Spammers forged my address - help unbury me from bounces?

Thu May 29 06:57:11 PDT 2003

This sounds like a dictionary attack.  They simply put your domain in and 
run through
hundreds of names and prepend it to your domain.  One or more is bound to 
go through...

Try using the /etc/mail/access file, if you know what IP or domain it is 
coming from...

IPADDRESS/DOMAIN                550 "RELAYING DENIED"

Then after adding those entries to the access file, run:

makemap hash /etc/mail/access < /etc/mail/access

to rebuild the database.

Peter

At 11:41 PM 5/28/2003 -0500, you wrote:
>Some jackass(es) sent a bunch of spam with forged From: headers referring to
>non-existent accounts on one of my domains.  Consequently, I've been getting
>about 20,000 bounce messages per day to Erin at honeypot.net,
>Michelle at honeypot.net, etc.  What's a good way to handle these?  If I set up
>aliases to /dev/null, then I still have to receive an entire bounce message
>before silently discarding it (and even worse, have to watch the
>SpamAssassin milter process it before discarding it).  If I don't set up any
>aliases for those users, then I get bounce messages from my own mailserver
>telling me that it couldn't deliver the original bounce messages to the fake
>usernames.
>
>Help!
>
>What I really want is something like:
>
>if ($user == 'Erin' or $user == 'Michelle')
>{
>    send 550 to remote server
>    do nothing else at all
>}
>
>Is this possible?  Please save me from being pushed over the line, buying a
>paintball gun, and going hunting.
>--
>Kirk Strauser

----------------------------------------------------------------------------------------------------------
Peter Elsner <peter at servplex.com>
Vice President Of Customer Service (And System Administrator)
1835 S. Carrier Parkway
Grand Prairie, Texas 75051
(972) 263-2080 - Voice
(972) 263-2082 - Fax
(972) 489-4838 - Cell Phone
(425) 988-8061 - eFax

I worry about my child and the Internet all the time, even though she's
too young to have logged on yet. Here's what I worry about. I worry
that 10 or 15 years from now, she will come to me and say "Daddy, where
were you when they took freedom of the press away from the Internet?"
-- Mike Godwin

Unix IS user friendly... It's just selective about who its friends are.
System Administration - It's a dirty job, but somebody said I had to do it.
If you receive something that says 'Send this to everyone you know,
pretend you don't know me.

Standard $500/message proofreading fee applies for UCE.