Simpler Navigation for Servers and Operating Systems - Please Update Your Bookmarks
Completed: a much simpler Servers and Operating Systems section of the Community. We combined many of the older boards, so you won't have to click through so many levels to get at the information you need. Check the consolidated boards here as many sub-forums are now single boards.
If you have bookmarked forums or discussion boards in Servers and Operating Systems, we suggest you check and update them as needed.
cancel
Showing results for 
Search instead for 
Did you mean: 

howto stop wrong replay mails ?

SOLVED
Go to solution
'chris'
Super Advisor

howto stop wrong replay mails ?

hi

we get more and more wrong replay mails,
but we never send them.
these mails are not spam and not virus or worm mails.
knows someone howto stop them ?

kind regards
chris
8 REPLIES
Ivan Ferreira
Honored Contributor

Re: howto stop wrong replay mails ?

Wrong replay? People that reply a message that was not sent? Sorry if I don't understand, my first language is not english.

There are viruses/trojans that can send mail in behalf of other people. There is no way to prevent that.

Masquerade the "from:" of a message is very easy.
Por que hacerlo dificil si es posible hacerlo facil? - Why do it the hard way, when you can do it the easy way?
Steven E. Protter
Exalted Contributor

Re: howto stop wrong replay mails ?

Shalom chris,

Please tell me what it is or provide an example and I'll tell you how to eradicate it.

SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
'chris'
Super Advisor

Re: howto stop wrong replay mails ?

for example this:
-----------------------------------------------------------------------------------------------------------------
Received: from mail1.highwayone.de (mail1.highwayone.de [62.138.2.165]) by rly-xk05.mx.aol.com (v107.13) with ESMTP id MAILRELAYINXK55-59b43843a032d8; Wed, 23 Nov 2005 04:44:35 -0500
Received: (qmail 11826 invoked from network); 23 Nov 2005 09:43:04 -0000
Received: from unknown (HELO twubjju.ch) ([62.138.253.55]) (envelope-sender )
by mail1.highwayone.de (qmail-ldap-1.03) with SMTP
for ; 23 Nov 2005 09:43:03 -0000
From: webmaster@domain.net
To: MailIn_Box@aol.com
Date: Wed, 23 Nov 2005 09:33:45 GMT
Subject: smtp mail failed
Importance: Normal
X-Mailer: SpeedMail_V4.64
X-Priority: 3 (Normal)
Message-ID: <1fa477ac109.f73fc5@domain.net>
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="====dfd1f4f77dd7.63778"
Content-Transfer-Encoding: 7bit
-----------------------------------------------------------------------------------------------------------------


our mail address is: webmaster@domain.net

I think someone from outside with the mail address: 62.138.253.55 try to send mails using our mail address to: MailIn_Box@aol.com, but this mail address doesn't exist by AOL and we get:
Returned mail: User unknown
mails in our postmaster, ca. 1000 a day

that is very annoying




Ivan Ferreira
Honored Contributor

Re: howto stop wrong replay mails ?

By tracking the header "Received:" you can see if the message was sent by your domain. If the origin is not a local computer, then another person is sending the mail.
Por que hacerlo dificil si es posible hacerlo facil? - Why do it the hard way, when you can do it the easy way?
Ivan Ferreira
Honored Contributor

Re: howto stop wrong replay mails ?

You can use sendmail access table to stop receiving mail from the origin account.

You can also filter based on the subject by using procmail. See:

http://www.perlcode.org/tutorials/procmail/filtering.html

http://www.poornam.com/articles_spam.php
Por que hacerlo dificil si es posible hacerlo facil? - Why do it the hard way, when you can do it the easy way?
'chris'
Super Advisor

Re: howto stop wrong replay mails ?

------------------------------------------------------------------------------------------------
Received: from unknown (HELO twubjju.ch) ([62.138.253.55]) (envelope-sender )
------------------------------------------------------------------------------------------------

this: (HELO twubjju.ch) ([62.138.253.55]) is not our IP address
and not our domain

but this: (envelope-sender ) is our mail address

I think someone from outside is trying to send mails with our mail address and our webmaster gets replay mails because the recipient doesn't exist.

knows someone howto stop them ?
Steven E. Protter
Exalted Contributor
Solution

Re: howto stop wrong replay mails ?

The mail passed through a valid aol mail server.

Contact http://postmaster.aol.com

Report the violation and the user will lose his account in a few minutes.

It could be someone in germany figured out how to relay through an aol mail server and once again, aol needs to know about it so they screw the security tighter on their system.

Received: from mail1.highwayone.de (mail1.highwayone.de [62.138.2.165]) by rly-xk05.mx.aol.com (v107.13) with ESMTP id MAILRELAYINXK55-59b43843a032d8; Wed, 23 Nov 2005 04:44:35 -0500
Received: (qmail 11826 invoked from network); 23 Nov 2005 09:43:04 -0000
Received: from unknown (HELO twubjju.ch) ([62.138.253.55]) (envelope-sender )
by mail1.highwayone.de (qmail-ldap-1.03) with SMTP
for ; 23 Nov 2005 09:43:03 -0000


If this is coming from a single source, simply add an access record:

mail1.highwayone.de REJECT 550 no more spam.

You may need to do an m4 sendmail macro build, but that entire domain will never send mail again with my recommended change.

Does it all come through aol?

The fastest fix in that event is the aol postmaster.

SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
Vernon Brown_4
Trusted Contributor

Re: howto stop wrong replay mails ?

Looks like someone spamming to AOL trying to bust through their spam filter by using your return address.