Flaw In List Software

Paul Wiener pmmail@rpglink.com
Thu, 03 Jun 1999 16:06:11 -0700 (PDT) 

On Thu, 03 Jun 1999 00:17:45 -0700, Steve Lamb wrote:

>Received: from smtp02.primenet.com [206.165.6.132] (daemon)
>	by rpglink.com with esmtp (Exim 2.05 #1 (Debian))
>	id 10pRbD-0005Pk-00; Thu, 3 Jun 1999 00:07:35 -0700
>Received: (from daemon@localhost)
>	by smtp02.primenet.com (8.8.8/8.8.8) id AAA18943
>	for <pmmail@rpglink.com>; Thu, 3 Jun 1999 00:07:33 -0700 (MST)
>Received: from ip34-106.bur.primenet.com(207.218.34.106)
> via SMTP by smtp02.primenet.com, id smtpd018902; Thu Jun  3 00:07:23 1999
>
>    Rpglink is me, I know that is valid and it says it is coming from
>smtp02.primenet.com.  The next header is smtp02.primenet.com.  So at the very
>leasy, if your message were spam, you would want to complain to primenet.com,
>not rpglink.com.  If you send them the message with full headers they would
>see the next one which, BTW, like a custom headers (many ISPs do that now to
>cut down on forging) that points directly to your ip and time on according to
>their clocks.  From there they check the radius entry and nail you.
>
>    In the months I was postmaster at a smaller ISP usually all you needed
>were the first two headers.  "Here" and "there" and "there" was either where
>the spammer was coming from *or* was the open relay.  In either case, it is
>"there" that the complaint goes to, not "here."  :)

Okay, I guess what I'm really leading up to is that when you get spam with
fake headers, and with a long list of nodes between your address and the
sender's, it's hard to tell where the forgery begins. If you want to go back
as far as possible, you can test the entries that look like SMTP hosts to see
if they're open servers. If one is, you can send it a message telling them
they're being used by spammers and asking them to stop accepting relay mail,
and/or ask them to trace the particular piece of spam that apparently went
through their system.

I've noticed that many spammers use open mail servers in remote locations in
Asia and Europe. I suspect that the administrators of many of these servers
might be unresponsive.

P.S. Exactly how do you configure sendmail.cf to reject relay mail?

--
___________
Paul Wiener

paulish@paulish.com
got_the_T-shirt@been-there.com
paulish@cyberjunkie.com
paulish@planetarymotion.net
paulish@thepentagon.com
paulish@usa.net
tinea-pedis@bigfoot.com
KJ6AV@callsign.net
pw@i.am
--------------------------------------------------------