Spammers forged my address - help unbury me from bounces?
Chuck Swiger
cswiger at mac.com
Wed May 28 22:58:05 PDT 2003
Kirk Strauser wrote:
> Some jackass(es) sent a bunch of spam with forged From: headers referring to
> non-existent accounts on one of my domains. Consequently, I've been getting
> about 20,000 bounce messages per day to Erin at honeypot.net,
> Michelle at honeypot.net, etc. What's a good way to handle these?
Don't accept the messages in the first place; that way, your machines won't have
responsibility for trying to bounce the messages later on.
[ ... ]
> if ($user == 'Erin' or $user == 'Michelle')
> {
> send 550 to remote server
> do nothing else at all
> }
You don't mention which mail server you are using, but if you haven't changed
the default FreeBSD MTA, add something like:
erin at honeypot.net 550 I don't want this mail!
michelle at honeypot.net 550 I don't want this mail!
...to /etc/mail/access and do a "make" in /etc/mail.
[ ...slightly disordered, but hey... ]
> If I don't set up any aliases for those users, then I get bounce messages
> from my own mailserver telling me that it couldn't deliver the original
> bounce messages to the fake usernames.
You could also add something like this to your .mc file:
define(`confDOUBLE_BOUNCE_ADDRESS', `nobody')dnl
...to suppress the double-bounce mail being generated.
-Chuck
More information about the freebsd-questions
mailing list