<> in Maillog

This is a discussion on <> in Maillog within the Linux Administration forums, part of the Linux Forums category; Hello Folks, I have from=<> repeatedly in my maillog. I am running postfix-2.1.0- 0.20040209....


Go Back   Usenet Forums > Linux Forums > Linux Administration

Reload this Page <> in Maillog

FAQ Members List Calendar Search Today's Posts Mark Forums Read

Reply

 

LinkBack Thread Tools Search this Thread Display Modes
  #1 (permalink)  
Old 09-01-2004
Nobody
 
Posts: n/a
Default <> in Maillog
Hello Folks,

I have from=<> repeatedly in my maillog. I am running postfix-2.1.0-
0.20040209.18mdk on Mandrake 10. Anybody know what this might be?

Also, recently some isp's have blocked email from my server but none
have yet said why. I checked to see if it is an open relay and it is
not. I am wondering if a Windows desktop has a trojan sending email.

Any help would be appreciated,


Robert A. Ober
Join Linux-Server
http://www.lsoft.com/scripts/wl.exe?...S.NETSPACE.ORG
to converse with other Linux admins.

Reply With Quote
  #2 (permalink)  
Old 09-01-2004
Bit Twister
 
Posts: n/a
Default Re: <> in Maillog
On Wed, 01 Sep 2004 15:30:29 GMT, Nobody wrote:
> Hello Folks,
>
> I have from=<> repeatedly in my maillog. I am running postfix-2.1.0-
> 0.20040209.18mdk on Mandrake 10. Anybody know what this might be?
>
> Also, recently some isp's have blocked email from my server but none
> have yet said why. I checked to see if it is an open relay and it is
> not. I am wondering if a Windows desktop has a trojan sending email.
>
> Any help would be appreciated,

Block the outbound port with your firewall, and go read the email in
the queue.
Reply With Quote
  #3 (permalink)  
Old 09-01-2004
Nobody
 
Posts: n/a
Default Re: <> in Maillog
Bit Twister wrote:

> On Wed, 01 Sep 2004 15:30:29 GMT, Nobody wrote:
>
>>Hello Folks,
>>
>>I have from=<> repeatedly in my maillog. I am running postfix-2.1.0-
>>0.20040209.18mdk on Mandrake 10. Anybody know what this might be?
>>
>>Also, recently some isp's have blocked email from my server but none
>>have yet said why. I checked to see if it is an open relay and it is
>>not. I am wondering if a Windows desktop has a trojan sending email.
>>
>>Any help would be appreciated,
>
>
> Block the outbound port with your firewall, and go read the email in
> the queue.


Good idea, should have thought of that.

It is probably ok, however. Got this from one of my mailing list folks:

Mail from: <> is the proper sender for bounces. This makes sense, as we
wouldn't want bounces caused by bounces, so a non-existing sender is
used. See http://www.rfc-ignorant.org/policy-dsn.php for several
pointers and a reason why you shouldn't block these emails (based on the
<> sender).

Thanks,
Robert

--
Robert A. Ober
Join Linux-Server
http://www.lsoft.com/scripts/wl.exe?...S.NETSPACE.ORG
to converse with other Linux admins.

Reply With Quote
  #4 (permalink)  
Old 09-03-2004
Moe Trin
 
Posts: n/a
Default Re: <> in Maillog
In article <pWlZc.15405$KH.8259@newssvr22.news.prodigy.com> , Nobody wrote:
>Also, recently some isp's have blocked email from my server but none
>have yet said why.

>NNTP-Posting-Host: 208.190.110.197

[compton ~]$ host 208.190.110.197
197.110.190.208.IN-ADDR.ARPA domain name pointer adsl-208-190-110-197.dsl.hstntx
..swbell.net
[compton ~]$

Eeeuuuuuwwwww!!! That's two strikes right there. Because most spam
comes from zombie PCs on cable and DSL hookups, more and more people
are refusing all mail from such hosts.

The second strike is swbell.net - which is maybe one step up from the
bottom of the pit inhabited by uunet/mci.net. I definitely know people
who are refusing connections from swbell, and sbc in general. Don't
feel that you are being picked on - I also know people who are blocking
60.0.0.0/7, 200.0.0.0/6, 218.0.0.0/7 and 220.0.0.0/6 in their firewalls,
nevermind not accepting mail from those blocks. That's most (but not all)
of Asia and Central/South America.

A quick check at SPEWS doesn't show your IP included in any of their
listings, but it's far from the only blocklist. Try going to
http://groups.google.com/ and searching in the news.admin.net-abuse.*
news groups for your specific address, address block, and ISP.

The solution (posted often enough to news.admin.net-abuse.blocklisting)
is as follows:

1) Move to a better network neighborhood (change providers)
2) Complain bitterly to your provider about the block being listed
3) Smarthost your email (send the mail through a clean server)
4) Get the mail admins of your mail destinations to whitelist you
5) Live with being stuck in your ISPs block.

1 and 2 pertain when your ISP is listed in blocklists. 3 does also,
but (along with 4 and 5) also pertain when you are using a dynamic
IP address. Before moving, or arranging for Smarthosting (which means
sending your mail to a "Smarthost" which will forward it for you - this
could be your ISP's mail server), do make a search at google to see
that the prospective host is not itself blacklisted.

Old guy
Reply With Quote
Reply
Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes
Linear Mode Linear Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are Off
[IMG] code is Off
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On



All times are GMT +1. The time now is 06:39 AM.

Contact Us - Usenet Forums - Archive - Top

Powered by vBulletin® Version 3.7.3
Copyright ©2000 - 2008, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO 3.0.0