[AusNOG] Conspiracy? Manupulation? See it for yourself!

Chris Jones chrisj at aprole.com
Wed Apr 24 14:00:55 EST 2013


Wouldn't a simpler solution be:

1.  Add an SPF record for ausnog.net
2.  Enforce this on lists.ausnog.net

??

- Chris

On 24/04/2013, at 1:33 PM, Heinz N <ausnog at equisoft.com.au> wrote:

> On Wed, 24 Apr 2013, Skeeve Stevens wrote:
> 
>> So we know where the spam is coming from or how they are subscribing?
>> 
> 
> Reading the headers:
> 
> From: <ausnog at ausnog.net>
> To: <ausnog at ausnog.net>
> 
> I think that the spammers are not subscribing at all. They are exploiting a simple weekness in the MTA configuration.
> 
> I would not dare test this as it might be perceived as an attack, but I suspect that the ausnog MTA will relay if the "RCPT To:" and "MAIL From:" are both reported as from local domain ausnog.net.
> 
> I had this problem a long while ago and the only way I could get around this was to have 2 MTAs. One "public" one will accept mail to my local domain(s) but it is specifically blocked from relaying for them. The private one will relay for the local domains and is only used for sending out. Now spammers get a nasty bounce message if they try to pretend to be "MAIL From:" any of my local domains, sending "RCPT To:" any of my local domains :-)
> 
> Regards,
> Heinz N.
> _______________________________________________
> AusNOG mailing list
> AusNOG at lists.ausnog.net
> http://lists.ausnog.net/mailman/listinfo/ausnog




More information about the AusNOG mailing list