Forged From header in bounce-o-grams??!? :-(
"Wolfgang S. Rupprecht" at wsrcc.com
"Wolfgang S. Rupprecht" at wsrcc.com
Sat Sep 17 13:44:04 PDT 2005
david at catwhisker.org (David Wolfskill) writes:
> Among systems that commit this crime against nature, there seem to be
> some that take this a rather mind-boggling step further: they go so
> far, in generating their bounce-o-grams, as to forge the From header (and
> envelope-sender) in said bounce-o-gram so that it claims to be from
> the domain to which the bounce-o-gram is addressed.
I see I'm not the only person annoyed by these losers.
What I do here is to check the body of any bounce message and I reject
any bounce that doesn't have both an email-address and fullname in
the header-from. That has cut down on the blow-back bounce-spam quite
a bit. Luckily spammers haven't started forging the fullnames into
the messages yet.
In my case I use postfix and I add this to body_checks. This regexp
is only tested against anything inside the msg body.
/etc/postfix/body_checks:
/^From: ([---a-z.+]+)@(|[a-z.]+\.)wsrcc\.com$/
REJECT Microsoft viruses and virus scanner spam rejected.
I'm sure milters can do something similar.
-wolfgang
--
Wolfgang S. Rupprecht http://www.wsrcc.com/wolfgang/
Microsoft Vista - because "Virus Installer" was too long.
More information about the Baylisa
mailing list