>On Fri, 08 Jul 2005 13:53:57 -0500, you wrote:
>Thanks for the note!
>
>Now, slight catch, I run exim here. Any thoughts on how that would
>function for the alias changes or should I take that up with the exim
>users list and the gurus there.
>
>As far as changing the outgoing aliases names, that is how this is
>happening I'm almost certain. I'll work on modifying them all this
>weekend. I don't know about the ,null though will need to look at that
>or do you think exim would tolerate that one??
>
>George
>
>
>
>>On Thu, 7 Jul 2005 16:37:06 -0400 (EDT), you wrote:
>
>>George,
>>
>>First it's paramount that you determine what address the spam is being
>>sent to. Once that is determined, you can act:
>>
>>I assume the list is closed and only list members are allowed to post
>>messages.
>>
>>If so, then either a) a list member is spamming the list (unlikely) or
>>b) there is a hole through which spammers are able to address the
>>list that bypasses the list membership requirement.
>>
>>The following is only useful if you run sendmail:
>>
>>I had this problem a couple of years ago, and found that the problem
>>was well-known: if the list is called foo, then foo-outgoing will
>>be mentioned in the headers of each outgoing message. This is a
>>mail alias on your machine that BYPASSES majordomo, so ANY mail to
>>it will just get sent to the list. Spammer programs on zombie
>>Windoze computers were harvesting the addresses from the headers
>>of any email stored on the luser's computer.
>>
>>The standard fixes are:
>>
>>1. change your alias for each list so that instead of:
>>
>>foo: "|/usr/local/majordomo/demime '|/usr/local/majordomo/wrapper resend -p
>> bulk -M 10000 -l foo -h dudley.casano.com -I foo foo-outgoing'
>>"
>>
>>You put
>>
>>foo: "|/usr/local/majordomo/demime '|/usr/local/majordomo/wrapper resend -p
>> bulk -M 10000 -l foo -h dudley.casano.com -I foo f0o-0utgoing,null'
>>"
>>
>>Note the addition of ",null" to the alias. This prevents sendmail
>>from putting the outgoing address in the headers. As an extra step,
>>I changed my outgoing address from foo-outgoing to f0o-0utgoing in
>>order to invalidate the old compromised outgoing address.
>>
>>2. Add this magic recipe to your virtusertable:
>>
>>f0o-0utgoing@casano.com error:nouser User unknown
>>owner-f0o-0utgoing@casano.com error:nouser User unknown
>>
>>and do whatever it is on your machine that causes virtusertable.db
>>to be rebuilt. ("make" on FreeBSD).
>>
>>This causes sendmail to bounce any message sent to your outgoing alias.
>>
>>I hope this helps.
>>
>>Bill Dudley
>>Jackson, NJ
>>
>>P.S. funny coincidence on the city name, huh?
>>
Bill:
Tried your suggestion in the part of changing the outgoing names here
in both the majordomo-aliases and majordomo-private-aliases files and
did 2 replaces, outgoing to Outgoing and digestify to Digestify and
got the following error on attempting to send a message. It seems that
it doesn't know the user.
What am I missing? If I switch it back to what it was no problems....
To: owner-acg-l@netwrx1.com
Subject: Mail delivery failed: returning message to sender
From: Mail Delivery System <Mailer-Daemon@netwrx1.com>
Date: Sun, 10 Jul 2005 07:24:27 -0500
This message was created automatically by mail delivery software
(Exim).
A message that you sent could not be delivered to one or more of its
recipients. This is a permanent error. The following address(es)
failed:
acg-l-Outgoing@netwrx1.com
unknown local-part "acg-l-Outgoing" in domain "netwrx1.com"
------ This is a copy of the message, including all the headers.
------
Return-path: <owner-acg-l@netwrx1.com>
Received: from majordom by eagle.netwrx1.com with local (Exim 3.36 #1)
id 1Drar8-0004BT-00
for acg-l-Outgoing@netwrx1.com; Sun, 10 Jul 2005 07:24:22
-0500
Received: from mail by eagle.netwrx1.com with spam-scanned (Exim 3.36
#1) id 1Draqt-0004BH-00 for acg-l@netwrx1.com; Sun, 10 Jul 2005
07:24:16 -0500
Received: from [68.248.203.45] (helo=NOTEBOOK-LOCAL.netwrx1.com) by
eagle.netwrx1.com with smtp (Exim 3.36 #1) id 1Draql-0004B6-00 for
acg-l@netwrx1.com; Sun, 10 Jul 2005 07:23:59 -0500
From: George R. Kasica <georgek@netwrx1.com>
To: acg-l@netwrx1.com
Subject: ACG: TEST
Date: Sun, 10 Jul 2005 07:23:24 -0500
Organization: Netwrx Consulting Inc.
Message-ID: <lp42d1paqb2s07s1ertqorb3dili1e6ueb@4ax.com>
X-Mailer: Forte Agent 3.0/32.731
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
X-Scanner: exiscan *1Draql-0004B6-00*i.1LLeRY9V.* (Netwrx Consulting
Inc., Jackson, WI USA)
X-Spam-Checker-Version: SpamAssassin 3.0.4 (2005-06-05) on
eagle.netwrx1.com
X-Spam-Status: No, score=-5.2 required=5.0
tests=ALL_TRUSTED,BAYES_00,TW_WR autolearn=ham version=3.0.4
Sender: owner-acg-l@netwrx1.com
Precedence: list
Reply-To: acg-l@netwrx1.com
References:
|
|
