Please tell me what it is or provide an example and I'll tell you how to eradicate it.
SEP
Steven E Protter Owner of ISN Corporation http://isnamerica.com http://hpuxconsulting.com Sponsor: http://hpux.ws Twitter: http://twitter.com/hpuxlinux Founder http://newdatacloud.com
for example this: ----------------------------------------------------------------------------------------------------------------- Received: from mail1.highwayone.de (mail1.highwayone.de [62.138.2.165]) by rly-xk05.mx.aol.com (v107.13) with ESMTP id MAILRELAYINXK55-59b43843a032d8; Wed, 23 Nov 2005 04:44:35 -0500 Received: (qmail 11826 invoked from network); 23 Nov 2005 09:43:04 -0000 Received: from unknown (HELO twubjju.ch) ([62.138.253.55]) (envelope-sender ) by mail1.highwayone.de (qmail-ldap-1.03) with SMTP for ; 23 Nov 2005 09:43:03 -0000 From: webmaster@domain.net To: MailIn_Box@aol.com Date: Wed, 23 Nov 2005 09:33:45 GMT Subject: smtp mail failed Importance: Normal X-Mailer: SpeedMail_V4.64 X-Priority: 3 (Normal) Message-ID: <1fa477ac109.f73fc5@domain.net> MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="====dfd1f4f77dd7.63778" Content-Transfer-Encoding: 7bit -----------------------------------------------------------------------------------------------------------------
our mail address is: webmaster@domain.net
I think someone from outside with the mail address: 62.138.253.55 try to send mails using our mail address to: MailIn_Box@aol.com, but this mail address doesn't exist by AOL and we get: Returned mail: User unknown mails in our postmaster, ca. 1000 a day
By tracking the header "Received:" you can see if the message was sent by your domain. If the origin is not a local computer, then another person is sending the mail.
Por que hacerlo dificil si es posible hacerlo facil? - Why do it the hard way, when you can do it the easy way?
Report the violation and the user will lose his account in a few minutes.
It could be someone in germany figured out how to relay through an aol mail server and once again, aol needs to know about it so they screw the security tighter on their system.
Received: from mail1.highwayone.de (mail1.highwayone.de [62.138.2.165]) by rly-xk05.mx.aol.com (v107.13) with ESMTP id MAILRELAYINXK55-59b43843a032d8; Wed, 23 Nov 2005 04:44:35 -0500 Received: (qmail 11826 invoked from network); 23 Nov 2005 09:43:04 -0000 Received: from unknown (HELO twubjju.ch) ([62.138.253.55]) (envelope-sender ) by mail1.highwayone.de (qmail-ldap-1.03) with SMTP for ; 23 Nov 2005 09:43:03 -0000
If this is coming from a single source, simply add an access record:
mail1.highwayone.de REJECT 550 no more spam.
You may need to do an m4 sendmail macro build, but that entire domain will never send mail again with my recommended change.
Does it all come through aol?
The fastest fix in that event is the aol postmaster.
SEP
Steven E Protter Owner of ISN Corporation http://isnamerica.com http://hpuxconsulting.com Sponsor: http://hpux.ws Twitter: http://twitter.com/hpuxlinux Founder http://newdatacloud.com
