Slightly OT question for Sendmail gurus

Mike Kercher mike at CAMAROSS.NET
Fri Jun 27 22:35:31 IST 2003 

I had a similar problem a little while back.  The undeliverable
notifications were not going to postmaster@ though...they were being
delivered to the spoofed user's account.  I ended up deleting his account
and creating him a new one with no .REDIRECT's or anything.  He had to
manually notify people of his new email address.

Mike


-----Original Message-----
From: MailScanner mailing list [mailto:MAILSCANNER at JISCMAIL.AC.UK] On Behalf
Of Todd Williams
Sent: Friday, June 27, 2003 4:31 PM
To: MAILSCANNER at JISCMAIL.AC.UK
Subject: Slightly OT question for Sendmail gurus


Hello,

Just wanted to take a moment to say MailScanner has been a real life saver
when it comes to keeping away the virus laden spam messages!!  Thank you,
Julian!

Here is the problem:  Someone is, without permission, generating
forged/relayed e-mails using random usernames @ domain name in the "From:"
field, and spamming the world with their garbage.  Unfortunately, we have
little recourse over the domain name being abused in such a way.  As a
result of this, what we are receiving is all of the bounced messages from
the sites where the spam has either been rejected or more frequently where
users no longer exist.

Example below is the typical message from the local mail server to the local
postmaster, stating that the bounced spam message attempting to return (from
a non-existent user on the other end) to the bogus/forged local user, when
of course the bogus local user does not exist.  Basically, it's the remnants
of a message that has fallen undeliverable on both sides.  Names have been
changed to protect the innocent:

-----------
From:     Mail Delivery Subsystem
To:       postmaster at insert-local-domain-here.com
Subject:  Postmaster notify: see transcript for details

The original message was received at Fri, 27 Jun 2003 16:03:51 -0400 from
mail at localhost with id xxxxxxxxxxxxx

   ----- The following addresses had permanent fatal errors -----
<bogususer at insert-local-domain-here.com>
    (reason: 550 5.1.1 User unknown)

   ----- Transcript of session follows -----
550 5.1.1 <bogususer at insert-local-domain-here.com>... User unknown
----------


* Question:  Are there any sendmail rules or configuration magic that we
could put in to send just the "User unknown" undeliverable messages to a
different e-mail alias?  We would still prefer to get all of the other
Postmaster messages, but the numerous user unknown messages such as the
sample above are getting very tiring very fast.

I understand why we're receiving the messages, I just want to know if there
is an easy way of redirecting just this type of message.  We could re-alias
postmaster to deliver to /dev/null, but that is not the answer we're looking
for.  I have Google'd many many pages, and searched the sendmail sites to no
avail.  Can any one lend a suggestion or is this an impossibility?

TIA,

Todd Williams
Twenty First Century Communications

More information about the MailScanner mailing list