Slightly OT question for Sendmail gurus

Julian Field mailscanner at ecs.soton.ac.uk
Sat Jun 28 02:35:06 IST 2003 

At 22:31 27/06/2003, you wrote:
>Here is the problem:  Someone is, without permission, generating
>forged/relayed e-mails using random usernames @ domain name in the "From:"
>field, and spamming the world with their garbage.  Unfortunately, we have
>little recourse over the domain name being abused in such a way.  As a
>result of this, what we are receiving is all of the bounced messages from
>the sites where the spam has either been rejected or more frequently where
>users no longer exist.
>
>Example below is the typical message from the local mail server to the local
>postmaster, stating that the bounced spam message attempting to return (from
>a non-existent user on the other end) to the bogus/forged local user, when
>of course the bogus local user does not exist.  Basically, it's the remnants
>of a message that has fallen undeliverable on both sides.  Names have been
>changed to protect the innocent:
>
>-----------
>From:     Mail Delivery Subsystem
>To:       postmaster at insert-local-domain-here.com
>Subject:  Postmaster notify: see transcript for details
>
>The original message was received at Fri, 27 Jun 2003 16:03:51 -0400
>from mail at localhost
>with id xxxxxxxxxxxxx
>
>    ----- The following addresses had permanent fatal errors -----
><bogususer at insert-local-domain-here.com>
>     (reason: 550 5.1.1 User unknown)
>
>    ----- Transcript of session follows -----
>550 5.1.1 <bogususer at insert-local-domain-here.com>... User unknown
>----------
>
>
>* Question:  Are there any sendmail rules or configuration magic that we
>could put in to send just the "User unknown" undeliverable messages to a
>different e-mail alias?  We would still prefer to get all of the other
>Postmaster messages, but the numerous user unknown messages such as the
>sample above are getting very tiring very fast.

You could redirect messages with that subject line, but MailScanner isn't
really into full content filtering. Writing a filter that would accurately
pull out just these messages isn't trivial.
Otherwise you could try writing a SpamAssassin rule which found the "550
5.1.1 User unknown" string in the message body, with a suitably large score.
--
Julian Field
www.MailScanner.info
Professional Support Services at www.MailScanner.biz
MailScanner thanks transtec Computers for their support

More information about the MailScanner mailing list