Joe Jobbed, etc.

Stephen Swaney steve.swaney at fsl.com
Mon Dec 5 19:02:04 GMT 2005


> -----Original Message-----
> From: MailScanner mailing list [mailto:MAILSCANNER at JISCMAIL.AC.UK] On
> Behalf Of Kevin Miller
> Sent: Monday, December 05, 2005 1:50 PM
> To: MAILSCANNER at JISCMAIL.AC.UK
> Subject: Joe Jobbed, etc.
> 
> One of my users is the victom of a joe job.  I'm getting hundreds of
> messages like the following:
> 
> ------------------------------------------------------------------
> Your message did not reach some or all of the intended recipients.
> 
>       Subject:	Message Undeliverable!
>       Sent:	12/5/2005 9:33 AM
> 
> The following recipient(s) could not be reached:
> 
>       jeanette_stgeorgehhvj at ci.juneau.ak.us on 12/5/2005 9:33 AM
>             The e-mail account does not exist at the organization this
> message was sent to.  Check the e-mail address, or contact the recipient
> directly to find out the correct address.
>             < mxg.ci.juneau.ak.us #5.1.1 SMTP; 550 5.1.1 User unknown>
> --------------------------------------------------------------------
> 
> The address is valid, except for the last four characters before the '@'
> sign.  Those seem to be random.  I using MS/sendmail on a gateway which
> forwards to an Exchange 2003 box.  What I'd like to do is refuse these
> at the MTA level.  I can't put that address in the access file though,
> as the last four characters vary and access won't take a regex (to the
> best of my knowledge).

I you're using sendmail, go to the list server archives and look up 

	"handle joe job on 020404"

This should find this message which described how to configure sendmail to
discard messages with a blank, <> "From" field. 

http://www.jiscmail.ac.uk/cgi-bin/wa.exe?A2=ind04&L=MAILSCANNER&P=R251201&I=
-3&X=2C4A8320D5980931A2&Y=steve.swaney%40fsl.com 

Please note that this breaks RFC 1123 and should never be used in normal
operations. If you host a lot of domains, you might want to think about
setting up a server to handle only mail for the joe-jobbed domain until
things settle down.

Hope this helps,

Steve

Stephen Swaney
Fort Systems Ltd.
stephen.swaney at fsl.com
www.fsl.com

> If there's no way to do it at the MTA level, I guess a SA rule might do
> the trick, setting them to a value above high scoring spam and just let
> MS delete them.  If that's the best option, could someone please show me
> the regex to test for in the rule?  I'm a bit weak in that arena.
> 
> Anybody have any other ideas on the best way to deal w/this?  I've got
> SPF records (set to softfail at the moment) which may help some but not
> enough yet.
> 
> On a related note, I want to implement milter-ahead which would deal
> w/this issue handily.  Has anybody set that up on a SuSE 9.3 or 10
> server?  I have a few questions, but since that's a bit off topic to MS
> I don't want to get too far off.
> 
> Thanks much...
> 
> ...Kevin
> --
> Kevin Miller                Registered Linux User No: 307357
> CBJ MIS Dept.               Network Systems Admin., Mail Admin.
> 155 South Seward Street     ph: (907) 586-0242
> Juneau, Alaska 99801        fax: (907 586-4500
> 
> 
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the Wiki (http://wiki.mailscanner.info/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
> 
> Support MailScanner development - buy the book off the website!

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!



More information about the MailScanner mailing list