Hello all, I'm using qmail and have it configured to accept wildcard [EMAIL PROTECTED] Recently I've notice a spammer who is sending an email every 20 seconds to an autogenerated user @mydomain.com, this email has a valid email address as the envelope sender (Return-Path), and that address is the target of the spam. The body of the original spam email is then added to the TMDA auto response and sent to the Return-Path recipient. A sneaky way to spam or to attempt an email client exploit.
If I change the config variable AUTORESPONSE_INCLUDE_SENDER_COPY to 1 (2 means attach original email _default_, 1 means headers only, 0 means neither), then this spammer will no longer be able to use me and TMDA as a relay for their payload. I have also altered the default confirm template to use the original Subject: string with an RE: prepended, rather than using the default TMDA subject. I beleive this is more user friendly because if you create a subject and then get a reply with that same subject, you know and trust that email and are more likely to read it. So I think I've made my email system 'spam relay proof' but it's too soon to tell. Maybe they'll add spam content to the headers next. Has anyone else had this problem? You might not notice it unless you check your pending queue. If this spammer wasn't so sloppy, I might have never noticed it. This can also happen without TMDA, by exploiting bounces that attach the full spam body. Ideally, qmail would reject the email at the smtp level I suppose, but with wildcard users that is not possible (?) I should implement other anti spam measures like spamassasin and spf maybe. Any advice? Thanks, Phil _____________________________________________ tmda-users mailing list ([email protected]) http://tmda.net/lists/listinfo/tmda-users
