Networking Forums
Home Register Members Search Links
Member Login:

Networking Forums > Computer Networking > Linux Networking > Spammers masquerading as me

Reply
Thread Tools Display Modes

Spammers masquerading as me

 
 
Doug Laidlaw
Guest
Posts: n/a

 
      07-23-2004, 12:24 AM
I have just set up a "challenge-address" type of mailfilter using Procmail.
Some spammers are getting past it by using my address as the "From"
address. I may talk to myself, but I don't write to myself - yet. Is
there any harm in putting my own address in a blacklist?

TIA,

Doug.
--
ICQ Number 178748389. Registered Linux User No. 277548.
Never let your sense of morals get in the way of doing what's right.
- Isaac Asimov.
 
Reply With Quote
 
 
 
 
Moe Trin
Guest
Posts: n/a

 
      07-25-2004, 12:21 AM
In article <7f26t1-(E-Mail Removed)>, Doug Laidlaw wrote:
>Some spammers are getting past it by using my address as the "From"
>address. I may talk to myself, but I don't write to myself - yet.

Hi Doug,

On the systems at work, I always Bcc myself, so that does show up as
mail from me. However, the mail filter knows to test first for the
presense of a less obvious header, and whitelist my mail on that.
On the rare occassion when I mail something from the home accounts
to a work address, I've learned to be using a non-publicised address
that changes regularly which is created using a hash of the output of
/dev/urandom.

>Is there any harm in putting my own address in a blacklist?

If you _never_ send mail to yourself, then no. If you do send mail
to yourself, look at the headers of such good mail, and you'll soon
notice _some_ header that is unlikely to be forged. For examples,
this could be a header you've added (sorry, I don't use KMail), or it
might be a specific series of "Received: from
dialup-1-118.Bendi.mumble.Mumble.com" headers. In any case, you can
whitelist on that, and not worry about blocking based on anything else.

Do remember that there is a difference between the "envelope from"
address (Return Path, and the internal (to the mail) From: address.
Both are easy to forge, but the internal address is childs play.

Should you be running cron jobs that might create mail froom you to you,
(usually errors, but occassionally I may want cron to mail me for some
reason), again look at known good mail. Often, the internal from header
is from (E-Mail Removed), rather than (E-Mail Removed).

Like my old Unix instructor said: "know your files" - meaning know what
the stuff you'll be looking for looks like, as well as the rest of the
crap that you don't want.

Old guy
 
Reply With Quote
Reply

« Problem solved | traceroute question »
Thread Tools
Display Modes
Linear Mode Linear Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
IDNET 'spammers' Spamtastic Spastic Broadband 0 11-04-2009 04:55 AM
Telewest/blueyonder are SPAMmers, yet again... The New Boy Broadband 4 03-27-2006 07:26 AM
Broadband allows spammers to send even more SPAM !!!!! Bruno Beam Broadband 2 12-22-2004 08:35 AM
Ah..., good to see that spammers.it's.your.bedtimeme@flatline.com ZBOXMAN94506 Wireless Internet 0 10-21-2003 05:39 PM
Spammers LUV SpamAssassin Alan Connor Linux Networking 109 09-05-2003 11:55 AM


Forum Software Powered by vBulletin®, Copyright Jelsoft Enterprises Ltd.
SEO by vBSEO 3.3.2 ©2009, Crawlability, Inc.
Contact Us - Archive - Privacy Statement - Top

1 2 3 4 5 6 7 8 9 10 11