Spam from igniterealtime.org

Archive System Admin
1

Hi,

currently one can connect from anywhere to mail.igniterealtime.org:25 and send emails:

220 mail.igniterealtime.org ESMTP
HELO mail.igniterealtime.org
250 mail.igniterealtime.org
MAIL FROM hostmaster@igniterealtime.org
250 ok
RCPT TO it2000@web.de hostmaster@igniterealtime.org
250 ok
DATA
354 go ahead
my spam text
.
250 ok 1284241746 qp 6138

HTTP Header of such a mail:

Delivered-To: igniterealtime.org-hostmaster@igniterealtime.org
Received: (qmail 3277 invoked by uid 89); 11 Sep 2010 20:43:03 -0000
Received: from unknown (HELO 200-161-124-188.dsl.telesp.net.br) (200.161.124.188)
by mail.igniterealtime.org with SMTP; 11 Sep 2010 20:43:03 -0000

It seems that the email is delivered to “hostmaster”. This must not be the case as we do currently receive spam.

LG

2

What can we do? Maybe ping Benjamin about this?

3

I did ask Daryl and it should be possible to configure the mail server to disallow this kind of operation. SBS must be able to send emails to everyone while everyone who does reply to a mail does usually want to send the mail to SBS and to no one else. Anyhow the same mail server is used currently so the configuration can become tricky. It may be more easy if one could use two mail servers. I assume that Benjamin did already receive a SMS notification of this new post but he’ll wait until Monday to read the post in detail.

4

The SMTP server is managed by Contegix. Daryl or another admin should email Contegix support to resolve the issue.

Benjamin Sherman

5

HI Oleg,

if I did understand Daryl right it was a small configuration issue. “hostmaster” was forwarded to “admin” and thus the “admin” users did get the hostmaster emails. Hopefully no one sends spam to “admin” (;

LG

6

Hi Daryl,

is it possible to remove the webmaster–>admin forward? You did already remove the hostmaster–>admin forward as far as I can tell.

And it would be great if we could reject emails with “transitioning SPF records” - qmail detects that this is spam but it still acceppts the message. Do we need to accept those messages or should we ask Contegix to reconfigure qmail to reject those messages?

LG

Hi. This is the qmail-send program at mail.foo.bar.
I'm afraid I wasn't able to deliver your message to the following addresses.
This is a permanent error; I've given up. Sorry it didn't work out. <user@other.domain>:
1.2.3.4 failed after I sent the message.
Remote host said: 550 5.0.0 Email rejected because spam probability is too high. Please see:<http://www.it.other.domain/spam> --- Below this line is a copy of the message. Return-Path: <webmaster@foo.bar>
Received: (qmail 23216 invoked by uid 89); 18 Sep 2010 01:48:11 -0000
Date: 18 Sep 2010 01:48:11 -0000
Message-ID: <20100918014811.23212.qmail@mail.foo.bar>
Delivered-To: user@foo.bar
Received: (qmail 23202 invoked by uid 89); 18 Sep 2010 01:48:11 -0000
Delivered-To: foo.bar-admin@foo.bar
Received: (qmail 23200 invoked by uid 89); 18 Sep 2010 01:48:11 -0000
Delivered-To: foo.bar-webmaster@foo.bar
Received: (qmail 23198 invoked by uid 89); 18 Sep 2010 01:48:10 -0000
Received: from unknown (HELO 18970129156.user.spam.spam.br) (11.22.33.44)
by mail.foo.bar with SMTP; 18 Sep 2010 01:48:10 -0000
Received-SPF: softfail (mail.foo.bar: transitioning SPF record at foo.bar does not designate 11.22.33.44 as permitted sender)
From: webmaster@foo.bar
To: webmaster@foo.bar
Subject:RE: 18.9.2010 V|AGRA ® Official 49% 0FF!
MIME-Version: 1.0
Content-Type: text/plain; charset="ISO-8859-1"
Content-Transfer-Encoding: 7bit