![surgemail history surgemail history](https://netwinsite.com/yes/help/img_osx/simple.png)
![surgemail history surgemail history](https://www.corelan.be/wp-content/uploads/2010/05/image41.png)
![surgemail history surgemail history](http://www.breslov.com/en/images/9/9f/Martins_page.gif)
This puts it in a whole other category of trouble.
Surgemail history password#
Update: After looking closer at your log, someone was able to AUTH using a valid username and password for your server. When the message is actual spam, there are far better ways to detect and block it, including RBLs, Bayesian filters, and SpamAssassin.Īnd finally, you can prevent at least some of the forgeries using by setting up proper SPF records for your domain. Spammers, in my experience, rarely use an empty MAIL FROM: since they can easily fake a real-looking address. The spammer sends a message to faking the return address as Since there is no user johnq in my domain, my mail server sends a bounce message ( MAIL FROM:) to the apparent sender, That is what you are probably seeing.īlocking empty MAIL FROM messages will do more harm than good, in my opinion. Instead, a spammer has faked an address at your domain and used it as the return address for a message to another domain. The empty MAIL FROM: messages that you are seeing are probably not coming from a spammer. Your users would not get bounce messages from other domains: they would never know if they made a typo when sending mail to a user at another domain.What would happen if you block messages with an empty MAIL FROM:? Without this, it might be possible for someone to DoS you simply by faking a message to a non-existent user at another domain, with a return address of a non-existent user at your own domain, resulting in a never-ending loop of bounce messages. When MAIL FROM is used with an empty address (represented as ), the receiving server knows not to generate a bounce message if the message is being sent to a non-existent user. It’s used primarily for bounce messages, to prevent an endless loop. Mail servers are required to support it ( RFC 1123 section 5.2.9). The empty MAIL FROM is used for delivery status notifications. Why an empty FROM address is consider OK? Actually, in our MTA(surgemail), we can see the sender in the email header. We have firewall to ratelimit the sender, but for the following email, the firewall couldn't do this because of the empty FROM address. Recently, we found that hacker had hacked some user accounts and sent out lots of spams.