AW: [Dshield] victim of spam-trash

Martin Muller mueller at
Mon Mar 11 09:45:45 GMT 2002

Hi all,

first sorry, that i have not answered earlier, but it was weekend, and i had
no chance to read my mails. :-)
Thanks to all who has answered my posting.

I think, there is no real way to stop this(the only way is, to release the

Since we are located in germany, i consider to go to the german police,
which has a own "internet-criminality-work-group"  but i dont think that
they have any real chance.

Thanks to all,


Martin Mueller
Webpartner Kommunikationsdienste GmbH
Metzstrasse 14b
81667 Muenchen

-----Ursprungliche Nachricht-----
Von: list-admin at [mailto:list-admin at]Im Auftrag
von Dave Young
Gesendet: Freitag, 8. Marz 2002 19:28
An: list at
Betreff: Re: [Dshield] victim of spam-trash

> Hash: SHA1
> > A spammer is sending tons of emails with the email-adress
> > eddiecandy2782 at as reply-to or mail from in the header.
> > The Domain belongs to a customer from us. (Which isn't the
> You should be able to configure your mail server to bounce all email to
> this userid (and still allow email to other users in that domain).

that would jsut bounce or /dev/null the bounce or reply. People will still
get spam from what looks like eddiecandy2782 at since the mail isn't
routing through his mail server in the first place.

you could test this now...  change your from address to the eddie at
address and send some mail to an address that you know will bounce.
Martin will soon get your bounce, that's exactly what's happening in this

the only thing he can do is stop the person(s) who is sending the mail,
which is hard to do. It's no different then me changing my from: address
to jullrich at, people will think the mail is coming from you, not
me, unless they look through the headers and realize it's not coming from
a machine....

jsut as an example, there's nothing you could really do to stop me from
doing that...  of course all replies and bounces would come to you (unless
I can control your DNS server, which I then could make the MX for
to point to some machine I control)

so yaeh, I hate to say it but he's pretty much farked, there's nothing he
can do except try and stop the people from using his domain in the from


> You probably want to filter these based on the envelope, not based on
> headers, to limit processing time wasted. In sendmail, look at the
> 'blacklist_recipients' feature. In qmail, you have to make sure there is
> no alias setup for the user.
> other than that, there is not much you can do.
> - --
> - -------
> jullrich at                    Join
>                           Distributed Intrusion Detection System
> Version: GnuPG v1.0.6 (GNU/Linux)
> Comment: For info see
> jmuPuu7C0Kz4MRIkvuTRe2A=
> =yqFN
> _______________________________________________
> Dshield mailing list
> Dshield at
> To change your subscription options (or unsubscribe), see:

Dshield mailing list
Dshield at
To change your subscription options (or unsubscribe), see:

More information about the list mailing list