Possible to remove peter at gizmoman.net from users list Was: The "peter at gizmoman.net" dilemma
Scott Kitterman
ubuntu at kitterman.com
Fri Jan 5 02:16:15 UTC 2007
On Thursday 04 January 2007 21:08, David Hart wrote:
> On Thu 2007-01-04 10:42:47 -0400, Derek Broughton wrote:
> > David Hart wrote:
> > > Take a look at the (forged) headers of the messages and you'll see that
> > > they don't go through Ubunutu servers so there's nothing (directly)
> > > that the list admins can do about it.
> >
> > of course there is - just remove him from the list. I don't think the
> > headers are forged, it's just a very bad autoresponder.
>
> Well of course they're autoresponder messages. Bounce messages _are_
> autoreponder messages but, judging from the messages that I received,
> they are _forged_ bounce messages.
>
> Here's the header where my smtp server (mutt) Received a "bounce":
>
> # Received: from beachbum-server.beach-bum-solutions.com (unknown
> [202.87.14.34]) # by mutt.jynn.tonix.org (Postfix) with ESMTP id
> DBD906E89 # for <ubuntu at tonix.org>; Thu, 4 Jan 2007 07:29:08 +0000
> (GMT)
>
> I _know_ that the IP address that the message came from is correct
> because it was recorded by _my_ server.
>
> # david at mutt:~$ dig +short beach-bum-solutions.com
> # 64.15.205.242
> # david at mutt:~$ dig +short beachbum-server.beach-bum-solutions.com
> # 64.15.205.242
> # david at mutt:~$ dig +short gizmoman.net
> # 202.87.14.34
>
> So the message is actually coming from the IP address of gizmoman.net.
> That doesn't mean that the owner of gizoman.net is responsible for the
> spam - many domains could be pointing at 202.87.14.34 - but _someone_
> who is able to send smtp from that IP address _is_ responsible.
Which says nothing about if it's forged or not. There is no requirement for
mail to be sent from the same IP address as their web server. By your logic
this message I'm typing now is forged.
You are correct though about 202.87.14.34.
The simple solution is for people who get these delivered to their inbox to
report them to Spamcop. This kind of backscatter is considered reportable
spam. If your mail provider uses the Spamcop RBL, once it's one the RBL you
won't see it any more. Also, that will likely affect enough mail to get the
attention of the admins of that server.
Scott K
More information about the ubuntu-users
mailing list