Thanks for the note!
Now, slight catch, I run exim here. Any thoughts on how that would
function for the alias changes or should I take that up with the exim
users list and the gurus there.
As far as changing the outgoing aliases names, that is how this is
happening I'm almost certain. I'll work on modifying them all this
weekend. I don't know about the ,null though will need to look at that
or do you think exim would tolerate that one??
George
>On Thu, 7 Jul 2005 16:37:06 -0400 (EDT), you wrote:
>George,
>
>First it's paramount that you determine what address the spam is being
>sent to. Once that is determined, you can act:
>
>I assume the list is closed and only list members are allowed to post
>messages.
>
>If so, then either a) a list member is spamming the list (unlikely) or
>b) there is a hole through which spammers are able to address the
>list that bypasses the list membership requirement.
>
>The following is only useful if you run sendmail:
>
>I had this problem a couple of years ago, and found that the problem
>was well-known: if the list is called foo, then foo-outgoing will
>be mentioned in the headers of each outgoing message. This is a
>mail alias on your machine that BYPASSES majordomo, so ANY mail to
>it will just get sent to the list. Spammer programs on zombie
>Windoze computers were harvesting the addresses from the headers
>of any email stored on the luser's computer.
>
>The standard fixes are:
>
>1. change your alias for each list so that instead of:
>
>foo: "|/usr/local/majordomo/demime '|/usr/local/majordomo/wrapper resend -p
> bulk -M 10000 -l foo -h dudley.casano.com -I foo foo-outgoing'
>"
>
>You put
>
>foo: "|/usr/local/majordomo/demime '|/usr/local/majordomo/wrapper resend -p
> bulk -M 10000 -l foo -h dudley.casano.com -I foo f0o-0utgoing,null'
>"
>
>Note the addition of ",null" to the alias. This prevents sendmail
>from putting the outgoing address in the headers. As an extra step,
>I changed my outgoing address from foo-outgoing to f0o-0utgoing in
>order to invalidate the old compromised outgoing address.
>
>2. Add this magic recipe to your virtusertable:
>
>f0o-0utgoing@casano.com error:nouser User unknown
>owner-f0o-0utgoing@casano.com error:nouser User unknown
>
>and do whatever it is on your machine that causes virtusertable.db
>to be rebuilt. ("make" on FreeBSD).
>
>This causes sendmail to bounce any message sent to your outgoing alias.
>
>I hope this helps.
>
>Bill Dudley
>Jackson, NJ
>
>P.S. funny coincidence on the city name, huh?
>
>> From georgek@netwrx1.com Thu Jul 7 16:16:57 2005
>> From: "George R. Kasica" <georgek@netwrx1.com>
>> To: "William Dudley Jr." <wfd99@casano.com>
>> Cc: majordomo-users@greatcircle.com
>> Subject: Re: proposed solution for spam sent to majordomo@yourdomain
>> Date: Thu, 07 Jul 2005 15:17:13 -0500
>>
>> Bill:
>>
>> I'm having a similar problem here with spam going directly to the list
>> addresses such as the digestify etc. Do you know a way I can stop this
>> from getting in my digests as I am now to the point where it will
>> generate a digest of only spam...I'm running spamassassin here and
>> looking for various taboo headers and X-Spam type stuff but somehow
>> they seem to get the messages past the spamassassin step.
>>
>> Feel free to reply off list if you feel its not appropriate here on
>> list.
>>
>> I can provide samples or my settings if needed
>>
>> George
>> ===[George R. Kasica]=== +1 262 677 0766
>> President +1 206 374 6482 FAX
>> Netwrx Consulting Inc. Jackson, WI USA
>> http://www.netwrx1.com
>> georgek@netwrx1.com
>> ICQ #12862186
>>
>> !DSPAM:42cd8db9560059412716617!
>>
>>
===[George R. Kasica]=== +1 262 677 0766
President +1 206 374 6482 FAX
Netwrx Consulting Inc. Jackson, WI USA
http://www.netwrx1.com
georgek@netwrx1.com
ICQ #12862186
Follow-Ups:
References:
|
|
