Spam/bounce problem

[Tony Johansson]

I have a problem with bounces at a school where I help support their
MailScanner installation.

It seems spammers use the schools domain name with faked usernames as a
return address. I've seem this at a different site but it was just a dozen
or so which could easily be entered into sendmails access.db

The school now gets approx 8-10.000 of these bounces daily, which is about
80% of their total traffic. The return addresses are random so adding them
to access.db is not an option. The machine running MailScanner is pretty
low end and has problems keeping up with the queues.

The flow is something like this:

1. Spammer sends spam to abc at domain.com, spam has the spoofed return
address xyz at school.com
2. No such user at domain.com/mailbox full/disabled etc
3. Mail bounces to xyz at school.com (with return path "<>")
4. Smtpgate at school.com (running mailscanner) accepts message, forwards
to internal server
5. Internal server sees that the address xyz at school.com is non-existant
6. Internal server tries to bounce the message, to xyz at school.com, but
naturally it cannot be delivered
7. Message is sent to postmaster at school.com, "I tried to deliver a bounce
message to this address, but the bounce bounced!"

Does anyone have a remedy for this problem?

I guess I could only accept messages (at #4) for legitimate users but that
would probably attract some directory harvest attacks. Not to mention
keeping the list up to date.

Is it possible to run bounced messages (from:<>) in a different queue with
lower priority? Any ideas on how to do this the MailScanner and sendmail?


Regards, Tony