[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]

Re: Sendmail and /etc/mail/access

From: Brian Ashe <brian dee-web com>
To: redhat-list redhat com
Subject: Re: Sendmail and /etc/mail/access
Date: Sun, 23 Sep 2001 04:26:04 -0400

On Saturday 22 September 2001 11:18, you babbled something about:
> Thank you all for previous suggestions on how to kill spam.
>
> To re-cap - I'm using RH6.2 with all updates.
>
> (There's other examples but here's the one that's particularly bugging me)
>
> I've put the following line in /etc/mail/access and sendmail has been
> restarted:
>
> ----
> hotmail.com    REJECT
> ----
>
> However - I'm still getting spam from hotmail.com!
>
> What am I missing? My sendmail.mc file can be attached if necessary.
>
> TIA

Check the message headers of one of the mails that got through. Likely it did 
not come from hotmail.com. You may not even see it appear in anything more 
then a "To:" of "From:" header. The spammers tend to just use hotmail as a 
redirect to an open relay or just as something so that replies can be checked 
on. If they were actually spamming using hotmail's servers they would get 
kicked off.

(and even if they don't ;)
http://www.theregister.co.uk/content/6/20052.html

sample headers from some of my "hotmail spam"...
Return-Path: <uraltu4vgfq hotmail com>
Received: from mh5-tx.mail.home.com ([65.10.73.147])
          by femail18.sdc1.sfba.home.com
          (InterMail vM.4.01.03.20 201-229-121-120-20010223) with ESMTP
          id 
<20010913061421 RSTD21343 femail18 sdc1 sfba home com mh5-tx mail home com>;
          Wed, 12 Sep 2001 23:14:21 -0700
Received: from mx5-tx.mail.home.com (mx5-tx.mail.home.com [65.10.73.143])
	by mh5-tx.mail.home.com (8.9.3/8.9.0) with ESMTP id XAA02741;
	Wed, 12 Sep 2001 23:14:16 -0700 (PDT)
From: uraltu4vgfq hotmail com
Received: from yessoft.co.kr ([210.183.232.130])
	by mx5-tx.mail.home.com (8.11.1/8.11.1) with ESMTP id f8D6E3a16669;
	Wed, 12 Sep 2001 23:14:03 -0700 (PDT)
Received: from 63.232.115.164 (0-1pool115-164.nas1.austin1.tx.us.da.qwest.net 
[63.232.115.164])
	by yessoft.co.kr (8.9.3/8.9.3) with SMTP id PAA26265;
	Thu, 13 Sep 2001 15:08:25 +0900
Message-Id: <200109130608 PAA26265 yessoft co kr>
To: <ws3hyts4a8l hotmail com>
Subject: Financial Information That WILL Change Your Life!
Date: Thu, 13 Sep 2001 16:17:53 -0400
MIME-Version: 1.0
Content-Type: text/html;
  charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
X-Priority: 3
X-MSMail-Priority: Normal
Errors-To: brjkter6rgq4 inmail sk
X-Mailer: Microsoft Outlook Express 5.50.4133.2400
Status: R 
X-Status: N
----End of those headers-----

As you can see nowhere is there a hotmail server actually handling the mail. 
That means you can't block it that way. You need to look at the headers for 
who to block and not the addresses that it "claims" to be from.
-- 
Brian Ashe                                                   CTO
Dee-Web Software Services, LLC.                  brian dee-web com

Follow-Ups:
- Re: Sendmail and /etc/mail/access
  - From: Edward Dekkers

References:
- Sendmail and /etc/mail/access
  - From: Edward Dekkers

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]