Joshua Kordani wrote:
Hello all! I have recently come across a few spams that I am trying
to block. The anatomy of the message probably isn't new to most of
you, but when I try to recreate the spoofed sections that I wish to
filter by hand over telnet, its clear that I am not understanding how
the messages are being built. Example to follow below:
note the from line is spoofed to be [email protected],
[email protected], [email protected]. Which appears to my
users as coming from a user in my domain. Id like to filter against
this, but when I go into telnet and try to make a mail with a from
field so deformed, my mail server spits back "I can break things too"
and quits my connection. How can I manually recreate this spoof so
that I can learn how to filter it out?
$ telnet mail.mydomain.com smtp
(rcv) 200 your mail server's banner
(snd) HELO whatever
(rcv) 250 your-server's-hostname
(snd) MAIL FROM: whatever
(rcv) 250 2.1.0 Ok
(snd) RCPT TO: your-testing-mailbox
(rcv) 250 2.1.5 Ok
(snd) DATA
(rcv) 354 End data with <CR><LF>.<CR><LF>
(snd) your messsage goes here.
(snd) end it with newline, dot, newline
(snd) .
(rcv) 250 2.0.0 Ok: queued as (something)
(snd) QUIT
(rcv) 221 2.0.0 Bye
Postfix will complain with "I can break things too" if you omit the DATA
command between your last RCPT TO: and the start of your message.
Don
