Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: recieving undeliverable reciepts of spam mails that seem to be coming from my domain
Special Forums Cybersecurity recieving undeliverable reciepts of spam mails that seem to be coming from my domain Post 302308074 by soted on Friday 17th of April 2009 03:41:08 AM
Old 04-17-2009
edzillion:
Quote:
What should I do to get rid of these? Should I be worried etc.
I know this post is quite old, but just so you know, the spammer most likely forged its reply address using an email address from your domain. Spammers forge reply addresses of legitimate email addresses all the time. Usually they move on to others and you have to wait it out. Hopefully by now you no longer have this issue. Though I do not know if they are targeting an actual email address of yours or sending to a "dummy" email address at your domain: one thing that might help is if you disable your catch all and send the email sent to non-existing accounts to dev/null.

edzillion:
Quote:
Out of interest, why do mail servers relay mail from ISPs that allow spammers? Surely all the spam in the world could be solved by a law that says:

It is illegal for ISPs to allow spammers on their network, or recieve mail from an ISP that allows spammers.
Another thing now is spam has moved to botnets, so spam is being sent from so many originating IPs that blocklisting them all is nearly impossible, so this is why mailservers will accept some mail from seemingly spammy ISPs. Sometimes there are blacklists (BLs) that get too blacklist happy and end up blocking huge portions of the Internet, say blocking a /24 over a few spam complaints. A /24 range of IP addresses is 256, so innocent users are in that block. Sometimes it has to be done so that an ISP will even notice, so you always have two sides of the story in minimizing spam. When it gets that unreasonable, mail admins move onto other blacklists to use. Yes, some ISPs definitely do not take care of their spamming issues enough, while others are more responsible. Some BLs I recommend are Spamhaus and CBL.

Spam is considered illegal in many countries around the world, however, catching and prosecuting spammers is extremely difficult, especially since some spammers hide in countries that have government officials who choose not to cooperate with international organizations such as Interpol. Better coordination is taking place, but it is very difficult to prosecute say a Latvian-based spam group that spams shucking pharma from botnets in Brazil to recipients in France.
Last edited by soted; 04-17-2009 at 04:46 AM..
 

10 More Discussions You Might Find Interesting

1. Post Here to Contact Site Administrators and Moderators

Why am I not recieving email notification?

I have been a member for almost a year now. I have always recieved email notifications when I select "subcribe to this thread" at the bottom of posts that I reply to. However, over the last month or so, I have not been recieving email notification of replys to posts I respond to. I have... (6 Replies)
Discussion started by: Kelam_Magnus
6 Replies

2. Shell Programming and Scripting

mailx undeliverable

hello! this is my first post in this forum :) when sending mail from unix, using the mailx facility, does it save a copy of the sent mail anywhere on the server? Or if the mail is not delivered to the recipient, does it write a notification to the user about the status of the mail? thanks! (0 Replies)
Discussion started by: starla0316
0 Replies

3. What is on Your Mind?

Where is "SPAM" coming from?

No, i do NOT mean spam itself, but the word "spam". Here is my shot, which implies a historical dimension of the word, most people might not be aware of: Sine Prudentia Agitare et Molestare. What does that tell us about the spamming habits of the ancient Romans? bakunin (1 Reply)
Discussion started by: bakunin
1 Replies

4. Linux

Mail drops into spam box of yahoo from a single domain

The mails are reaching from all my domains (hosted in same server) to yahoo properly when tested. But all the mails from a particular domain out of many domains hosted in the server sent to yahoo reaches yahoo's spam box. The host says that this problem is nothing to do with them since it works... (0 Replies)
Discussion started by: lampscholar
0 Replies

5. Programming

scripting for recieving a prompt

I have to run a script provided by a vendor. Its an executable so I can't change it. basically after I call it it prompts me for a password. The script does not provide a way for me to pass a password with the command that calls the script. I would like to automate running this script from... (5 Replies)
Discussion started by: guessingo
5 Replies

6. Linux

incoming mails not coming

I am using Linux box. i am able to send mails through sendmail to local and other domains. i am not receving any incoming mails. dovecot service is running. (4 Replies)
Discussion started by: harishindn
4 Replies

7. Shell Programming and Scripting

Need to get return code from mutt if an address is invalid/undeliverable from Unix shell script

I am using mutt on ksh Unix to send emails to addresses plucked from the database. If the "To:" email address is not longer valid and so the email is not sent to the "To:" recipient, but is sent to the valid cc address, I need to be able to get an error code returned to the shell script so that... (3 Replies)
Discussion started by: jzuber
3 Replies

8. UNIX for Advanced & Expert Users

postfix config: how to relay mails for only one user of a certain domain

Hello there, First of all I tell you that this is my first postfix installation so please be patient... I have following scenario: fetchmail --> postfix --> amavis-new --> postfix --> exchange 2010. Everything -except exchange ;-)- runs on an opensuse 12.1 box. Now, I have a list of... (0 Replies)
Discussion started by: lpacor
0 Replies

9. UNIX and Linux Applications

postfix config: how to relay mails for only one user of a certain domain

Hello there, First of all I tell you that this is my first postfix installation so please be patient... I have following scenario: fetchmail --> postfix --> amavis-new --> postfix --> exchange 2010. Everything -except exchange ;-)- runs on an opensuse 12.1 box. Now, I have a list of... (0 Replies)
Discussion started by: lpacor
0 Replies

10. UNIX for Dummies Questions & Answers

postfix config: how to relay mails for only one user of a certain domain

Hello there, First of all I tell you that this is my first postfix installation so please be patient... I have following scenario: fetchmail --> postfix --> amavis-new --> postfix --> exchange 2010. Everything -except exchange ;-)- runs on an opensuse 12.1 box. Now, I have a list of... (2 Replies)
Discussion started by: lpacor
2 Replies

LEARN ABOUT DEBIAN

gurgitate-mail

GURGITATE-MAIL(1)						  Gurgitate-Mail						 GURGITATE-MAIL(1)

NAME

       gurgitate-mail - an easy-to-use mail filter

SYNOPSIS

       gurgitate-mail

DESCRIPTION

       "gurgitate-mail" is a program which reads your mail and filters it according to the .gurgitate-rules.rb file in your home directory.  The
       configuration file uses Ruby syntax and is thus quite flexible.

       It's generally invoked either through your .forward file:

	   "|/path/to/gurgitate-mail"

       Or through your .procmailrc file:

	   :0:
	   | /path/to/gurgitate-mail

       Alternatively, if you're the sysadmin at your site, or your sysadmin is friendly, you can use gurgitate-mail as a local delivery agent.
       For postfix, put

	   mailbox_command=/opt/bin/gurgitate-mail

       in /etc/postfix/main.cf.  If you use any other MTA, and configure gurgitate-mail as a local delivery agent, please tell me how!	I want to
       include this in the documentation.

CONFIGURATION FILES

       There are three configuration files used by gurgitate-mail: two are system-wide, and the third, is the user rules file.

       The two system-wide configuration files are /etc/gurgitate-rules and /etc/gurgitate-rules-default.  These are processed before and after
       the user rules, respectively.

       /etc/gurgitate-rules is used to handle system-wide filtering needs: setting the default mailbox style to Maildir rather than the default
       MBox, setting the spool directory, things like that.

       The user configuration file is $HOME/.gurgitate-rules (or, alternatively, $HOME/.gurgitate-rules.rb.  Either work).  You put your own rules
       here.  If the user configuration file doesn't encounter a "return" during processing, then the additional rules contained in
       /etc/gurgitate-rules-default are run.  If that also doesn't return, then mail messages are saved into the default mail spool location.

       If the "-f" option is used on the commandline, then the file specified will be used and the default rules will not. The "-f" option can be
       used more than once:

	   gurgitate-mail -f test-rules -f additional-rules

CONFIGURATION PARAMETERS

       There are several parameters that you can set to change the way that gurgitate-mail behaves.  You set a config parameter by saying, for
       instance:

	   sendmail "/usr/sbin/sendmail"

       which sets the "sendmail" parameter to "/usr/sbin/sendmail".

       maildir
	    The directory you want to put mail folders into.  This defaults to $HOME/Mail.

       logfile
	    Where you went gurgitate-mail's log messages to go to.  The standard location for this is $HOME/.gurgitate.log

       sendmail
	    The full path to the sendmail program, used to deliver mail.  This can be any program that takes as its parameters the list of
	    addresses to deliver mail to, and that takes a mail message on standard input.

       homedir
	    The full path of your home directory.  This defaults to whatever your actual home directory is.

       spooldir
	    The path where the system's mail spools goes to.  This defaults to "/var/spool/mail".  On a Maildir system, this should be set to the
	    same as "homedir".

       spoolfile
	    The mail spool file component of the full path of your mail spool.	This is generally your username.  Maildir users should set this to
	    "Maildir".

       folderstyle
	    The style of folders you prefer.  This can be (at the moment) either MBox or Maildir.

FILTER RULES

       The filter rules are a series of Ruby statements, with the following methods and variables available:

       Variables

       from This contains the envelope "from" address of the email message.  (Note that this isn't necessarily the same as the contents of the
	    "From:" header)

       headers
	    This is an object containing the headers of the message.  There are several methods that come with this object:

       body This contains the body of the email message.  As of yet, there's nothing really interesting which you can do with this, apart from
	    assigning to it; you can rewrite the body of an email message this way.  Dealing with attachments is planned for a future release of
	    "gurgitate-mail".

       maildir
	    The directory which contains the folders, used by the "save" method when you specify a folder as "=folder" (like Elm).  Defaults to
	    "$HOME/Mail".

       homedir
	    Your home directory.  Read-only.

       logfile
	    The location of the "gurgitate-mail" logfile.  If set to "nil", then no logging is done.  Defaults to "$HOME/.gurgitate.log".

       sendmail
	    The location of the "sendmail" program.  Used by the "forward" method.  Defaults to "/usr/lib/sendmail".

       spoolfile
	    The location of the mail spool.  Read-only.

       Methods

       matches(name(s),regex)
	    Returns "true" if the header "name" matches the regular expression "regex".  If "name" is an array of header names, then it returns
	    true if at least one of the headers matches.  Useful for testing whether both "To:" and "Cc:" headers match.

       from Returns the envelope "from" address of the email message.  Note that this is the same as the bare "from".

       to   Returns a HeaderBag (a kind of array) with the contents of the "To" and the "Cc" headers.

       to_s As per Ruby convention, returns all the headers as a "String" object.

       save(mailbox)
	    This saves the message to a mailbox.  You can specify the mailbox as a word with an = sign in front of it, in which case it puts it
	    into "maildir".  If you don't use the =name format, then you need to specify an absolute pathname.	If it can't write the message to
	    the file you request it to, it'll attempt to write it to "spoolfile".

       forward(address)
	    This forwards the email message to another email address.

       pipe(program)
	    This pipes the message through "program".  "pipe" returns the exit code of the program that the message was piped through.

       filter(program)
	    This pipes the message through "program" and returns a new Gurgitate object containing the filtered mail.  (This is handy for external
	    filters which modify email like, for example, SpamAssassin, which adds a spam-score header.)

	    You can also say

		filter(program) do
		    # code here
		end

	    and it yields the newly-created Gurgitate object to the block.

       headers
	    This returns the headers as an object of their own.  This object has its own methods:

	    headers[*headernames]
		 This returns a HeaderBag (a subclass of array) containing the headers you asked for.  You can then use the =~ operator on this
		 result to match the RHS regex with everything in the HeaderBag.

		 You can change a header's value with "headers[name]=newvalue".

	    headers.match(name,regex)
		 Matches the header with the name "name" against the regex.  This is the same as headers[name] =~ /regex/.

	    headers.matches(names,regex)
		 Matches the headers with the names "names" against the regex.	This is the same as headers[*names] =~ /regex/.

	    headers.from
		 Returns the envelope from.  You can change this with "headers.from=newaddress" too.

       return
	    This tells "gurgitate-mail" to stop processing the email message.  If you don't use "return", then "gurgitate-mail" will continue
	    processing the same mail again with the next rule.	If there isn't a "return" at the end of gurgitate-rules.rb, then "gurgitate-mail"
	    will save the email message in the normal mail spool.

       log(message)
	    This writes a log message to the log file.

SIMPLE EXAMPLES

       Here are some examples of "gurgitate-mail" rules, with explanations:

	   if from =~ /ebay.com/ then save("=ebay"); return; end

       Any email from eBay (automatic end-of-auction notifications, for example, and outbid notices) gets filed into the "ebay" folder.

	   if from =~ /root@/ then save("=root"); return; end

       Any email from root (at any host) gets filed into a special folder.  Useful for sysadmins monitoring crontab email.

	   if headers.matches(["To","Cc"],"webmaster@") then
	       save("=webmaster")
	       return
	   end

       Any email with a To: or Cc: line of "sysadmin" is saved to a "sysadmin" folder.	Useful for people with multiple role accounts redirected
       to their address.

	   if headers["Subject"] =~ /[SPAM]/ then
	       save("=spam")
	       return
	   end

       This is a different syntax for matching patterns against headers.  You can also match multiple headers in the square brackets.

	   if headers["Subject","Keywords"] =~ /a bad word/ then
	       save("=swearing")
	       return
	   end

       Searches for "a bad word" in the Subject and Keywords headers, and if it's there, saves the email in the "swearing" folder.

	   if headers.matches(["To","Cc"],"mailing-list@example.com") then
	       pipe("|rcvstore +mailing-list")
	       return
	   end

       Any email to a mailing list is piped through "rcvstore" to store it into an MH folder.

       That

	   headers.matches(["To","Cc"],/regex/)

       idiom happens often enough that there's a shorthand for it:

	   if to =~ /mailing-list@example.com/ then
	       pipe("|rcvstore +mailing-list")
	       return
	   end

       Pipes the mail to the mailing list through "rcvstore".

ADVANCED EXAMPLES

       Here are some slightly more clever examples to give you an idea of what you can do with "gurgitate-mail".  Let's suppose you have an email
       whitelist in a file called $HOME/.friends, so you can determine whether some email is likely to be spam or not.

       Then if someone on your whitelist sends you email, then you automatically save that into the "inbox" folder:

	   friends=homedir+"/.friends"
	   if FileTest.exists?(friends) and FileTest.readable?(friends) then
	       File.new(friends).each do |friend|
		   if from =~ friend.chomp then
		       log "Mail from friend "+friend.chomp
		       save("=inbox")
		       return
		   end
	       end
	   end

       Okay, if someone sends you email, and it's addressed specifically to you (and gurgitate-mail hasn't caught it in another form already),
       then it might or might not be spam: put it into a "grey" folder:

	   my_addresses= [ /me@example.com/i,
			   /me@example.org/i,
			   /me@example.net/i];  # I have three email addresses
	   my_addresses.each do |addr|
	       if headers.matches(["To","Cc"],addr) then
		   save("=possibly-not-spam")
		   return
	       end
	   end

       And after that, if it's not from someone you know, and it's not addressed to your email address either, then it's probably save to assume
       that it's spam:

	   save("=spam")
	   return

       This can be improved by using a Bayesian filter, though; for example, Eric Raymond's bogofilter program (http://bogofilter.sourceforge.net)
       can be automatically trained and used with the help of the white/grey/black distinctions.  Taking the example above, I'll adjust it by
       adding in calls to bogofilter:

	   friends=homedir+"/.friends"
	   if FileTest.exists?(friends) and FileTest.readable?(friends) then
	       File.new(friends).each do |friend|
		   if from =~ friend.chomp then
		       log "Mail from friend "+friend.chomp
		       pipe("bogofilter -h")  # <-- LINE ADDED HERE
		       save("=inbox")
		       return
		   end
	       end
	   end

       "bogofilter -h" trains bogofilter that mail from whitelisted-people is not to be considered spam.  Okay, at the end of the
       .gurgitate-rules, change

	   save("=spam")
	   return

       to

	   save("=spam")
	   pipe("bogofilter -s")
	   return

       This trains "bogofilter" that anything which doesn't pass the rest of the filter should be considered spam.  Now for the interesting bit:
       Change the bit between these to use "bogofilter" to decide whether email is to be considered spam or not:

	   my_addresses= [ /me@example.com/i,
			   /me@example.org/i,
			   /me@example.net/i];  # I have three email addresses
	   my_addresses.each do |addr|
	       if headers.matches(["To","Cc"],addr) then
		   if pipe("bogofilter")==1
		   then
		       log("bogofilter suspects it might not be spam")
		       save("=possibly-not-spam")
		   else
		       log("bogofilter thinks it's probably spam")
		       save("=spam")
		   end
		   return
	       end
	   end

       "bogofilter" has an exit code of "1" if it thinks the message is not spam, and "0" if it thinks the message is spam.

       Hopefully this should give you an idea of the kinds of things that you can use "bogofilter" for.

AUTHOR

       Dave Brown <gurgitate-mail@dagbrown.com>

perl v5.10.0							    2006-06-07							 GURGITATE-MAIL(1)
All times are GMT -4. The time now is 03:46 AM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy