Date: Fri, 6 Feb 1998 13:48:59 -0500 (EST) From: "John T. Farmer" <jfarmer@goldsword.com> To: dwoods@netgazer.com, isp@FreeBSD.ORG Cc: jfarmer@goldsword.com Subject: Re: spammer problem - help! Message-ID: <199802061848.NAA16112@sabre.goldsword.com>
next in thread | raw e-mail | index | archive | help
On Fri, 06 Feb 1998 09:36:33 -0600 "Darrin R. Woods" said: >I have had a problem over the last month or so of someone using our >mailer-daemon to send spam email to myself as well as users on our net. > >My sendmail is running on freebsd and I've applied all of the spammer >patches that I can find. I've even added the hostname in the spammer db >file but our system still accepts mail from him. > >How can I keep this guy and others from forging mail and making it look as >though it is coming from my mailer-daemon? > >Here is the header from one he sent to my email address yesterday: > >--------------------------------------------------------- >Return-Path: anitb@mail.t-1net.com >Received: from mail.t-1net.com (root@1Cust182.tnt2.stafford.tx.da.uu.net >[208.252.105.182]) by netgazer.net (8.8.5/8.7.3) with ESMTP id KAA03003 for ><dwoods@netgazer.com>; Thu, 5 Feb 1998 10:22:21 GMT >Date: Thu, 5 Feb 1998 09:41:31 -0600 >Message-Id: <199802051541.JAA02876@mail.t-1net.com> >From: MAILER-DAEMON@netgazer.net >Subject: Low Cost Advertising >X-UIDL: 6a53b1fd94536b2343668e60c04444de >---------------------------------------------------------- > > >Thanks, in advance, and yes I have sent email to abuse@uu.net. So have we. t-1net.com is a well-known spammer home. So far the only thing that I have thought to do is to explictly block all messages from "MAILER-DAEMON@goldsword.com" that are relayed or orginated at a non goldsword systems site. The problem with that is we are actively working with several clients to allow them to "out-source" system/net management to us. I really don't want to build a ruleset to allow that, but I suspect that I will have to. Another option, one that we are resisting at the moment, is to add the Hack kit (check out www.sendmail.org for usuful stuff) and start checking incoming domain names & IPs against entry's at Paul Vixie's "Black Hole List." John ------------------------------------------------------------------------- John T. Farmer Proprietor, GoldSword Systems jfarmer@goldsword.com Public Internet Access in East Tennessee dial-in (423)470-9953 for info, e-mail to info@goldsword.com Network Design, Internet Services & Servers, Consulting
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199802061848.NAA16112>