Visit Our UNIX and Linux User Community


spam and protection?


 
Thread Tools Search this Thread
Special Forums Cybersecurity spam and protection?
# 1  
Old 10-31-2002
spam and protection?

Hello,

Long time ago we used to suffer from relay and users using your own mailservers to spam but thanks god for auth-before-pop.

But now i'm facing small problem with someone which us he is spaning using whatever mailserver with your@email.address.com and when these emails go to unknown addresses they will bounce back to your email! what you will do in this case? how to protect your self.

i know you can prove its not you who spam to people from the headers and many other ways, but the question here isto protect your self from the 100s of bouncebacks !!
# 2  
Old 10-31-2002
Don't let spammers do this from your network.
# 3  
Old 11-01-2002
you didn't get me..

not from my network , say your email address is user@usa.com and i'm from another planet and i use outlook to relay at my ISP mailserver and set the "e-mail address" to user@usa.com although an not user@usa.com and start emailing billion of users spamming and my ISP doesn't care about spam anyhow 80% of the emails bounced back to user@usa.com , your mailbox will be filled, how to avoid this and not get your mailbox filled?
# 4  
Old 11-01-2002
I happened to have the same problem but not to the extent that it's killing our server or flooding me (postmaster) with email.

What you need to do is look at the headers and figure out if the spammers are using some system that is an open relay or not. If they are, calling or emailing the postmaster of that server may help to remove the problem.

Getting the hundreds of email from irate folks about spam - nothing can be done unless you just want to filter them and not do anything. The problem with that - one: your company does not look good in the eyes of potential customers; two: you will never get rid of the problem.

Yes, it is probably impossible to stop spammers one email at a time but finding the problem children on the internet (the open relays the spammers are using) or complaining to their ISP (those who are selling them a piece of a subnet) will help.

Check the headers - they will lead you to the folks involved. Complain to the postmaster, hostmaster, abuse, any contact person in either ARIN or NetworkSolutions database for that IP or domain name.

Check out Network Abuse Clearinghouse for further info.

If you are just a user looking to get rid this mail, then a filter would work.

Last edited by RTM; 11-01-2002 at 10:39 AM..
# 5  
Old 11-01-2002
As I understand the poster, he is not talking about relaying (one problem) he is talking about the "Reply-To" field where spammers are using his valid email address in their spam "Reply-To" field.

This is a common technique by spammers and you can't filter on source address or you could block 'the good guys' (people like you receiving spam).

It is like when a spammer sends me email and my email address is in the 'Reply To' field... I certainly don't like blocking me from myself Smilie and the scenarios go on and on. There are many variations of this spam technique.

However, if the email is being bounced, you can easily filter your server to just blackhole all mail from "mailer-daemon" and similar source addresses from bounced mail. You must examine the mail and set up appropriate filters.

You might find this paper of interest:

http://www.silkroad.com/papers/html/bomb/

the paper describes email bombs, countermeasures and filtering basics.

I'm finding programs like Mailwasher more and more useful: www.mailwasher.net but this gem runs only on MS products; so I queue mail on linux and wash with Mailwasher first thing in the morning (like brushing my teeth) or whenever I've been away for a long time; after washing I read with my standard mail user agent. Smilie The developer of Mailwasher is very responsive (Nick) and he has added a couple of features at my request in the past month.
# 6  
Old 11-01-2002
I don't believe that it's "Reply-To", but rather "Return-Path" that is causing his problem.

"Return-Path" is supposed to show the the real address of the sender as taken from the envelope. And it's only supposed to generated by the MTA performing final delivery. And it's only used to notification of delivery problems.

Most MTA's just accept a "Return-Path" line if one is already present. This prevents recording the spammer's address from the envelope (no great loss since it is probably forged too) and it sends the delivery problem notifications elsewhere.

It's even possible that "Reply-To" contains some valid address for the spammer. That way you can reply to a hotmail account or something if you are interested in a product.

The latest versions of Sendmail have a way to replace a "Return-Path" header. But until everyone does that, this is a problem.
# 7  
Old 11-01-2002
Right you are, Perderabo! Thanks for catching that. That will teach me to rely on 5 year old neurons Smilie "Reply-To" is used much less frequently in headers than "Return-Path"

FYI: See these threads for more info:

http://www.unicom.com/pw/reply-to-harmful.html

http://cr.yp.to/proto/replyto.html

I'll check some wierd spam and post a follow-up........

Previous Thread | Next Thread
Test Your Knowledge in Computers #240
Difficulty: Easy
In 1973, a transatlantic satellite link connected the Norwegian Seismic Array (NORSAR) to the ARPANET, making Norway the first country outside the US to be connected to the network.
True or False?

7 More Discussions You Might Find Interesting

1. Homework & Coursework Questions

Protection and special characters

I am learning from the class how to protect the special characters and the script that I wrote here does not work when I am trying to pick up a single quote. It would complaint about parentheses problem. Please, someone could enlighten me. Thanks in advance, Scopiop Input file Hi, * ?... (2 Replies)
Discussion started by: scopiop
2 Replies

2. Shell Programming and Scripting

Script protection against changes

Hi everyone, Im trying to protect the scripts I have made from changes. At my office Im the one who research improvements on daily tasks, and Ive done many scripts, that I share with my partners.Im tired because they take my scripts and make their owns with new features that dont share... (4 Replies)
Discussion started by: dover07
4 Replies

3. IP Networking

Protection against arp spoofing

Hi, I'm trying to find a way to protect my network against arp spoofing. What it is: An attacker sends fake arp packets in the network, identifying himself as the router. All network traffic is then redirected to this attacker. How to protect myself: In my opinion, the best possible... (2 Replies)
Discussion started by: chrisperry
2 Replies

4. Shell Programming and Scripting

Password protection in unix

How to create a file in UNIX which is password protected ? Thanks and Regards, Neeraj (5 Replies)
Discussion started by: neeraj617
5 Replies

5. Linux

file security/protection

Hi All I am working on a site to help newbie to learn linux for free. demo.freelinuxconsole.info there is only one file index.php its been able to rename or deleted. Kindly let me know what permissions should i give to secure this file from editing or deleting by others. (8 Replies)
Discussion started by: smithjack
8 Replies

6. Filesystems, Disks and Memory

protection schemes

Consider a system that supports 5,000 users. Suppose you want 4,990 of these users to be able to access one file How would you specify this protection scheme in UNIX (4 Replies)
Discussion started by: mattyboy
4 Replies

7. UNIX for Dummies Questions & Answers

Override protection.....

I am having this problem......when I run this script: print -n "Enter file name to be deleted: " read answer if then rm $name else echo "No such file with the name: $name exists" fi I was trying to test my script for errors, and basically when the user had files with the rights: 400,... (1 Reply)
Discussion started by: Makaveli.2003
1 Replies

Featured Tech Videos