[clue-tech] stopping bogus hosts using mail headers
Ballon, Mike
Mike.Ballon at echostar.com
Wed Jun 22 09:24:09 MDT 2005
You can use rdns but it's so loosely adhered to you might block more then
you want.
-----Original Message-----
From: clue-tech-bounces at clue.denver.co.us
[mailto:clue-tech-bounces at clue.denver.co.us] On Behalf Of Dan Harris
Sent: Tuesday, June 21, 2005 4:33 PM
To: CLUE technical discussions - Q& A
Subject: [clue-tech] stopping bogus hosts using mail headers
I have recently been noticing a lot of spam is claiming to be 'from'
my mail server. They are doing this:
------------------------- BEGIN HEADERS -----------------------------
Return-Path: <lnewhm at classified.co.jp>
Received: from zerrenterprises.com
(adsl-70-242-70-142.dsl.stlsmo.swbell.net [70.242.70.142])
by crestone.coronasolutions.com (Postfix) with ESMTP id ADBA0644100
for <3dlee.collier at zerrenterprises.com>; Tue, 21 Jun 2005
15:26:28 -0600 (MDT)
Notice the 'zerrenterprises.com' it claims to be, my mail server does
receive and send for zerrenterprises.com, however the IP address is clearly
not one of mine. I wonder if there is a way using postfix or amavisd-new to
detect these kinds of spoofs and immediately block them because the
hostname, domain name didn't match? Maybe tighten up that "HELO" reply
some?
-Dan
_______________________________________________
CLUE-tech mailing list
CLUE-tech at clue.denver.co.us
http://clue.denver.co.us/mailman/listinfo/clue-tech
More information about the clue-tech
mailing list