [206.49.34.7] To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message