[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [vps-mail] Question about Sendmail/Spammers
- Subject: Re: [vps-mail] Question about Sendmail/Spammers
- From: "Bennett Lanford" <ben@xxxxxxxxxxxxx>
- Date: Tue, 5 Apr 2005 12:19:31 -0400 (EDT)
On Mon, April 4, 2005 6:19 pm, Abigail Marshall said:
>
> So my question is - technically speaking - is there a way
> that spammers get around or avoid mx records, connecting
> directly with the server on the basis of host name?
It is very simple--and used by many spammers. You can simulate what
spammers do. Here is how to do it:
>From a command line on one of your other servers, telnet to mydomain.com's
port 25:
% telnet mydomain.com 25
Your VPS1 will issue a greeting. Then issue the following commands from
within the telnet session. (I show only your side of the conversation; the
server will respond to each command you issue)
ehlo aol.com
mail from:<abigail@xxxxxxx>
rcpt to:<someone@xxxxxxxxxxxx>
data
{Now enter the text of the mail message. This can include any "to" and
"from" headers of your choosing, subject headers, etc.--whatever you want.
Then finish the conversation with a period at the beginning of a line all
by itself.}
You'll probably need to type "quit" to end the smtp/telnet session.
If your VPS1 accepts the "rcpt to:" command above, then you probably ought
to try to get your VPS1 to remove it from class w ($=w) -- the set of all
domains that the VPS1 *thinks* it receives mail for. (This is a fairly
common problem when two different servers are used, one for mail and one
for web service.)
On the web server that formerly received mail for mydomain.com, removing
mydomain.com from the local-host-names file might not be enough to
convince sendmail that mydomain.com is not a local host name. To know for
sure, enter this command on the web-only VPS:
vps1% echo '$=w' | virtual sendmail -bt
vps2% echo '$=w' | sendmail -bt
(The "vps1%" and "vps2%" above are prompt characters in this example.)
If the output of the command includes mydomain.com, then try this command:
% hostname
If the output is "mydomain.com", your easiest solution is to rename your
server. The rename doesn't have to be anything earth-shattering. It might
be as simple as changing the name to "www.mydomain.com" or
"web.mydomain.com" or <your-favorite-name>.mydomain.com. (Last time I
renamed a VPS, I had to go through the backroom to make it permanent.
After doing it, you should re-check your local-host-names file; I think
the backroom might add the new name to local-host-names ... ???)
Good luck!
Ben
--
Bennett Lanford <ben@xxxxxxxxxxxxx>
There are 10 kinds of people: those that understand binary and those that
don't.
======================================================================
This is <vps-mail@xxxxxxxxxxxx> <http://www.perlcode.org/lists/>
Before posting a question, please search the archives (see above URL).
Main Index |
Thread Index