2005/10/26

stopping spammers from sending via your mailing list

George,

First it's paramount that you determine what address the spam is being
sent to. Once that is determined, you can act:

I assume the list is closed and only list members are allowed to post
messages.

If so, then either a) a list member is spamming the list (unlikely) or
b) there is a hole through which spammers are able to address the
list that bypasses the list membership requirement.

The following is only useful if you run sendmail:

I had this problem a couple of years ago, and found that the problem
was well-known: if the list is called foo, then foo-outgoing will
be mentioned in the headers of each outgoing message. This is a
mail alias on your machine that BYPASSES majordomo, so ANY mail to
it will just get sent to the list. Spammer programs on zombie
Windoze computers were harvesting the addresses from the headers
of any email stored on the luser's computer.

The standard fixes are:

1. change your alias for each list so that instead of:

foo: "|/usr/local/majordomo/demime '|/usr/local/majordomo/wrapper resend -p
bulk -M 10000 -l foo -h dudley.casano.com -I foo foo-outgoing'
"

You put

foo: "|/usr/local/majordomo/demime '|/usr/local/majordomo/wrapper resend -p
bulk -M 10000 -l foo -h dudley.casano.com -I foo f0o-0utgoing,null'
"

Note the addition of ",null" to the alias. This prevents sendmail
from putting the outgoing address in the headers. As an extra step,
I changed my outgoing address from foo-outgoing to f0o-0utgoing in
order to invalidate the old compromised outgoing address.

2. Add this magic recipe to your virtusertable:

f0o-0utgoing@casano.com error:nouser User unknown
owner-f0o-0utgoing@casano.com error:nouser User unknown

and do whatever it is on your machine that causes virtusertable.db
to be rebuilt. ("make" on FreeBSD).

This causes sendmail to bounce any message sent to your outgoing alias.

I hope this helps.

Bill Dudley
Jackson, NJ