[AusNOG] Conspiracy? Manupulation? See it for yourself!
Chris Jones
chrisj at aprole.com
Wed Apr 24 14:00:55 EST 2013
Wouldn't a simpler solution be:
1. Add an SPF record for ausnog.net
2. Enforce this on lists.ausnog.net
??
- Chris
On 24/04/2013, at 1:33 PM, Heinz N <ausnog at equisoft.com.au> wrote:
> On Wed, 24 Apr 2013, Skeeve Stevens wrote:
>
>> So we know where the spam is coming from or how they are subscribing?
>>
>
> Reading the headers:
>
> From: <ausnog at ausnog.net>
> To: <ausnog at ausnog.net>
>
> I think that the spammers are not subscribing at all. They are exploiting a simple weekness in the MTA configuration.
>
> I would not dare test this as it might be perceived as an attack, but I suspect that the ausnog MTA will relay if the "RCPT To:" and "MAIL From:" are both reported as from local domain ausnog.net.
>
> I had this problem a long while ago and the only way I could get around this was to have 2 MTAs. One "public" one will accept mail to my local domain(s) but it is specifically blocked from relaying for them. The private one will relay for the local domains and is only used for sending out. Now spammers get a nasty bounce message if they try to pretend to be "MAIL From:" any of my local domains, sending "RCPT To:" any of my local domains :-)
>
> Regards,
> Heinz N.
> _______________________________________________
> AusNOG mailing list
> AusNOG at lists.ausnog.net
> http://lists.ausnog.net/mailman/listinfo/ausnog
More information about the AusNOG
mailing list