Need some help Hijacked Returned domain

Stephen Lane steve at INTELIPORT.COM
Tue Feb 3 08:05:40 GMT 2004

Hi everyone,

We have in recent days been the recipient of spammers using our domain name as a return address.  They use all kinds of names etc..
I could really use some assistance in trying to stop this or at least handle the bounce mail better, we are also getting a extreme amount
of mail from null senders logs are filled with from=<> on one of our server we have 20,000 entries in the last 15 hours.

Any hints, comments, ideas on stopping this I just added to sendmail and it's already starting to help (BTW great job Matthew)
are others having this problem also? it seems this started up a couple of days ago after MyDoom hit. Is anyone else having this happen or has 
seen this before.

below is an example of the a org message that was returned I left off the information from where it was bounced. 

Thanks in advance
--- Start 

Content-Type: message/rfc822

From: Roseanna Escalante <webmaster at>
To: webmaster at
Subject: FWD: Available All. X at nax , v|agR@ _ \ Va:l:ium  = S0ma , Pn:t:er
 min 4v5tR
Date: Wed, 4 Feb 2004 02:23:41 -0500 
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2656.59)
Content-Type: text/plain;

We believe ordering medication should be as simple as ordering anything else
on the Internet: Private, secure, and easy. 
On stock: \ Xan|a|x ) Val/i/um = So+m+a = Pntermin $ V1Agr@ 
Plus: A'cyc|0vir, Pr0z at .c, P@`xil, Bus:p at r, Ad|p&.x, I0`nam|n, M3ri:dia,
X3nic.a|, Am`bi3n, S0na.Ta, F`l3xeril, Ce|3br'ex, Fi0ri`c3t, T'ram at do|,
U|t`r at m, L3:v|tra, Pr0p3ci`a 

Most trusted name brands. 
Enjoy deep discount meds here <>  

-------------- next part --------------
An HTML attachment was scrubbed...

More information about the MailScanner mailing list