Slightly OT question for Sendmail gurus

Todd Williams todd.williams at TFCCI.COM
Fri Jun 27 22:31:23 IST 2003


Hello,

Just wanted to take a moment to say MailScanner has been a real life saver
when it comes to keeping away the virus laden spam messages!!  Thank you,
Julian!

Here is the problem:  Someone is, without permission, generating
forged/relayed e-mails using random usernames @ domain name in the "From:"
field, and spamming the world with their garbage.  Unfortunately, we have
little recourse over the domain name being abused in such a way.  As a
result of this, what we are receiving is all of the bounced messages from
the sites where the spam has either been rejected or more frequently where
users no longer exist.

Example below is the typical message from the local mail server to the local
postmaster, stating that the bounced spam message attempting to return (from
a non-existent user on the other end) to the bogus/forged local user, when
of course the bogus local user does not exist.  Basically, it's the remnants
of a message that has fallen undeliverable on both sides.  Names have been
changed to protect the innocent:

-----------
From:     Mail Delivery Subsystem
To:       postmaster at insert-local-domain-here.com
Subject:  Postmaster notify: see transcript for details

The original message was received at Fri, 27 Jun 2003 16:03:51 -0400
from mail at localhost
with id xxxxxxxxxxxxx

   ----- The following addresses had permanent fatal errors -----
<bogususer at insert-local-domain-here.com>
    (reason: 550 5.1.1 User unknown)

   ----- Transcript of session follows -----
550 5.1.1 <bogususer at insert-local-domain-here.com>... User unknown
----------


* Question:  Are there any sendmail rules or configuration magic that we
could put in to send just the "User unknown" undeliverable messages to a
different e-mail alias?  We would still prefer to get all of the other
Postmaster messages, but the numerous user unknown messages such as the
sample above are getting very tiring very fast.

I understand why we're receiving the messages, I just want to know if there
is an easy way of redirecting just this type of message.  We could re-alias
postmaster to deliver to /dev/null, but that is not the answer we're looking
for.  I have Google'd many many pages, and searched the sendmail sites to no
avail.  Can any one lend a suggestion or is this an impossibility?

TIA,

Todd Williams
Twenty First Century Communications



More information about the MailScanner mailing list