Hi Lately I see more and more "<>" coming in and getting through, in some cases they are proper return receipts.
Further, some of those spammers actually RESEND after the first rejection of the grey-milter, waiting sometimes 20mins between resends beating my grey-milter setup. Now I have TWO email addresses, jhs(business) and jobst(mailinglists) and in the mail below the envelope FROM <> ends being replaced by jhs, REALLY strange! The log below are from my gateway, just redirecting emails as need be (to internal machines). I filter all email with mime defang and I block ANYTHING coming with an ENVELOPE FROM from our domain, no exception. This one has gotten through, although the "From: [email protected]" is within the email but does not exist. BTW, I searched in every log on every machine for "linda" and for "soheart" etc, but this is the only one. Besides the internal servers all have a "sendmail smarthost (the gateway)" setup so they are pretty dumm. How can I make sure I stop EMPTY envelope addresses but don't kill return receipts? This thingos produce following header: !!! From [email protected] Tue Aug 31 01:10:32 2010 Return-Path: <[email protected]> Received: from mail.MYDOMAIN.com.au (internmail.MYDOMAIN.com.au [192.168.1.1]) by internmail.MYDOMAIN.com.au (8.13.8/8.14.1) with ESMTP id o7UFAdCw026283 for <[email protected]>; Tue, 31 Aug 2010 01:10:39 +1000 Received: from mail.soheart.com (mail.MYDOMAIN.com.au [150.101.215.42]) by mail.MYDOMAIN.com.au (8.13.8/8.13.8) with ESMTP id o7UFAWs9031632 for <[email protected]>; Tue, 31 Aug 2010 01:10:38 +1000 Date: Tue, 31 Aug 2010 01:10:32 +1000 Message-Id: <[email protected]> Received: from host30-148-dynamic.54-79-r.retail.telecomitalia.it (host30-148-dynamic.54-79-r.retail.telecomitalia.it [79.54.148.30]) by mail.soheart.com with SMTP; Mon, 30 Aug 2010 10:56:35 -0400 !!! From: [email protected] To: [email protected] Subject: Have as much lenghth as you dream! X-Greylist: Delayed for 00:15:09 by milter-greylist-3.0a1 (mail.MYDOMAIN.com.au [150.101.215.42]); Tue, 31 Aug 2010 01:10:39 +1000 (EST) X-Scanned-By: MIMEDefang 2.63 on 150.101.215.42 Looking at the maillog this is what I see: Aug 31 01:10:32 mail sendmail[31632]: o7UFAWs9031632: Milter (greylist): init success to negotiate Aug 31 01:10:32 mail sendmail[31632]: o7UFAWs9031632: Milter (mimedefang): init success to negotiate Aug 31 01:10:32 mail sendmail[31632]: o7UFAWs9031632: Milter (clamav): init success to negotiate Aug 31 01:10:32 mail sendmail[31632]: o7UFAWs9031632: Milter: connect to filters Aug 31 01:10:32 mail mimedefang.pl[32400]: filter relay : <64.88.187.126> <mail.soheart.com> <> Aug 31 01:10:32 mail mimedefang.pl[32400]: filter relay : <64.88.187.126> <mail.soheart.com> <> Continue checking ..... Aug 31 01:10:38 mail mimedefang.pl[10335]: filter sender : <>, 64.88.187.126, mail.soheart.com, mail.soheart.com Aug 31 01:10:38 mail mimedefang.pl[10335]: filter sender : 64.88.187.126 NOT DOMAIN based, <> IS NOT external domain based, continue checking .... Aug 31 01:10:38 mail milter-greylist: o7UFAWs9031632: addr 64.88.187.126 from <> rcpt <[email protected]>: autowhitelisted for 720:00:00 Aug 31 01:10:38 mail mimedefang.pl[10335]: filter recipient: <[email protected]>, <>, 64.88.187.126, mail.soheart.com, <[email protected]>, mail.soheart.com, ?, ?, ? Aug 31 01:10:39 mail sendmail[31632]: o7UFAWs9031632: from=<>, size=385, class=0, nrcpts=1, msgid=<[email protected]>, proto=ESMTP, daemon=MTA, relay=mail.soheart.com [64.88.187.126] Aug 31 01:10:39 mail sendmail[31632]: o7UFAWs9031632: Milter add: header: X-Greylist: Delayed for 00:15:09 by milter-greylist-3.0a1 (mail.MYDOMAIN.com.au [150.101.215.42]); Tue, 31 Aug 2010 01:10:39 +1000 (EST) Aug 31 01:10:39 mail mimedefang.pl[10335]: filter main : 64.88.187.126 NOT DOMAIN based -> continue checking .. Aug 31 01:10:39 mail mimedefang.pl[10335]: MDLOG,o7UFAWs9031632,mail_in,,,<>,<[email protected]>,Have as much lenghth as you dream! Aug 31 01:10:39 mail sendmail[31632]: o7UFAWs9031632: Milter add: header: X-Scanned-By: MIMEDefang 2.63 on 150.101.215.42 Aug 31 01:10:39 mail sendmail[31632]: o7UFAWs9031632: Milter accept: message Aug 31 01:10:39 mail sendmail[31638]: o7UFAWs9031632: [email protected], delay=00:00:01, xdelay=00:00:00, mailer=esmtp, pri=30882, relay=internmail.MYDOMAIN.com.au. [192.168.0.1], dsn=2.0.0, stat=Sent (o7UFAdCw026283 Message accepted for delivery) -- Road to hell is paved with NAND gates. | |0| | Jobst Schmalenbach | | |0| Barrett Consulting Group P/L & The Meditation Room P/L |0|0|0| +61 3 9532 7677, POBox 277, Caulfield South, 3162, Australia _______________________________________________ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list [email protected] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
