Index: [Article Count Order] [Thread]

Date:  Wed, 31 Dec 2008 08:05:08 -0600
From:  "Gerald Waugh" <gwaugh (at mark) frontstreetnetworks.com>
Subject:  [coba-e:14596] Re: spam sent using my email address
To:  <coba-e (at mark) bluequartz.org>
Message-Id:  <017f01c96b50$ce3fc050$6401a8c0@systemax>
In-Reply-To:  <!&!AAAAAAAAAAAYAAAAAAAAALCkVKWJsdMRhRQAYGMB3kjCowAAEAAAALofVHwG5g1LloijTSq7TD0BAAAAAA== (at mark) pelicanit.co.uk>
X-Mail-Count: 14596

Richard Owen wrote; Tuesday, December 30, 2008 3:50 PM
> 
> -----Original Message-----
> From: Gerald Waugh [mailto:gwaugh (at mark) frontstreetnetworks.com] 
> Sent: 30 December 2008 21:38
> To: coba-e (at mark) bluequartz.org
> Subject: [coba-e:14581] Re: spam sent using my email address
> 
> Dan Kriwitsky wrote Tuesday, December 30, 2008 3:29 PM
> > 
> > 
> > --- On Tue, 12/30/08, Gerald Waugh <gwaugh (at mark) frontstreetnetworks.com> 
> > wrote:
> > 
> > > From: Gerald Waugh <gwaugh (at mark) frontstreetnetworks.com>
> > > Subject: [coba-e:14575] spam sent using my email address
> > > To: coba-e (at mark) bluequartz.org
> > > Date: Tuesday, December 30, 2008, 2:54 PM Hi Blues, and a 
> happy New
> > > Year
> > > 
> > > I am getting hundreds of spam using my return address.
> > > We have three servers running, and one (fsn2) is only backup
> > > email/dns server and the spams seem to be coming from all three.
> > > 
> > > Subject varies, but most are for the sex drugs I put a few hundred
> > > in the access file, but it's getting to be overwelming.
> > > 
> > > How can i stop this?
> > > 
> > 
> > > Subject: **Message you sent blocked by our bulk email
> > > filter**
> > 
> > Ah, I hadn't looked at that before.
> > It's caused by morons with Barracuda spam firewalls.
> > Backup sendmail.cf. Then edit it:
> > 
> > Just before ###   Local and Program Mailer specification   
> > ### in sendmail.cf you add:
> > 
> > HSubject:	$>Check_Subject
> > D{MPat}**Message you sent blocked
> > D{MMsg}blocked - see 
> > http://www.spamhaus.org/faq/answers.lasso?section=ISP%20Spam%2
> > 0Issues#109
> > SCheck_Subject
> > R${MPat} $*	$#error $: 553 ${MMsg}
> > RRe: ${MPat} $*	$#error $: 553 ${MMsg}
> > RFwd: ${MPat} $*	$#error $: 553 ${MMsg}
> 
> > The above is 7 lines in case some wrap.
> 
> > Then:
> > /etc/rc.d/init.d/sendmail stop
> > killall -9 sendmail
> > /etc/rc.d/init.d/sendmail start
> 
> The Subject is never the same, varies, cold be anything.
> And I get them purporting to be form different email return 
> addresses includes aliases.  info@somedomainonmyservers  
> sales@somedomainonmyserver and so forth.
> 
> All this just started a couple few days before Christmas.
> My Christmas present :(
> 
> Gerald
> 
> 
> The only way we stopped this was to remove all domains held 
> on the server and Email addresses from the white lists in spamassassin
> 
> This then scored the mail higher and it was rejected,
> We were getting 100's a day going to all the domains that
> Were white listed.
> They have all stopped now much to the relief of my clients :)
> 
Richard,
Removing the whitelist in spamassassin solved my problem with spam with
return address's on my server.
I had in my whitelist "@every-domain-on-the-server.
So I no longer receive these messages purporting to be from one of the
users on my server.

I am concerned that maybe other people are receiving these messages.

Gerald