Another option is to setup the mail server not to allow incoming mail
claiming to be from its users. If the users only send mail from that
server this is a possibility. Some firewall mail proxies also have this
functionality for more complex setups.
Date: Wed, 05 Oct 2005 11:16:50 -0700
From: Conrad <[EMAIL PROTECTED]>
To: [email protected]
Subject: Re: hole in tmda filter?
Andrew-
Actually, the loophole is in your config, not TMDA.
It is advisable that you do not have your own address in the whitelist. How
often do you really send emails to yourself?
If you do need to send emails to yourself, then there are a couple of ways
around it:
- Setup a email address that only forwards to your primary email account,
bypassing TMDA. Then you can send emails to myself@, and it will go to you
without having to pass through TMDA. Never give out that forward email
address.
- Setup a keyword address that only you know.
- Send mail to yourself from a different account, and whitelist that account
address.
Its been known for a long time that spammers can spoof any part of the
headers in an email address, and have used this technique extensively.
Thanks.
At 09:18 AM 10/4/2005, you wrote:
Hi,
I think some spammer found a loophole in the TMDA blocking. They basically
spoofed my email as if
it were coming from me; see the header:
_____________________________________
Return-Path: <[EMAIL PROTECTED]>
Delivered-To: [EMAIL PROTECTED]
Received: (qmail 75042 invoked by uid 89); 3 Oct 2005 21:03:52 -0000
Received: from
photocon.nightskyhosting.com (HELO mattebox.nightskyhosting.com)
(67.43.171.187)
by nodal.nightskyhosting.com with SMTP; 3 Oct 2005 21:03:52 -0000
Received: (qmail 79494 invoked from network); 3 Oct 2005 21:01:52 -0000
DomainKey-Status: no
signature
Received: from host124.advance.com.ar (200.51.42.124)
by mattebox.nightskyhosting.com with SMTP; 3 Oct 2005 21:01:50 -0000
Received-SPF: fail (mattebox.nightskyhosting.com: SPF record at mail.com
does not designate
200.51.42.124 as permitted sender)
From: [EMAIL PROTECTED] <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
Subject: [EMAIL PROTECTED]
__________________________________________
===========tmda info==================
Version
tmda-cgi: tmda-cgi/0.13 "Aluminum" (Python/2.4.1 on
FreeBSD-5.2.1-RELEASE-i386-32bit-ELF) TMDA:
TMDA/1.0.3 "Seattle Slew" (Python/2.4.1 on
FreeBSD-5.2.1-RELEASE-i386-32bit-ELF) Theme:
TMDA-X/0.1 by Jim Ramsay <[EMAIL PROTECTED]>
Compile Params
AUTH_ARG: /usr/local/vpopmail/bin/vchkpw
AUTH_TYPE: program
BASE_DIR: /usr/local/lib/python2.4/site-packages/
CGI_DISP_DIR: /display
CGI_MODE: system-wide
IDs: UID: 89 (89) GID: 89 (89)
SESSION_EXP: 300
SESSION_ODDS: 0.01
SESSION_PREFIX: /tmp/TMDASession.
VLOOKUP: vpopmail1 /usr/local/vpopmail/bin/vuserinfo ~
VUSER: vpopmail
=====================================
I checked my TMDA lists and the offending email <[EMAIL PROTECTED]> was
not confirmed. It
seems to have passed through by faking my address.
I hope this helps you with your developments. I am a big fan of TMDA. Keep
up the great work.
Best regards,
Andrew
_____________________________________________
tmda-users mailing list ([email protected])
http://tmda.net/lists/listinfo/tmda-users
_____________________________________________
tmda-users mailing list ([email protected])
http://tmda.net/lists/listinfo/tmda-users
