[CentOS] dealing with spoofing

[Josh Miller]

On 08/31/2011 01:37 PM, Josh Miller wrote:
> On 08/31/2011 01:33 PM, m.roth at 5-cent.us wrote:
>> Josh Miller wrote:
>>> On 08/31/2011 01:27 PM, m.roth at 5-cent.us wrote:
>>>> Stephen Harris wrote:
>>>>>> Here's a thought I just thunk, folks: some scum, apparently in eastern
>>>>>> Europe, has harvested my email, and is using it in the Reply-To: in
>>>>>> its spamming efforts. Now, I realize that some mails go out from
>> <snip>
>>>>> Anyway, the SMTP server should send the delivery failure to the
>>>>> envelope address, which may be different to both the From and Reply-To
>>>>> addresses.
>>>>>
>>>> That would be lovely. Unfortunately, a high percentage seem to use the
>>>> Reply-To address. Trust me, the last four or five months, I've gotten
>>>
>>> The Reply-To address is an optional component of the email header and is
>>> not used in email routing by mail servers.
>>
>> I'm well aware that it's an optional component.
>
> Thank you for that clarification.
>
>> <snip>
>>> Mail server will send NDRs (non-delivery receipts) back to the envelope
>>> sender every time with no regard for From or Reply-To.
>>
>> You're saying it uses the envelope, not if exists Reply-To, else From? The
>> problem I have with that is that a few of them have returned the email,
>> with full headers, and I see the *only* reference to my email address is
>> in the Reply-To.
>
> You are seeing the "full" email headers.  You will not see the envelope
> headers unless you capture packets or view mail server logs, etc..
>
>

Mark,

Why don't you use your SPF record to prevent spoofing (to most 
providers...)?

 > dig -t txt 5-cent.us
...
5-cent.us.              14400   IN      TXT     "v=spf1 a mx ptr 
include:hostmonster.com ?all"
...

You have one but you're not using it to prevent spoofing.

-- 
Josh Miller
Open Source Solutions Architect
http://itsecureadmin.com/