Re: [IMail Forum] Possible SPAM relay attempt?

[Vaughn Thurman]

Could be SPAM, but could also be an error-report.  Null senders are used by many mail servers to report "user-not-found" etc...  this prevents mail loops as you can not reply to him at <> that you can not find the guy he is trying to report the error to.  Since you only relay for your own IP addresses, you should allow <> senders, and watch your logs for a few days.  Not allowing <> null senders does make your IMAIL implementation non-RFC compliant so unless you are getting SPAM from you legit users IP addresses this should be allowed.  IMHO. -V ----- Original Message ----- From: Ricardo Freire To: IMail List Sent: Tuesday, July 27, 1999 3:41 PM Subject: [IMail Forum] Possible SPAM relay attempt? Hi,   I'm not an expert in mail protocols, but I think it might be an attempt to use my SMTP server as relay for SPAM (the suspect IP/domain belongs to a small computer store). My SMTP is configured to relay only for my addresses, and to "refuse NULL senders" (as you can see below).   (...) 07:26 20:03 SMTPD(008700F6) [(my server)] connect XXX.XXX.XXX.XXX port 1993 07:26 20:03 SMTPD(008700F6) [XXX.XXX.XXX.XXX] EHLO suspect-domain.com.br 07:26 20:03 SMTPD(008700F6) [XXX.XXX.XXX.XXX] bogus address in MAIL FROM:<> 07:26 20:03 SMTPD(008800F6) [(my server)] connect XXX.XXX.XXX.XXX port 2024 07:26 20:03 SMTPD(008800F6) [XXX.XXX.XXX.XXX] EHLO suspect-domain.com.br 07:26 20:03 SMTPD(008800F6) [XXX.XXX.XXX.XXX] bogus address in MAIL FROM:<> (...)   Before I contact the suspect-domain administrator, could you please tell me if it is really a SPAM-relay attempt?   Cheers, Ricardo Freire, MCP