> So far I've seen two messages sent through the list server, both of which
> would have been stopped if the server was configured to reject mail
> without Sender/From fields.
Correct. We have a spam filter in place. It successfully blocks
several spam messages sent to the list each day. Unfortunately this
filter is not managing to block spams that don't include a From
address. Messages without a From address are getting a From address
added that make it look like they came from the list, and are then being
allowed through by the filter.
I need to look into this and try and fix it.
> Slight correction, it originated with adsl-209-233-24-120.dsl.pacbell.net,
> a dialup connection, with the rest of the headers faked, so it's actually
> (in this case) the first of the received lines that are the correct one.
No. adsl-209-233-24-120.dsl.pacbell.net is simply another name for
mailhost.base.com, the machine hosting the mailing list. It is also not
a dialup, but instead a permanent ADSL line.
Checking my sendmail logs I can confirm the spam orginally came from
192.90.127.17. www.bull.net. Since Bull is a respected company, either
someone broke into their system, or bull doesn't have mail relaying
disabled, and someone is simply relaying via there.
Sendmail log:
Mar 16 21:52:01 acid sendmail[12992]: VAA12992: from=<>, size=2847,
class=0, pri
=32847, nrcpts=1, msgid=<[EMAIL PROTECTED]>,
proto=ESMTP, rel
ay=www.bull.net [192.90.127.17]
regards,
gordoni (list admin)
________________________________________________________________
Unsubscribe & list info -- http://www.scruz.net/~luke/signup.htm
