Re: SPAM and Sendmail 8.9.3
  • From: "S.Toms" <smotrs@xxxxxxxxxxxxxx>
  • Date: Tue, 29 May 2001 17:35:28 -0700 (PDT)
On Tue, 29 May 2001 laszlo@xxxxxxxxxx wrote:

l> I've been receiving a bit of Spam e-mail with the Return-Path: and
l> From: headers forged. What I don't get is how the To: header can be
l> forged. What rule-sets do I need to block this type of spam?
l> In the header below, how is mail directed at webmaster@xxxxxxxxxx?
l> Any help would be apprciated.

What probably happened is that they included a boat load of addresses in
the BCC section, which won't show up in your headers. This enables them to
put any bogus address they want into the TO line and filter the bounce out
on their own system.
You can always add a procmail rule which will filter any messages not
specifically for you like the following

DOMAINS="your domain name"
ADDRESSES="list of addresses, seperated by a |, no spaces"

* $!^(Sender|From|Reply-To):.*(${DOMAINS}|${HOST})
* $!^(Apparently.*|To|Cc):.*(${ADDRESSES}|${LOGNAME}@${HOST})
* ^Subject:.* \/.*
| formail -bfI "X-Loop: ${LOGNAME}@${HOST}" \
-bfI "Subject: SPAM: $MATCH"


I recommend putting it towards the end of your current filters, but
that's entirely up to you.

l> Return-Path: <pauele109@xxxxxxx>
l> Received: from ([])
l> by (8.9.3/8.9.3/SuSE Linux 8.9.3-0.1) with ESMTP id
l> AAA18319
l> for <webmaster@xxxxxxxxxx>; Mon, 28 May 2001 00:23:00 -0400
l> Received: from 4ipcgm.localhost (
l> [])
l> by
l> (Sun Internet Mail Server sims.4.0.2000.
l> with SMTP id <0GE100BZB0P8KT@xxxxxxxxxxxxxxxxxxxxxxxxx> for
l> webmaster@xxxxxxxxxx; Sun, 27 May 2001 22:41:27 -0500 (CDT)
l> Date: Sun, 27 May 2001 20:51:13 -0800
l> From: geroeg856@xxxxxxx
l> Subject: Rates DROPPED! Home loans, refinancing and much more! -omwmgpvn
l> To:
l> Message-id: <7b6etu33v53y47pd1u8.mbp71c4vvq5gf74p3x@xxxxxxxxxxxxxxxx>
l> MIME-version: 1.0
l> Content-type: text/html; charset=iso-8859-1
l> Content-transfer-encoding: 7BIT

