Need some help Hijacked Returned domain

Julian Field mailscanner at ecs.soton.ac.uk
Tue Feb 3 09:09:37 GMT 2004 

Take a look at using the "access database" in sendmail to block unknown
recipients at the SMTP level. It's all documented at www.sendmail.org.

At 08:05 03/02/2004, you wrote:
>Hi everyone,
>
>We have in recent days been the recipient of spammers using our domain
>name as a return address.  They use all kinds of names etc..
>I could really use some assistance in trying to stop this or at least
>handle the bounce mail better, we are also getting a extreme amount
>of mail from null senders logs are filled with from=<> on one of our
>server we have 20,000 entries in the last 15 hours.
>
>Any hints, comments, ideas on stopping this I just added dnsbl.sorbs.net
>to sendmail and it's already starting to help (BTW great job Matthew)
>are others having this problem also? it seems this started up a couple of
>days ago after MyDoom hit. Is anyone else having this happen or has
>seen this before.
>
>below is an example of the a org message that was returned I left off the
>information from where it was bounced.
>
>Thanks in advance
>Steve
>--- Start
>
>Content-Type: message/rfc822
>
>Message-ID:
><<mailto:QVMEELMZZSXALGDVYHSPYZ at fidalgo.net>QVMEELMZZSXALGDVYHSPYZ at fidalgo.net>
>From: Roseanna Escalante
><<mailto:webmaster at inteliport.com>webmaster at inteliport.com>
>To: <mailto:webmaster at northernbus.com>webmaster at northernbus.com
>Subject: FWD: Available All. <mailto:X at nax>X at nax , v|agR@ _ \ Va:l:ium  =
>S0ma , Pn:t:er
>  min 4v5tR
>Date: Wed, 4 Feb 2004 02:23:41 -0500
>MIME-Version: 1.0
>X-Mailer: Internet Mail Service (5.5.2656.59)
>X-MS-Embedded-Report:
>Content-Type: text/plain;
>  charset="iso-8859-1"
>
>We believe ordering medication should be as simple as ordering anything else
>on the Internet: Private, secure, and easy.
>On stock: \ Xan|a|x ) Val/i/um = So+m+a = Pntermin $ V1Agr@
>Plus: A'cyc|0vir, <mailto:Pr0z at .c>Pr0z at .c, <mailto:P@`xil>P@`xil, Bus:p at r,
>Ad|p&.x, I0`nam|n, M3ri:dia,
>X3nic.a|, Am`bi3n, S0na.Ta, F`l3xeril, Ce|3br'ex, Fi0ri`c3t,
><mailto:T'ram at do>T'ram at do|,
><mailto:U|t`r at m>U|t`r at m, L3:v|tra, Pr0p3ci`a
>
>Most trusted name brands.
>Enjoy deep discount meds here
><<http://www.affordablemeds.biz>http://www.affordablemeds.biz>
>------_=_NextPart_000_01C3EA29.1039B262--
>
>---End

--
Julian Field
www.MailScanner.info
MailScanner thanks transtec Computers for their support

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654

More information about the MailScanner mailing list