[Mimedefang] Spammers Attacking - I need some help

Stefano McGhee SMcGhee at ARCweb.com
Tue Aug 20 09:08:01 EDT 2002 

Hello all,
	I actually experienced a different form of what you were
experiencing.  It seems the Klez virus would pick of the names of users in
my domain from other people's mailboxes and send mail as them.  When the
messages are rejected they come back to our domain as NDR's for messages
our users never sent.  I simply added a line to the Sendmail config file
that rejected messages claiming to be from our domain.

From:		mydomain.com	ERROR: "550 No local relay"

Keep in mind that my server is for inbound mail only (one way)and that my
remote users use a different server.

Hope this helps,

Stefano S. McGhee
IS and Infrastructure Group Manager
ARC Advisory Group
Three Allied Drive
Floor Two
Dedham, MA 02026
Voice: 781.471.1131
FAX: 781.471.1031
Email: SMcGhee at ARCweb.com

-----Original Message-----
From: Dave Shepherd [mailto:Dave.Shepherd at vixel.com] 
Sent: Monday, August 19, 2002 5:08 PM
To: mimedefang at lists.roaringpenguin.com
Subject: [Mimedefang] Spammers Attacking - I need some help


Howdy all,

It seems that my Mimedefang and Spamassassin are pissing some spammers in
China to the point that they are targeting my company with every possible
combination of user name they have. As far as I can tell they are all being
reject by Mimedefang.

But I am having some problems -

This is how there attack works:
1) they send the message not to my company - but to my ISP's mail relay via
a Yahoo account. My ISP is listed as an MX mail-relay for my company.

2) My ISP forwards the message to my mail relay running
Mimedefang/Spamassassin

3) My mail-relay rejects the message with "Reject: Message seems to be
SPAM" being sent back to the sending host (again my ISP).

4) Because the Sending & Receiving address are the same, My ISP then tries
to bounce the message back to my mail-relay as "Undeliverable"

5) My mail-relay rejects the message again as "User Unknown" or, if it is a
real user (Step 3 above)

I get a copy of all this crap that hits me like a mail bomb in the Inbox.

I would like to simply discard any email where the $sender and $receiver
are the same. None of my users should be using this host to send them
selves an email. Is there an easy way to do this?

Or is does anyone have a better idea as to how to deal with this situation?

HELP !
Dave.Shepherd at Vixel.com

More information about the MIMEDefang mailing list