Spam/bounce problem

James Pattie james at PCXPERIENCE.COM
Thu Dec 18 16:16:42 GMT 2003


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Tony Johansson wrote:
| I have a problem with bounces at a school where I help support their
| MailScanner installation.
|
| It seems spammers use the schools domain name with faked usernames as a
| return address. I've seem this at a different site but it was just a dozen
| or so which could easily be entered into sendmails access.db
|
| The school now gets approx 8-10.000 of these bounces daily, which is about
| 80% of their total traffic. The return addresses are random so adding them
| to access.db is not an option. The machine running MailScanner is pretty
| low end and has problems keeping up with the queues.
|
| The flow is something like this:
|
| 1. Spammer sends spam to abc at domain.com, spam has the spoofed return
| address xyz at school.com
| 2. No such user at domain.com/mailbox full/disabled etc
| 3. Mail bounces to xyz at school.com (with return path "<>")
| 4. Smtpgate at school.com (running mailscanner) accepts message, forwards
| to internal server
| 5. Internal server sees that the address xyz at school.com is non-existant
| 6. Internal server tries to bounce the message, to xyz at school.com, but
| naturally it cannot be delivered
| 7. Message is sent to postmaster at school.com, "I tried to deliver a bounce
| message to this address, but the bounce bounced!"
|
| Does anyone have a remedy for this problem?
|

use the sendmail double bounce suppression feature talked about recently on this
list.

in sendmail.mc:
- ----
define(`confDOUBLE_BOUNCE_ADDRESS',`double-bounce')dnl
- ----

rebuild sendmail.cf

in aliases:
- ----
double-bounce: /dev/null
- ----

newaliases

now any e-mails that bounced and the bounce message bounces will be delivered to
/dev/null. :)

- --
James A. Pattie
james at pcxperience.com

Linux  --  SysAdmin / Programmer
Xperience, Inc.
http://www.pcxperience.com/
http://www.xperienceinc.com/

GPG Key Available at http://www.pcxperience.com/gpgkeys/james.html
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQE/4dLptUXjwPIRLVERAqmcAJ9Y7bDmPIDP44MLyQDO6XwuozZ/ugCeIoh4
3zKSGmPR08Hy7bwWFI6yTUw=
=j+S0
-----END PGP SIGNATURE-----


--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
MailScanner thanks transtec Computers for their support.



More information about the MailScanner mailing list