Spam/bounce problem

Tony Johansson tony.johansson at SVENSKAKYRKAN.SE
Thu Dec 18 14:04:12 GMT 2003

I have a problem with bounces at a school where I help support their
MailScanner installation.

It seems spammers use the schools domain name with faked usernames as a
return address. I've seem this at a different site but it was just a dozen
or so which could easily be entered into sendmails access.db

The school now gets approx 8-10.000 of these bounces daily, which is about
80% of their total traffic. The return addresses are random so adding them
to access.db is not an option. The machine running MailScanner is pretty
low end and has problems keeping up with the queues.

The flow is something like this:

1. Spammer sends spam to abc at, spam has the spoofed return
address xyz at
2. No such user at full/disabled etc
3. Mail bounces to xyz at (with return path "<>")
4. Smtpgate at (running mailscanner) accepts message, forwards
to internal server
5. Internal server sees that the address xyz at is non-existant
6. Internal server tries to bounce the message, to xyz at, but
naturally it cannot be delivered
7. Message is sent to postmaster at, "I tried to deliver a bounce
message to this address, but the bounce bounced!"

Does anyone have a remedy for this problem?

I guess I could only accept messages (at #4) for legitimate users but that
would probably attract some directory harvest attacks. Not to mention
keeping the list up to date.

Is it possible to run bounced messages (from:<>) in a different queue with
lower priority? Any ideas on how to do this the MailScanner and sendmail?

Regards, Tony

More information about the MailScanner mailing list