FYI,
Background:
I am a Unix admin using procmail to filter the postmaster mail
for our domain. Nothing real sophisticated as far as the
filtering.
Problem:
Some bonehead/spammer is forging our domain. Which leads
to many complaints from users who don't know to read the
actual headers to determine that the mail did not originate
from our site. (We have contacted our legal department
regarding this issue for possible litigation)
Solution:
Can anyone help me with a recipe that would allow me to
auto reply with some reliability to forged spam complaints
such as the two listed below? Also what can you do to prevent
looping conditions when implementing auto-replies?
Base it off the phrases "INTERNATIONAL DRIVER'S LICENSE" and
"UNIVERSITY DEGREE PROGRAMS" since the spammer is changing the
forged from address on a regular basis?
Any help would be greatly appreciated.
-
Regards,
Carlos F. Sotero
Enterprise Messaging
Motorola
602-446-5246
csotero(_at_)motorola(_dot_)com
Example one:
Received: by mail2 for srs
(with Cubic Circle's cucipop (v1.21 1997/08/10) Wed Dec 9 09:56:10
1998)
X-From_: c103e3y(_at_)email(_dot_)comm(_dot_)mot(_dot_)com Wed Dec 09
09:53:49 1998
Return-Path: <c103e3y(_at_)email(_dot_)comm(_dot_)mot(_dot_)com>
Delivered-To: srs(_at_)teleport(_dot_)com
Received: (qmail 12558 invoked from network); 9 Dec 1998 09:53:48 -0000
Received: from unknown (HELO server1.car-pi.es) (195.76.38.2)
by smtp5.teleport.com with SMTP; 9 Dec 1998 09:53:48 -0000
Received: from d48-xa101h1-toro-pdi.attcanada.net by server1.car-pi.es
with
SMTP (Microsoft Exchange Internet Mail Service Version 5.0.1457.7)
id YJM06226; Mon, 7 Dec 1998 04:43:29 +0100
To: uyh5(_at_)aol(_dot_)com
Bcc: srs(_at_)seesignature(_dot_)lineaddress, srs(_at_)shore(_dot_)net,
srs(_at_)sysalt(_dot_)com,
srs(_at_)taurus(_dot_)nynexst(_dot_)com, srs(_at_)teleport(_dot_)com,
srs(_at_)westworld(_dot_)com,
srsad12(_at_)uvvm(_dot_)uvic(_dot_)ca, srsaeed(_at_)hotmail(_dot_)com,
srsamples(_at_)delphi(_dot_)com,
srsamyn(_at_)vnet3(_dot_)vub(_dot_)ac(_dot_)be
From: <c103e3y(_at_)email(_dot_)comm(_dot_)mot(_dot_)com>
Subject: hello
content-length: 698
INTERNATIONAL DRIVER'S LICENSE
Need a new driver's license?
Too many points or other trouble?
Want a license that can never be suspended
or revoked?
Want ID for nightclubs or hotel check-in?
Avoid tickets, fines, and mandatory driver's
education.
Protect your privacy, and hide your identity.
The United Nations gave you the privilege to
drive freely throughout the world! (Convention
on International Road Traffic of September 19,
1949 & World Court Decision, The Hague,
Netherlands, January 21, 1958)
Take advantage of your rights. Order a valid
International Driver's License that can never
be suspended or revoked.
Confidentiality assured.
CALL NOW!!!
1-937-586-9313
Example two:
Received: from ns.de.ibm.net (ns.de.ibm.net [152.158.2.48])
=09by Starbase.NeoSoft.COM (8.8.8/8.8.8) with ESMTP id AAA18617;
=09Mon, 7 Dec 1998 00:39:25 -0600 (CST)
From: tro3ym(_at_)rtsg(_dot_)mot(_dot_)com
Received: from as (hil-qbu-ppx-vty46.as.wcom.net [209.154.58.46]) by
ns.de.=
ibm.net (8.9.1a/8.8.2) with SMTP id HAA117318; Mon, 7 Dec 1998 07:39:39
+01=
00
Date: Mon, 7 Dec 1998 07:39:39 +0100
Message-Id:
<199812070639(_dot_)HAA117318(_at_)ns(_dot_)de(_dot_)ibm(_dot_)net>
To: guy(_at_)earthlink(_dot_)net
Subject: info requested
UNIVERSITY DEGREE PROGRAMS
Increase your personal prestige and money=20
earning power through an advanced=20
university degree.=20
Eminent, non-accredited universities will=20
award you a degree for only $200.=20
Degree granted based on your present=20
knowledge and experience. No further=20
effort necessary on your part.
Just a short phone call is all that is required for a=20
BA, MA, MBA, or PhD diploma in the field of your=20
choice.=20
For details, call 602-230-4252