Silent Runners is a Visual Basic script, which can be used to scan a system for software that starts automatically when Windows starts, which may aid you in determining if a system is infected with malware.
[ More Info ]
|
|
[ More Info ]
someuser@frostdragon.com
. There is
an account, someuser
on the system and email addressed to
someuser@moonpoint.com
should go through, but, though email for
both domain names is processed by the server, email to
someuser@frostdragon.com
should not be delivered. Presumably,
since someuser
is acually a common male name, email addressed to
someuser@frostdragon.com
is from some spammer trying common
names to deliver his spam.
I edited /etc/mail/access
and added the line below:
someuser@frostdragon.com 550 Mailbox disabled for this recipient
The 550
is a standard error code for an email server to return
to an email client when email is rejected. You can specify whatever message
you wish after it. In this case I chose "Mailbox disabled for this recipient".
I could have just used the following line instead, if I didn't want to specify
my own specific error message.
someuser@frostdragon.com REJECT
After executing the command makemap hash /etc/mail/access
</etc/mail/access
to rebuild the access database file, you can test
the block by establishing a telnet connection to port 25 on the server,
issuing an helo
or ehlo
command, then a mail
from
command with any address as the "from" address, and then a
rcpt to
command with the relevant recipient address.
mail from: someone@example.com
250 2.1.0 someone@example.com... Sender ok
rcpt to: someuser@frostdragon.com
550 5.0.0 someuser@frostdragon.com... Mailbox disabled for this recipient
rcpt to: someuser@moonpoint.com
250 2.1.5 someuser@moonpoint.com... Recipient ok
quit
221 2.0.0 frostdragon.com closing connection
From the above, I can see that email to the address I wanted marked as invalid
is rejected immediately, but email to the same username at a different domain
name gets through. Mail with a "from" address of
someuser@frostdragon.com
would still be accepted,
even though it is now rejected as a "to" address.
Since I don't want the server to accept email if that address appears as
a "from" address either, I added the line below to /etc/mail/access
as well and rebuilt the access database with makemap hash /etc/mail/access
</etc/mail/access
.
From:someuser@frostdragon.com 550 We don't accept mail from spammers
If you try sending using a "from" address of someuser@frostdragon.com
now, the message will be rejected. However, if you test the block by
the telnet e.g. telnet frostdragon.com 25
and then issuing
an ehlo
or helo
command followed by mail
from
and rcpt to
commands, you won't see the rejection
message until you've entered the rcpt to
command, i.e. it
doesn't occur when the mail from
command is issued.
mail from:<someuser@frostdragon.com>
250 2.1.0 <someuser@frostdragon.com>... Sender ok
rcpt to:<myself@moonpoint.com>
550 5.0.0 <myself@moonpoint.com>... We don't accept mail from spammers
References: