Spammers forged my address - help unbury me from bounces?

Chuck Swiger cswiger at
Wed May 28 22:58:05 PDT 2003

Kirk Strauser wrote:
> Some jackass(es) sent a bunch of spam with forged From: headers referring to
> non-existent accounts on one of my domains.  Consequently, I've been getting
> about 20,000 bounce messages per day to Erin at,
> Michelle at, etc.  What's a good way to handle these?

Don't accept the messages in the first place; that way, your machines won't have 
responsibility for trying to bounce the messages later on.

[ ... ]
> if ($user == 'Erin' or $user == 'Michelle')
> {
>    send 550 to remote server
>    do nothing else at all
> }

You don't mention which mail server you are using, but if you haven't changed 
the default FreeBSD MTA, add something like:

erin at		550 I don't want this mail!
michelle at		550 I don't want this mail! /etc/mail/access and do a "make" in /etc/mail.

[ ...slightly disordered, but hey... ]
> If I don't set up any aliases for those users, then I get bounce messages
> from my own mailserver telling me that it couldn't deliver the original
> bounce messages to the fake usernames.

You could also add something like this to your .mc file:

define(`confDOUBLE_BOUNCE_ADDRESS', `nobody')dnl suppress the double-bounce mail being generated.


More information about the freebsd-questions mailing list