Spammers using SpamFilter to send Spam |
Post Reply 
|
| Author | |
ITI Computers 
Newbie 
Joined: 12 June 2008 Status: Offline Points: 12 |
 Post Options
 Thanks(0)
 Quote Reply
 Topic: Spammers using SpamFilter to send SpamPosted: 26 July 2010 at 10:03am |
|
Hello,
I discovered on Friday that Spammers are using the SpamFilter program to send out their Spam. I did not know that was possible. We talked to our Host Provider RackSpace and they showed us how it is being done, the following is from their Technician...
"What's happening is spammers are connecting to the spam filter on the 67.192.242.2 IP address. They send a message to a bogus recipient on the aps2000.com domain, and set the Reply-To address in the headers to whoever they want to send spam to. I was able to test and exploit this once I figured out what was going on.
When the spam filter tries to deliver to Imail, it gets an error that the user is invalid. The spam filter then sends an error message to the Reply-To address, using "Webmaster" <webmaster@iticomputers.com> as it's from address. Because Imail allows relay from 192.168.100.199, it sends this error message out. It essentially is backscatter spam, but the wrinkle is Imail isn't sending backscatter, the problem is the way your spam filter handles errors. In order to solve this issue, you need to configure your spam filter not to send an error message when a user doesn't exist." Please advise on how we can configure SpamFilter to prevent this.
We are using Version 4.0.1.785
Thanks,
Bill Turner
|
|
|
ITI Computers
Web Design and Hosting |
|
 |
|
|
LogSat
Admin Group 
Joined: 25 January 2005 Location: United States Status: Offline Points: 4104 |
Post Options
Thanks(0)
Quote Reply
Posted: 26 July 2010 at 9:23pm |
|
Bill,
SpamFilter v4.2.4.830 that was released a few months ago has the following feature, which is exactly what you're looking for: / New to VersionNumber = '4.2.4.830'; {TODO -cNew To avoid backscatter, if an incoming email passes all filtering rules, but cannot be forwarded (ex. mailbox full, non-existent user), SpamFilter maintains open the incoming remote connection until it can verify with the destination server that the email can be delivered. If not, a 5xx error is output forcing the remote server to generate the NDR, rather than having SpamFilter send an NDR notification email} With versions of SpamFilter prior to v4.2, a very effective way to both eliminate the backscatter and to at the same time reduce spam, is to implement the "Authorized TO" whitelist in SpamFilter. If you provide SpamFilter a list with all the valid email users on your system, SpamFilter will immediately reject any attempt to deliver emails to non-existent users. This causes an immediate disconnect of the spammer, without any NDRs (non-deliverable receipt emails) being generated. |
|
|
|
|
ITI Computers
Newbie
Joined: 12 June 2008 Status: Offline Points: 12 |
Post Options
Thanks(0)
Quote Reply
Posted: 27 July 2010 at 9:10am |
|
Thanks for the reply.
Adding our users to the "Authorized To" list is not a viable option, as we have 100's of domains and 1000's of users. And more being added all the time, which we do not control.
I upgraded our SF program yesterday to the newest version on the site, SpamFilter ISP (v4.1.2.812), I did not see a link to the 4.2.4.830 version. Is it stable? And can you provide a link to it either here or to my email?
|
|
|
ITI Computers
Web Design and Hosting |
|
|
|
Topic Options|
Post Reply
|
|
Tweet
|
| Forum Jump | Forum Permissions You cannot post new topics in this forum You cannot reply to topics in this forum You cannot delete your posts in this forum You cannot edit your posts in this forum You cannot create polls in this forum You cannot vote in polls in this forum |
This page was generated in 0.172 seconds.