[Raw Msg Headers][Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Spam problem

To: Edgardo Szulsztein <edgardos@netscape.net>
Subject: Re: Spam problem
From: James MacKinnon <jmack@Phys.UAlberta.CA>
Date: Tue, 25 Jan 2000 22:30:32 -0700
cc: zmailer@nic.funet.fi
In-Reply-To: <20000126031852.25243.qmail@ww190.netaddress.usa.net>

On 26 Jan 2000, Edgardo Szulsztein wrote:

> Hi
> 
> We have zmailer 2.99.51, with antispam rules. However, we can't send mail to
> several domains (they reject us), due to the inclusion of our domain in a "RSS
> list". We have received a report from www.abuse.net, where they show the
> antispam checks that they have done against our mail server. We rejected well
> 10 spam mails, but failed in accepting a mail with the destination: 
> 
> RCPT TO:<"relaytest@abuse.net"@[200.43.66.194]>
> 
> How can we solve it? Do I have to reject addresses with more than one "@"? How
> could I do it?
> 

Perhaps this should go in the ZMailer FAQ :-)

Your problem appears to be a case of a "spoofed local domain"
(where a dotted quad is used and the 'sender' is an embedded redirect)

This is what I've set up in cf/rrouter.cf, and it works for me:
(just below the rrouter initial routine header):

rrouter (address, origaddr, A, plustail, domain) {
        local tmp tee didhostexpand priv nattr a
        # local seenuucp seenbitnet
        # seenuucp=false
        # seenbitnet=false
        didhostexpand="";
# echo "rrouter: address=$address, origaddr=$origaddr" >> /dev/tty

# we want to filter out tricks spammers may use (also what ORBS uses):
# "Spoofed local domain"        <sender@[x.x.x.x]>
# "Percent redirects"           <user%remote.domain@localhost>
# "Bangpath redirects"          <remote.domain!user@relayhost>
# "Colon pathing"               <@some.host,@localhost:user@remote.domain>

        tsift "$origaddr" in
        # "dotted quad spoof"
        (.*)@\[129.128.7.238\]
                return (((error bounce "$origaddr" $A))) ;;
        # "percent redirect"
        (.*)%(.*)@(.*)
                return (((error percent-redirect "$origaddr" $A))) ;;
        # "bangpath redirect"
        (.*)!(.*)@(.*)
                return (((error percent-redirect "$origaddr" $A))) ;;
        # "colon pathing"
        @(.*),@(.*):(.*)@(.*)
                return (((error colon-pathing "$origaddr" $A))) ;;
        tfist

# end of our no relay filter


Matti, any alternative (perhaps better) ways?

Cheers,
--
James S. MacKinnon           Office: P-139 Avadh-Bhatia Physics Lab
Team Physics                 Voice : (780) 492-8226 [old AC 403]
University of Alberta        email : Jim.MacKinnon@Phys.UAlberta.CA
Edmonton, Canada T6G 2N5     WWW   : http://www.phys.ualberta.ca/

for all that we know the universe could cease to exist at any mo

Follow-Ups:
- Re: Spam problem
  - From: "E.Colanski" <ecol@ibud.vr9.com> (Thu, 17 Feb 2000 14:31:27 +0200)

References:
- Spam problem
  - From: Edgardo Szulsztein <edgardos@netscape.net>

Prev by Date: Spam problem
Next by Date: Re: Spam problem
Prev by thread: Spam problem
Next by thread: Re: Spam problem
Index(es):
- Date
- Thread