[Raw Msg Headers][Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Spam problem
On 26 Jan 2000, Edgardo Szulsztein wrote:
> Hi
>
> We have zmailer 2.99.51, with antispam rules. However, we can't send mail to
> several domains (they reject us), due to the inclusion of our domain in a "RSS
> list". We have received a report from www.abuse.net, where they show the
> antispam checks that they have done against our mail server. We rejected well
> 10 spam mails, but failed in accepting a mail with the destination:
>
> RCPT TO:<"relaytest@abuse.net"@[200.43.66.194]>
>
> How can we solve it? Do I have to reject addresses with more than one "@"? How
> could I do it?
>
Perhaps this should go in the ZMailer FAQ :-)
Your problem appears to be a case of a "spoofed local domain"
(where a dotted quad is used and the 'sender' is an embedded redirect)
This is what I've set up in cf/rrouter.cf, and it works for me:
(just below the rrouter initial routine header):
rrouter (address, origaddr, A, plustail, domain) {
local tmp tee didhostexpand priv nattr a
# local seenuucp seenbitnet
# seenuucp=false
# seenbitnet=false
didhostexpand="";
# echo "rrouter: address=$address, origaddr=$origaddr" >> /dev/tty
# we want to filter out tricks spammers may use (also what ORBS uses):
# "Spoofed local domain" <sender@[x.x.x.x]>
# "Percent redirects" <user%remote.domain@localhost>
# "Bangpath redirects" <remote.domain!user@relayhost>
# "Colon pathing" <@some.host,@localhost:user@remote.domain>
tsift "$origaddr" in
# "dotted quad spoof"
(.*)@\[129.128.7.238\]
return (((error bounce "$origaddr" $A))) ;;
# "percent redirect"
(.*)%(.*)@(.*)
return (((error percent-redirect "$origaddr" $A))) ;;
# "bangpath redirect"
(.*)!(.*)@(.*)
return (((error percent-redirect "$origaddr" $A))) ;;
# "colon pathing"
@(.*),@(.*):(.*)@(.*)
return (((error colon-pathing "$origaddr" $A))) ;;
tfist
# end of our no relay filter
Matti, any alternative (perhaps better) ways?
Cheers,
--
James S. MacKinnon Office: P-139 Avadh-Bhatia Physics Lab
Team Physics Voice : (780) 492-8226 [old AC 403]
University of Alberta email : Jim.MacKinnon@Phys.UAlberta.CA
Edmonton, Canada T6G 2N5 WWW : http://www.phys.ualberta.ca/
for all that we know the universe could cease to exist at any mo
- Follow-Ups:
- Re: Spam problem
- From: "E.Colanski" <ecol@ibud.vr9.com> (Thu, 17 Feb 2000 14:31:27 +0200)
- References:
- Spam problem
- From: Edgardo Szulsztein <edgardos@netscape.net>