[AusNOG] Conspiracy? Manupulation? See it for yourself!
Heinz N
ausnog at equisoft.com.au
Wed Apr 24 13:33:56 EST 2013
On Wed, 24 Apr 2013, Skeeve Stevens wrote:
> So we know where the spam is coming from or how they are subscribing?
>
Reading the headers:
From: <ausnog at ausnog.net>
To: <ausnog at ausnog.net>
I think that the spammers are not subscribing at all. They are exploiting
a simple weekness in the MTA configuration.
I would not dare test this as it might be perceived as an attack, but I
suspect that the ausnog MTA will relay if the "RCPT To:" and "MAIL From:"
are both reported as from local domain ausnog.net.
I had this problem a long while ago and the only way I could get around
this was to have 2 MTAs. One "public" one will accept mail to my local
domain(s) but it is specifically blocked from relaying for them. The
private one will relay for the local domains and is only used for sending
out. Now spammers get a nasty bounce message if they try to pretend to be
"MAIL From:" any of my local domains, sending "RCPT To:" any of my local
domains :-)
Regards,
Heinz N.
More information about the AusNOG
mailing list