On 10/02/03 at 09:12 -0400, Neil Herber opined:
> It is rumored that on or about 10/2/03 8:42 AM -0400, David C King
> wrote as follows:
> >
> >I've always had Verify Return Paths checked on ... so no problem there.
> >
> >Msgs are still coming in (one a day) and I'm just puzzled by how
> >they're getting through. Here are the headers from one such msg:
> >
> >Return-Path: [EMAIL PROTECTED]
> >Received: from [67.60.19.41] (HELO localhost) by king-dom.org
> >(Stalker SMTP Server 1.8b8) with SMTP id S.0000019149 for
> ><[EMAIL PROTECTED]>; Sun, 28 Sep 2003 12:13:52 -0400
> >From: [EMAIL PROTECTED]
> >To: xxxxx <[EMAIL PROTECTED]>
> >Reply-To: [EMAIL PROTECTED]
>
> ....snip...
>
> >The IP number above belongs to my local cable/internet provider (my
> >SIMS runs on my home network as an experiment and for my parents and
> >kids to use email).
>
> ....snip...
>
> >
> >My router has these two entries (among others):
> >
> ><[EMAIL PROTECTED]> = error
> >admin* = error
> >
> >I'd love to stop these emails from reaching my daughter's mailbox
> >... and your help/advice/suggestions are most appreciated.
>
> It looks to me like a spammer or other weasel is simply forging the
> RETURN-PATH, FROM, and REPLY-TO headers on his mail using the bogus
> address "[EMAIL PROTECTED]". I presume since you have x-ed out the
> local part of the TP address that it is a real account on your system.
Since the Return-Path is <[EMAIL PROTECTED]>, routing it to error _should_
cause these messages to be rejected. I use this method in my own router
successfully.
David, do you have any entries in your router that deal with king-dom.org
in a general way (i.e. with wild cards or a domain-level routing)? If so,
then make sure that your error routing lines come first. Order matters in
the router; it uses the first entry that matches whatever address is being
processed.
> If you replace your "admin" router entries with the following, it
> should stop the weasel:
>
> <admin*> = spamtrap
>
> This tells the router to take any local address that starts with
> "admin" and spam trap it.
>
> The ERROR routing is usually used for the domain portion of an
> address, as in:
>
> *.cn = error ; chinese mail is always spam to me
Yes, but I have several lines in my router of the form
<[EMAIL PROTECTED]> = error
and they work just fine.
--
Christopher Bort | [EMAIL PROTECTED]
Webmaster, Global Homes | [EMAIL PROTECTED]
<http://www.globalhomes.com/>
#############################################################
This message is sent to you because you are subscribed to
the mailing list <[EMAIL PROTECTED]>.
To unsubscribe, E-mail to: <[EMAIL PROTECTED]>
To switch to the DIGEST mode, E-mail to <[EMAIL PROTECTED]>
To switch to the INDEX mode, E-mail to <[EMAIL PROTECTED]>
Send administrative queries to <[EMAIL PROTECTED]>
