(no subject)

May. 23rd, 2006 01:19 pm
camwyn: Me in a bomber jacket and jeans standing next to a green two-man North Andover Flight Academy helicopter. (Sarge says shut up)
[personal profile] camwyn
Dear spammers:

You figured out how to make your emails claim to be from an approved domain. Very clever of you. NOT.

Now I have to reconfigure our spam service to filter out everyone from that organization EXCEPT the ones we know are genuinely there.

I hope you all get syphilis.

No love,

Me.
  • Add Memory
  • Share This Entry
Flat | Top-Level Comments Only

Date: 2006-05-23 04:36 pm (UTC)
From: [identity profile] popfiend.livejournal.com
I sense infinitesimal amounts of anger coming from you. /sarcasm

Date: 2006-05-23 04:47 pm (UTC)
From: [identity profile] crisavec.livejournal.com
Amen. They just found my private account thats only used for emailing friends while I'm at work. And if I ever learn who decided that info (at)tertiary would make a lovely reply address for the millions of spam they wanted to send I'm going to do very evil things. I can't actually use my email accounts there now until they've been spam filtered..so no more ssh'ing in to check for email.

Date: 2006-05-23 05:51 pm (UTC)
From: [identity profile] lwood.livejournal.com
I was hit with something like this once. How it was done was that they dug up my backup MX record and sent *it* the spam. It worked like this:

example.com has valid accounts alice, bob, and charlie. It accepts mail for alice@example.com, etc.

backup.org doesn't know what accounts example.com has, or doesn't have, but is the duly designated backup mail host and relay for example.com. It has some valid accounts, too, call 'em tom@backup.org, dick, and harry.

Both example.com and backup.org's MTA's are configured to only accept mail for real users on their own servers and, in domains they control, only take on mail that says it's from users that actually exist -- bob@example.com should never get e-mail from oscar@example.com, as that doesn't exist.

By themselves, example.com has no idea who's valid on backup.org and vice versa. example and backup also told to store and relay rather blindly when it comes to backup mail services.

So, a spammer would dig up the MX record for example, and then open a connection to backup.org, sending mail that says it's from big_canadian_stoner@example.com *to* bob@example.com.

backup.org, bless its innocence, takes this because it doesn't know there's no such critter as big_canadian_stoner@example.com. It then passes that along, and example.com trusts backup.org, and now bob has spam.

Long story short (too late), and one thing among several to look that that wouldn't be immediately obvious, I would examine your backup mail relays as a means of spam injection, and make sure they have some way of knowing what users are valid. Exactly how to verify that, mind, depends on your MTA.

-- Lorrie
  • Add Memory
  • Share This Entry
Flat | Top-Level Comments Only

Profile

camwyn: Me in a bomber jacket and jeans standing next to a green two-man North Andover Flight Academy helicopter. (Default)
camwyn

February 2026

S M T W T F S
12345 67
891011121314
15161718192021
22232425262728

Most Popular Tags

Page Summary

Style Credit

Expand Cut Tags

No cut tags
Page generated Feb. 9th, 2026 02:33 pm
Powered by Dreamwidth Studios