>I'm getting a bunch of returned email, with FROM addresses of the original
>email various @yahoo.com addresses, and the original TO addresses all
>@aol.com addresses, obviously somebody is hihacking my server.
Not that obvious.
If you are getting the bounce messages, then your E-mail address was used
in the "MAIL FROM" in the SMTP envelope. They may or may not have used
your server.
>How do I get it stopped before I get my IP's banned?
It is impossible to prevent them from using a fake return address at your
domain, just as it is impossible to prevent someone from putting your
physical address as the return address on an envelope sent via regular mail.
>I have set IMAIL SMTP Security Relay settings to "Relay for local hosts
>only".
Then spammers can send mail through your server -- you must use "No mail
relay" or "Relay for Addresses". Otherwise, spammers can pretend to have
accounts on your domain, and easily send mail.
>What I want to do is allow about 40 hosted domain accounts to send
>email. They all have their own dialup/whatever accounts so I thought it
>best to verify their FROM address.
Ah, but then spammers can use the same FROM address, no?
>Here is a message from aol with the returned spam, these will come from
>different FROMs:
>
>Reporting-MTA: dns; rly-zd02.mail.aol.com
>Arrival-Date: Thu, 18 Oct 2001 14:13:05 -0400 (EDT)
>
>Final-Recipient: RFC822; [EMAIL PROTECTED]
>Action: failed
>Status: 2.0.0
>Remote-MTA: DNS; air-zd01.mail.aol.com
>Diagnostic-Code: SMTP; 250 OK
>Last-Attempt-Date: Thu, 18 Oct 2001 14:13:26 -0400 (EDT)
Unfortunately, this doesn't provide any useful information. It shows the
address the E-mail was (likely) sent to, but it doesn't have the headers of
the original E-mail.
-Scott
---
Declude: Anti-virus, Anti-spam and Anti-hijacking solutions for
IMail. http://www.declude.com
Please visit http://www.ipswitch.com/support/mailing-lists.html
to be removed from this list.
An Archive of this list is available at:
http://www.mail-archive.com/imail_forum%40list.ipswitch.com/
