I've always had Verify Return Paths checked on ... so no problem there.
Msgs are still coming in (one a day) and I'm just puzzled by how they're getting through. Here are the headers from one such msg:
Return-Path: [EMAIL PROTECTED]
Received: from [67.60.19.41] (HELO localhost) by king-dom.org (Stalker SMTP Server 1.8b8) with SMTP id S.0000019149 for <[EMAIL PROTECTED]>; Sun, 28 Sep 2003 12:13:52 -0400
From: [EMAIL PROTECTED]
To: xxxxx <[EMAIL PROTECTED]>
Reply-To: [EMAIL PROTECTED]
X-Mailer: The Bat! (v1.61)
X-Priority: 2 (High)
Subject: your account daoddvwd
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="----------79D252750005547"
Date: Sun, 28 Sep 2003 12:14:25 -0400
------------79D252750005547
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Hello there,
I would like to inform you about important information regarding your
email address. This email address will be expiring.
Please read attachment for details.
---
Best regards, Administrator
daoddvwd
------------79D252750005547
Content-Type: application/x-zip-compressed; name="message.zip"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="message.zip"
The IP number above belongs to my local cable/internet provider (my SIMS runs on my home network as an experiment and for my parents and kids to use email).
Here's what my log shows:
21:10:18 2 SMTP-993([67.60.19.41]) {S.0000019207} received, 32484 bytes
21:10:18 5 SYSTEM Scanning {S.0000019207}
21:10:18 5 SYSTEM Line Read: P I 02-10-2003 01:08:27 0000 king-dom.org admin
21:10:18 5 SYSTEM Line Read: R W 02-10-2003 01:08:30 0000 king-dom.org xxxxx
21:10:18 5 SYSTEM Line Read:
21:10:18 5 SYSTEM Line Read: Received: from [67.60.19.41] (HELO localhost) by king-dom.org (Stalker SMTP Server 1.8b8) with SMTP id S.0000019207 for <[EMAIL PROTECTED]>; Wed, 01 Oct 2003 21:08:34 -0400
21:10:18 5 SYSTEM Line Read: From: [EMAIL PROTECTED]
21:10:18 5 SYSTEM Line Read: To: xxxxx <[EMAIL PROTECTED]>
21:10:18 5 SYSTEM Line Read: Reply-To: [EMAIL PROTECTED]
21:10:18 5 SYSTEM Line Read: X-Mailer: The Bat! (v1.61)
21:10:18 5 SYSTEM Line Read: X-Priority: 2 (High)
21:10:18 5 SYSTEM Line Read: Subject: your account scesiiii
21:10:18 5 SYSTEM Line Read: MIME-Version: 1.0
21:10:18 5 SYSTEM Line Read: Content-Type: multipart/mixed; boundary="----------44F672B10089128"
21:10:18 5 SYSTEM Line Read:
21:10:18 2 SYSTEM [S.0000019207] S.0000019207 0+1 From:[EMAIL PROTECTED]
21:10:18 4 SYSTEM [S.0000019207] submitted
21:10:18 5 SYSTEM delivering to local accounts
21:10:19 5 SYSTEM [S.0000019207] OSOpen refNum=8274
21:10:19 5 SYSTEM [S.0000019207] reading: 448 bytes at 97
21:10:19 5 SYSTEM Writing 7428: 583 bytes at 65040
21:10:19 5 SYSTEM [S.0000019207] reading: 31939 bytes at 545
21:10:19 5 SYSTEM Writing 7428: 31940 bytes at 65623
21:10:19 4 SYSTEM [S.0000019207] stored in 'xxxxx' at 65042(+0)
21:10:19 2 SYSTEM(POP) [S.0000019207] delivered to (xxxxx)
21:10:19 5 SYSTEM checking modified files
21:10:19 5 SYSTEM OSClose refNum=8274
21:10:19 2 SYSTEM [S.0000019207] deleted
21:10:19 5 SYSTEM delivering to local accounts
21:10:19 5 SYSTEM checking modified files
21:10:24 5 SYSTEM {S.0000019208} in work, ref=6770, nFresh=4
21:10:24 5 SYSTEM {S.0000019213} created, ref=7428, nFresh=5
My router has these two entries (among others):
<[EMAIL PROTECTED]> = error admin* = error
I'd love to stop these emails from reaching my daughter's mailbox ... and your help/advice/suggestions are most appreciated.
Thanks
David
Your words of wisdom on 10/2/03:
--------------------------------------------------------_735524291_- Date: Wed, 1 Oct 2003 18:00:46 -0700 From: Global Homes Webmaster <[EMAIL PROTECTED]> Subject: Re: Routing query Message-ID: <[EMAIL PROTECTED]> Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit
On 10/01/03 at 20:14 -0400, David C King opined:
Thanks Chris
I don't have any user named 'admin' ...
I did try the router setting that you've suggested, but it didn't trash the incoming messages.
What exactly (sorry, I'm just a hobbyist) do you mean by "Put this above the line that maps <admin> to the real user account and don't forget to enable 'Verify Return-Paths'"?
Oops, sorry, I had a minor brain fart before. For some reason I was thinking that you were talking about messages addressed to <[EMAIL PROTECTED]> being delivered to a local account. Ignore the comments about <admin> being routed to a real account.
In order for the error routing to result in rejecting messages, you need to go to SIMS' SMTP service settings and check 'Verify Return-Paths' so that SIMS will check the Return-Paths of incoming messages against the router.
Also, for this to work, <[EMAIL PROTECTED]> must be the Return-Path of the offending messages. If you have an example of the message that includes its headers, the first header line should start with 'Return-Path: '. If the Return-Path indicated there is <[EMAIL PROTECTED]>, then routing it to error will reject the spam messages. It doesn't matter whether or not the 'From:' header line is <[EMAIL PROTECTED]> because SIMS doesn't look at the From address in any circumstance. If <[EMAIL PROTECTED]> is the From address but not the Return-Path, then SIMS can't reject messages on that basis.
Your words of wisdom on 9/30/03:> >> 'error'? In other words, if any email comes to SIMS from
>On 09/29/03 at 06:08 -0700, David C King opined: > >> An email from <[EMAIL PROTECTED]> has been delivered to one of my users >> - well several emails from this name. Though the message originates >> from outside my LAN, it is being delivered to my user. I do not have >> a real user account in the name of 'admin'. > >There must be some router entry that maps <admin> to a real user account >then? > >> Can I use the router to route any msg from <[EMAIL PROTECTED]> to>> '[EMAIL PROTECTED]' I want to kill the email without it being delivered >> to any user. > >Given that you don't have an account named 'admin', and assuming that ><[EMAIL PROTECTED]> is the Return-Path (not just the From) of the spam >messages try: > ><[EMAIL PROTECTED]> = error > >Put this above the line that maps <admin> to the real user account and >don't forget to enable 'Verify Return-Paths'.
-- Christopher Bort | [EMAIL PROTECTED] Webmaster, Global Homes | [EMAIL PROTECTED] <http://www.globalhomes.com/>
--------------------------------------------------------_735524291_-
--
In America, anybody can be president. That's one of the risks you take. -- Adlai Stevenson (1900-1965)
############################################################# This message is sent to you because you are subscribed to the mailing list <[EMAIL PROTECTED]>. To unsubscribe, E-mail to: <[EMAIL PROTECTED]> To switch to the DIGEST mode, E-mail to <[EMAIL PROTECTED]> To switch to the INDEX mode, E-mail to <[EMAIL PROTECTED]> Send administrative queries to <[EMAIL PROTECTED]>
