> -----Original Message----- > From: p dont think [mailto:[EMAIL PROTECTED] > Sent: Monday, September 13, 2004 2:09 PM > To: Toll, Eric > Cc: Robert Menschel; Predrag Lezaic; users@spamassassin.apache.org > Subject: Re: Spammer using my domain name in FROM field > > >>Hello Predrag, > >> > >>Saturday, September 11, 2004, 9:47:42 AM, you wrote: > >> > >>PL> Spammer apparently is using [EMAIL PROTECTED] > in the FROm > >>PL> field of the emails he is sending out. Domain is one of > >>my customers > >>PL> virtual domain, spammer made up the username in the > email address. > >>PL> Now I am getting burried by mail notifications returning to > >>PL> sender...obviously wrong person. > >> > >>Understood. I'm not being flooded, but have a steady stream of > >>similar spam. Same thing happens with virus warnings/bounces. > >> > >>PL> How do you people deal with this? Is there anything I can > >>do?
http://www.exit0.us/index.php/VirusBounceRules2 I have a few rules in SA that stop "Unhelpful Virus Warnings" > > > > > > I use Postfix. I catch this before it comes in. > > Why waste bandwidth and accept the whole message? > > > > My server (Postfix) Issues the following: > > > > 550 Liar, Liar you are an Imposter and have been reported. > > You misunderstand the problem. The poster was complaining > about backscatter (bounce notifications from other servers > who recieved mail with the forged FROM address), and *not* > about mail with the forged FROM address coming directly to > him. (You neglect to mention *how* you make Postfix take > care of the latter: typically check_sender_access is used in > smtpd_recipient_restrictions with an entry such as: > example.com 554 You're a liar!) > Catching backscatter at the > SMTP level, OTOH, is incredibly difficult. I bet you don't > have a solution for that. > Nope, besides emailing the braindead admins who do not yet realize that From: can be easily forged.
