Dear all,
during the past few weeks I was experiencing spam attacks which seem to
utilize MD's "help" command.
I looks like the originator sends a "help" request to my MD with a
forged "From:" or "Reply-To:"-header. The request contains arbitrary
advertisements. In turn, MD tries to find a command in the message body
but only sees HTML-Code (in the case of non-text-only messages).
MD then tries to send back a copy of the offending request alongside
with the help message. I only receive the bounces so I reckon, theres a
good few messages actually going through if the targeted account is
existing.
Since I could not find anything on this particular subject in neither
the archives nor the FAQ or on Google, here's my question:
Do you know of any way around this problem?
Any help/pointers/patches appreciated.
Joergen
Below is a snippet of the bounce message from sendmail:
> This is a MIME-encapsulated message
>
> --hA672tTQ013497.1068102175/folknet.de
>
> The original message was received at Thu, 6 Nov 2003 08:02:53 +0100
> from localhost [127.0.0.1]
>
> ----- The following addresses had permanent fatal errors -----
> <2sgfyy@yahoo.com>
> (reason: 554 delivery error: dd This user doesn't have a yahoo.com
> account (2sgfyy@yahoo.com) [0] - mta107.mail.sc5.yahoo.com)
>
> ----- Transcript of session follows -----
> ... while talking to mx2.mail.yahoo.com.:
> >>> DATA
> <<< 554 delivery error: dd This user doesn't have a yahoo.com account
> (2sgfyy@yahoo.com) [0] - mta107.mail.sc5.yahoo.com 554 5.0.0 Service
> unavailable
>
> --hA672tTQ013497.1068102175/folknet.de
> Content-Type: message/delivery-status
>
> Reporting-MTA: dns; folknet.de
> Received-From-MTA: DNS; localhost
> Arrival-Date: Thu, 6 Nov 2003 08:02:53 +0100
>
> Final-Recipient: RFC822; 2sgfyy@yahoo.com
> Action: failed
> Status: 5.0.0
> Remote-MTA: DNS; mx2.mail.yahoo.com
> Diagnostic-Code: SMTP; 554 delivery error: dd This user doesn't have a
> yahoo.com account (2sgfyy@yahoo.com) [0] - mta107.mail.sc5.yahoo.com
> Last-Attempt-Date: Thu, 6 Nov 2003 08:02:55 +0100
>
> --hA672tTQ013497.1068102175/folknet.de
> Content-Type: message/rfc822
>
> Return-Path: <Majordomo-Owner@lists.folknet.de>
> Received: from folknet.de (localhost [127.0.0.1])
> by folknet.de (8.12.2/8.12.2/SuSE Linux 0.6) with ESMTP id hA672rTQ013495
> for <2sgfyy@yahoo.com>; Thu, 6 Nov 2003 08:02:53 +0100
> Received: (from mdom@localhost)
> by folknet.de (8.12.2/8.12.2/Submit) id hA672rtM013494;
> Thu, 6 Nov 2003 08:02:53 +0100
> Date: Thu, 6 Nov 2003 08:02:53 +0100
> Message-Id: <200311060702.hA672rtM013494@folknet.de>
> X-Authentication-Warning: folknet.de: mdom set sender to
> Majordomo-Owner@lists.folknet.de using -f To: 2sgfyy@yahoo.com
> From: Majordomo@lists.folknet.de
> Subject: Majordomo results: fat melts Away
> Reply-To: Majordomo@lists.folknet.de
> MIME-Version: 1.0
>
> --
>
> >>>> --4DBCB0D7C_
> **** Command '--4dbcb0d7c_' not recognized.
> >>>> Content-Type: text/html;
> **** Command 'content-type:' not recognized.
> >>>> Content-Transfer-Encoding: quoted-printable
> **** Command 'content-transfer-encoding:' not recognized.
> >>>>
> >>>> <html>
> **** Command '<html>' not recognized.
> >>>> <body text=3D"#FFFFFF" bgcolor=3D"#FFFFFF" link=3D"#FF0000" vlink=3
... and so on ...
> **** No valid commands found.
> **** Commands must be in message BODY, not in HEADER.
>
> **** Help for Majordomo@lists.folknet.de:
... majordomo help text ...
Follow-Ups:
References:
|
|
