durenthal Posted April 9, 2004 Share Posted April 9, 2004 My smtp relay server (private relay, not open, running postfix) is receiving hundreds of messages a day from sonic.hosts.com. The messages violate RFC's by using my domain name in the HELO instead of their own, so postfix is bouncing the message, and reporting that bounce to me. Even if I were to temporarily remove the check_helo_access check, the messages are to a non-existent account in my domain, which is in a recipients ACL, so I'd still be blocking the message, and if I removed that, I'd have to create an account to receive the spam, just so I could forward it to spamcop. Further, the from address is spoofed each time, so postfix will catch it based on that. There's got to be a better way. Here's a typical report from my server (my domain name replaced with mydomain.com for the sake of privacy): Transcript of session follows. Postfix SMTP server: errors from sonic.hosts.com[67.105.143.66] Mail Delivery System [MAILER-DAEMON[at]smtp.mydomain.com] Out: 220 smtp.mydomain.com ESMTP Postfix - UCE Trespassers will be pursued In: EHLO mydomain.com Out: 250-smtp.mydomain.com Out: 250-PIPELINING Out: 250-SIZE 10240000 Out: 250-ETRN Out: 250 8BITMIME In: MAIL FROM:<aegis_cg[at]mindspring.com> Out: 250 Ok In: RCPT TO:<jimh[at]mydomain.com> Out: 554 <mydomain.com>: Helo command rejected: You are not mydomain.com Session aborted, reason: lost connection Note: I have already complained to postmaster[at]hosts.com, abuse[at]hosts.com (address doesn't exist), administrator[at]hosts.com (address doesn't exist), and 'desheley[at]HOSTSCORP.COM' (The technical contact for hosts.com) - all with no response. Link to comment Share on other sites More sharing options...
Miss Betsy Posted April 9, 2004 Share Posted April 9, 2004 I think where you want to go to get really good answers to your question is the spamcop.geeks newsgroup. There are lots of people who run servers who frequent that newsgroup. Here, many of the posters are non-technically fluent (like me). Miss Betsy Link to comment Share on other sites More sharing options...
Jeff G. Posted April 9, 2004 Share Posted April 9, 2004 Please try abuse[at]xo.com (where SpamCop would report spam from that IP Address due to XO's ownership of 67.104.0.0/14), postmaster[at]hostscorp.com, and abuse[at]hostscorp.com. Also, please report those "address doesn't exist" situations using RFC-Ignorant.Org. Thanks! Link to comment Share on other sites More sharing options...
durenthal Posted April 9, 2004 Author Share Posted April 9, 2004 I got an automated response from abuse[at]xo.com, and this result from abuse[at]hostscorp.com: Your message did not reach some or all of the intended recipients. Subject: FW: Abuse report Sent: 4/9/2004 12:18 PM The following recipient(s) could not be reached: abuse[at]hostscorp.com on 4/9/2004 12:19 PM The e-mail system was unable to deliver the message, but did not report a specific reason. Check the address and try again. If it still fails, contact your system administrator. < smtp.mydomain.com #5.0.0 X-Postfix; host mx.hosts.com[67.105.143.87] said: 501 Invalid recipient address (no such address at this site) (in reply to RCPT TO command)> I would still like to find a way to have spamcop add sonic.hosts.com[67.105.143.66] to the BL... Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.