[clue-tech] stopping bogus hosts using mail headers
Dan Harris
dan at drivefaster.net
Tue Jun 21 16:32:48 MDT 2005
I have recently been noticing a lot of spam is claiming to be 'from'
my mail server. They are doing this:
------------------------- BEGIN HEADERS -----------------------------
Return-Path: <lnewhm at classified.co.jp>
Received: from zerrenterprises.com
(adsl-70-242-70-142.dsl.stlsmo.swbell.net [70.242.70.142])
by crestone.coronasolutions.com (Postfix) with ESMTP id ADBA0644100
for <3dlee.collier at zerrenterprises.com>; Tue, 21 Jun 2005
15:26:28 -0600 (MDT)
Notice the 'zerrenterprises.com' it claims to be, my mail server does
receive and send for zerrenterprises.com, however the IP address is
clearly not one of mine. I wonder if there is a way using postfix or
amavisd-new to detect these kinds of spoofs and immediately block
them because the hostname, domain name didn't match? Maybe tighten
up that "HELO" reply some?
-Dan
More information about the clue-tech
mailing list