howto stop wrong replay mails ?

'chris' · ‎11-22-2005

hi

we get more and more wrong replay mails,
but we never send them.
these mails are not spam and not virus or worm mails.
knows someone howto stop them ?

kind regards
chris

Ivan Ferreira · ‎11-22-2005

Wrong replay? People that reply a message that was not sent? Sorry if I don't understand, my first language is not english.

There are viruses/trojans that can send mail in behalf of other people. There is no way to prevent that.

Masquerade the "from:" of a message is very easy.

Por que hacerlo dificil si es posible hacerlo facil? - Why do it the hard way, when you can do it the easy way?

Steven E. Protter · ‎11-23-2005

Shalom chris,

Please tell me what it is or provide an example and I'll tell you how to eradicate it.

SEP

Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com

'chris' · ‎11-23-2005

for example this:
-----------------------------------------------------------------------------------------------------------------
Received: from mail1.highwayone.de (mail1.highwayone.de [62.138.2.165]) by rly-xk05.mx.aol.com (v107.13) with ESMTP id MAILRELAYINXK55-59b43843a032d8; Wed, 23 Nov 2005 04:44:35 -0500
Received: (qmail 11826 invoked from network); 23 Nov 2005 09:43:04 -0000
Received: from unknown (HELO twubjju.ch) ([62.138.253.55]) (envelope-sender )
by mail1.highwayone.de (qmail-ldap-1.03) with SMTP
for ; 23 Nov 2005 09:43:03 -0000
From: webmaster@domain.net
To: MailIn_Box@aol.com
Date: Wed, 23 Nov 2005 09:33:45 GMT
Subject: smtp mail failed
Importance: Normal
X-Mailer: SpeedMail_V4.64
X-Priority: 3 (Normal)
Message-ID: <1fa477ac109.f73fc5@domain.net>
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="====dfd1f4f77dd7.63778"
Content-Transfer-Encoding: 7bit
-----------------------------------------------------------------------------------------------------------------

our mail address is: webmaster@domain.net

I think someone from outside with the mail address: 62.138.253.55 try to send mails using our mail address to: MailIn_Box@aol.com, but this mail address doesn't exist by AOL and we get:
Returned mail: User unknown
mails in our postmaster, ca. 1000 a day

that is very annoying

Ivan Ferreira · ‎11-23-2005

By tracking the header "Received:" you can see if the message was sent by your domain. If the origin is not a local computer, then another person is sending the mail.

Por que hacerlo dificil si es posible hacerlo facil? - Why do it the hard way, when you can do it the easy way?

Ivan Ferreira · ‎11-23-2005

You can use sendmail access table to stop receiving mail from the origin account.

You can also filter based on the subject by using procmail. See:

http://www.perlcode.org/tutorials/procmail/filtering.html

http://www.poornam.com/articles_spam.php

Por que hacerlo dificil si es posible hacerlo facil? - Why do it the hard way, when you can do it the easy way?

'chris' · ‎11-23-2005

------------------------------------------------------------------------------------------------
Received: from unknown (HELO twubjju.ch) ([62.138.253.55]) (envelope-sender )
------------------------------------------------------------------------------------------------

this: (HELO twubjju.ch) ([62.138.253.55]) is not our IP address
and not our domain

but this: (envelope-sender ) is our mail address

I think someone from outside is trying to send mails with our mail address and our webmaster gets replay mails because the recipient doesn't exist.

knows someone howto stop them ?

Steven E. Protter · ‎11-23-2005

The mail passed through a valid aol mail server.

Contact http://postmaster.aol.com

Report the violation and the user will lose his account in a few minutes.

It could be someone in germany figured out how to relay through an aol mail server and once again, aol needs to know about it so they screw the security tighter on their system.

Received: from mail1.highwayone.de (mail1.highwayone.de [62.138.2.165]) by rly-xk05.mx.aol.com (v107.13) with ESMTP id MAILRELAYINXK55-59b43843a032d8; Wed, 23 Nov 2005 04:44:35 -0500
Received: (qmail 11826 invoked from network); 23 Nov 2005 09:43:04 -0000
Received: from unknown (HELO twubjju.ch) ([62.138.253.55]) (envelope-sender )
by mail1.highwayone.de (qmail-ldap-1.03) with SMTP
for ; 23 Nov 2005 09:43:03 -0000

If this is coming from a single source, simply add an access record:

mail1.highwayone.de REJECT 550 no more spam.

You may need to do an m4 sendmail macro build, but that entire domain will never send mail again with my recommended change.

Does it all come through aol?

The fastest fix in that event is the aol postmaster.

SEP

Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com

Vernon Brown_4 · ‎11-23-2005

Looks like someone spamming to AOL trying to bust through their spam filter by using your return address.

howto stop wrong replay mails ?

howto stop wrong replay mails ?

Re: howto stop wrong replay mails ?

Re: howto stop wrong replay mails ?

Re: howto stop wrong replay mails ?

Re: howto stop wrong replay mails ?

Re: howto stop wrong replay mails ?

Re: howto stop wrong replay mails ?

Re: howto stop wrong replay mails ?

Re: howto stop wrong replay mails ?

Hewlett Packard Enterprise International