Forged From header in bounce-o-grams??!? :-(

• Previous message: Forged From header in bounce-o-grams??!? :-(
• Next message: Forged From header in bounce-o-grams??!? :-(
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

david at catwhisker.org (David Wolfskill) writes:
> Among systems that commit this crime against nature, there seem to be
> some that take this a rather mind-boggling step further:  they go so
> far, in generating their bounce-o-grams, as to forge the From header (and
> envelope-sender) in said bounce-o-gram so that it claims to be from
> the domain to which the bounce-o-gram is addressed.

I see I'm not the only person annoyed by these losers.

What I do here is to check the body of any bounce message and I reject
any bounce that doesn't have both an email-address and fullname in
the header-from.  That has cut down on the blow-back bounce-spam quite
a bit.  Luckily spammers haven't started forging the fullnames into
the messages yet.

In my case I use postfix and I add this to body_checks.  This regexp
is only tested against anything inside the msg body.

/etc/postfix/body_checks:

/^From: ([---a-z.+]+)@(|[a-z.]+\.)wsrcc\.com$/
	REJECT Microsoft viruses and virus scanner spam rejected.

I'm sure milters can do something similar.

-wolfgang
-- 
Wolfgang S. Rupprecht                http://www.wsrcc.com/wolfgang/
      Microsoft Vista - because "Virus Installer" was too long.

• Previous message: Forged From header in bounce-o-grams??!? :-(
• Next message: Forged From header in bounce-o-grams??!? :-(
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]