Donncha O Caoimh said:
> Check out the headers of this spam we got. Should I be worried that they
> called the hostname of their dial-up machine "mail.tradesignals.com",
> the same hostname as our mail server, or is it likely that they somehow
> changed hostname for every domain they delivered mail to.
>> A search on google shows that "Prospect Mailer 2000" is a bulk email
> program which might have the facilities for doing such a thing easily.
Yes, it is. It doesn't even need to change the system hostname, that
"Received" header is just reporting the hostname used in hte SMTP HELO
command. So "Prospect Mailer 2000" does something like this:
$addr = "chartsupport at tradesignals.com";
$host = (MX for "tradesignals.com")
connect to $host on port 25
print HELO $host
print MAIL FROM:<Traders.International>
print RCPT TO:<$addr>
print DATA, message, .
print QUIT
That's why the Received header used "mail.tradesignals.com" but reported
it with an entirely different IP address and DNS-reverse-lookup name. If
you add some antispam rules (or use Postfix ;) that mail would have been
blocked.
BTW at the least, I'd take that as a good sign to bit-bucket any mail sent
using the X-Mailer header "Prospect Mailer 2000". ;)
Interesting to note that you're on an entirely different spam list from
the ones I'm on, I've never seen spam via fl-teq1b-616.pbc.adelphia.net ;)
--j.
Maintained by the ILUG website team. The aim of Linux.ie is to
support and help commercial and private users of Linux in Ireland. You can
display ILUG news in your own webpages, read backend
information to find out how. Networking services kindly provided by HEAnet, server kindly donated by
Dell. Linux is a trademark of Linus Torvalds,
used with permission. No penguins were harmed in the production or maintenance
of this highly praised website. Looking for the
Indian Linux Users' Group? Try here. If you've read all this and aren't a lawyer: you should be!
