Index: [Article Count Order] [Thread]

Date:  Tue, 30 Dec 2008 15:37:35 -0600
From:  "Gerald Waugh" <gwaugh (at mark) frontstreetnetworks.com>
Subject:  [coba-e:14581] Re: spam sent using my email address
To:  <coba-e (at mark) bluequartz.org>
Message-Id:  <012801c96ac6$d933cf90$6401a8c0@systemax>
In-Reply-To:  <789737.21580.qm (at mark) web65615.mail.ac4.yahoo.com>
X-Mail-Count: 14581

Dan Kriwitsky wrote Tuesday, December 30, 2008 3:29 PM
> 
> 
> --- On Tue, 12/30/08, Gerald Waugh 
> <gwaugh (at mark) frontstreetnetworks.com> wrote:
> 
> > From: Gerald Waugh <gwaugh (at mark) frontstreetnetworks.com>
> > Subject: [coba-e:14575] spam sent using my email address
> > To: coba-e (at mark) bluequartz.org
> > Date: Tuesday, December 30, 2008, 2:54 PM
> > Hi Blues, and a happy New Year
> > 
> > I am getting hundreds of spam using my return address.
> > We have three servers running, and one (fsn2) is only
> > backup email/dns
> > server
> > and the spams seem to be coming from all three.
> > 
> > Subject varies, but most are for the sex drugs
> > I put a few hundred in the access file, but it's
> > getting to be
> > overwelming.
> > 
> > How can i stop this?
> > 
> 
> > Subject: **Message you sent blocked by our bulk email
> > filter**
> 
> Ah, I hadn't looked at that before. 
> It's caused by morons with Barracuda spam firewalls.
> Backup sendmail.cf. Then edit it:
> 
> Just before ###   Local and Program Mailer specification   
> ### in sendmail.cf you add:
> 
> HSubject:	$>Check_Subject
> D{MPat}**Message you sent blocked
> D{MMsg}blocked - see 
> http://www.spamhaus.org/faq/answers.lasso?section=ISP%20Spam%2
> 0Issues#109
> SCheck_Subject
> R${MPat} $*	$#error $: 553 ${MMsg}
> RRe: ${MPat} $*	$#error $: 553 ${MMsg}
> RFwd: ${MPat} $*	$#error $: 553 ${MMsg}

> The above is 7 lines in case some wrap.

> Then:
> /etc/rc.d/init.d/sendmail stop
> killall -9 sendmail
> /etc/rc.d/init.d/sendmail start

The Subject is never the same, varies, cold be anything.
And I get them purporting to be form different email return addresses
includes aliases.
 info@somedomainonmyservers
 sales@somedomainonmyserver
and so forth.

All this just started a couple few days before Christmas.
My Christmas present :(

Gerald