Solved

Spam bounce from myself

Posted on 2006-06-29
9
393 Views
Last Modified: 2008-01-09
Here is the situation.

    I am blocking all emails from my own domain on my relay server, since no
email from my organization will originate from the outside.

    I think this is what is happening.  Spammers are sending emails to my
ISP smtp backup server like this:

from: me@mydomain.com
to: me@mydomain.com

    My relay server is rejecting them.  The ISP smtp server is receiving the
smtp rejection and creating a postmaster bounce to me, since my email was in
the from: field.  The bounced message has the original spam email attached.  This means the
spammer was successful in getting me the email.  I.E. one of my users could
open the attachment and allow whatever is in the email to happen. (tojan,
phishing, etc.)


    My question is:  how do I stop this from happening?

    Here is the bounce message.

-----Original Message-----
From: System Administrator [mailto:postmaster@mydomain.com]
Sent: June 26, 2006 9:00 PM
To: ME
Subject: Undeliverable: Roolex for you

Your message

  To:      ME
  Subject: Roolex for you
  Sent:    Mon, 26 Jun 2006 20:59:07 -0400

did not reach the following recipient(s):

ME on Mon, 26 Jun 2006 21:00:22 -0400
    The e-mail system was unable to deliver the message, but did not report
a specific reason.  Check the address and try again.  If it still fails,
contact your system administrator.
    < smtp.myisp.com #5.0.0 X-Postfix;
host smtp.mydomain.com[xxx.xxx.xxx.xxx] said:
550    5.7.1 Message rejected. (in reply to end of DATA command)>
0
Comment
Question by:dauyeung
9 Comments
 
LVL 97

Expert Comment

by:war1
ID: 17010832
Greetings, dauyeung !

Instead of your relay server rejecting the spam emails, have it delete them.  Then there will be nothing to bounce.

Best wishes!
0
 

Author Comment

by:dauyeung
ID: 17011182
I'm not sure if this would work.

Wouldn't the relay server still send an NDR to the sender, which is one of my users?

DAve
0
 
LVL 34

Expert Comment

by:PsiCop
ID: 17011253
First, you can't stop spammers from sending E-Mails claiming to be from you.

Second, you can't stop mailservers the world over from accepting E-Mail claiming to be from your Domain but clearly originating from elsewhere.

Third, you can't stop those mailservers - which are accepting E-Mail with detectable bogosity - from generating an NDR back to the faked FROM address and thus annoying your users.

About the only way to shield your users would be to construct a mail filter that examined incoming NDRs for plausability, perhaps by checking the mail server logs for recently transmitted messages to the same Domain.
0
Free Trending Threat Insights Every Day

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

 
LVL 17

Accepted Solution

by:
upul007 earned 250 total points
ID: 17012067
I disagree with PsiCop. If you have set up email servers to check and reject emails based on the sending domains spf records, there is hope. Perhaps your back up servers are not set to do this. Some servers do not even accept emails from domains without reverse dns records. You should check further and seek a solution through your isp.
0
 

Author Comment

by:dauyeung
ID: 17012101
Good idea upul007.

Hadn't thought of ISP filtering.  As for SPF, I wonder how many servers actually use it.  I do have an spf record for our domains.

Anyone have other ideas?

DAve
0
 
LVL 17

Expert Comment

by:upul007
ID: 17015810
SPF is supported by Exchange 2003 SP 2 and Alt-N's MDeamon. Here in Sri Lanka certain ISP's actually use this facility to promote their services.
0

Featured Post

How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

Join & Write a Comment

Pegasus Mail (http://www.pmail.com/) is a donation ware that is a collaboration of David Harris along with his team members. It is a desktop mail client that offers the option of configuring more than one mail account with single set up. It supports…
Check out this infographic on what you need to make a good email signature that will work perfectly for your organization.
Access reports are powerful and flexible. Learn how to create a query and then a grouped report using the wizard. Modify the report design after the wizard is done to make it look better. There will be another video to explain how to put the final p…
This video shows how to remove a single email address from the Outlook 2010 Auto Suggestion memory. NOTE: For Outlook 2016 and 2013 perform the exact same steps. Open a new email: Click the New email button in Outlook. Start typing the address: …

758 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

20 Experts available now in Live!

Get 1:1 Help Now