From: mouss (usebsdfree.fr)
Date: Sun Jul 02 2006 - 15:25:16 CDT

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Adhamh Findlay wrote:
> On Sun, 02 Jul 2006 14:06:26 +0200, mouss <usebsdfree.fr> wrote:
>
>>>
>> As sandy said, this is more probably a joe job attack. addresses from
>> your domains are used as sender in spam/virus/whatever mail, and the
>> recipient domain is misconfigured, and does backscatter. There are
>> unfortunately many broken sites.
>>
>> what you can do is add a trap address and make some or all of these
>> "unknown" addresses virtual aliases for this trap. Then look at the mail
>> to see if it is really backscatter. If so, report them to spamcops.
>> depending on the situation, you may also complain to the abuse contact
>> and to whois contacts of the misconfigured clients.
>>
>
> I tired to do this with luser_relay, but I didn't get any of these messages delivered to the relay account. Did you have a different setup in mind?
>

reread my post. watch the "virtual aliases" thing.

PS. This is my last response to you since your server blocks me... Let's
keep balkanizing the internet :-{
Anyway, if you don't get mail from me, be that directly or via the list,
you'll know why.

> Is there anything besides my SPF record I can do to help prevent this joe job attach leading to my domain getting blacklisted?
>
>
Unfortunately, there's not much you can do, except reporting these
servers and/or complaining to their whois contacts. And of course,
spread the word: let people know they _must_ implement recipient
validation correctly, and they should never bounce after accepting, be
that for broken recipient validation or for spam/virus filtering.

There is a running thread on this list. look for recent messages with a
subject of: "Re: virtual_alias_maps: rewriting outbound" and you'll see
what I mean ;-p

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]