Bouncing to spoofed domain name

John Rowan rowan at rownetco.com
Thu Apr 12 14:33:05 IST 2007


Is there any way to configure MailScanner to bounce mail to the abuse 
contact of an IP Netblock rather than what happened below.
The sender was falsified and MailScanner sent it to the non existent 
person at watermaster.org.  Watermaster.org rejected the bounce
since ktf doesn't exist.  I'm dealing with the same problem on several 
servers where garbage is being sent out saying it is from domains
I support and then it's bounced to me but my /etc/mail/virtusertable is 
similarly configured to that mail to non existent users is not accepted.

In the example below the mail came from 219.134.77.247 which is in China

inetnum:      219.128.0.0 - 219.137.255.255
netname:      CHINANET-GD
descr:        CHINANET Guangdong province network
descr:        Data Communication Division
descr:        China Telecom
country:      CN

I would want to bounce to the correct: abuse at gddc.com.cn

-------- Original Message --------
Subject: 	Bad Filename Detected
Date: 	Thu, 12 Apr 2007 04:20:57 -0400
From: 	MailScanner <postmaster at corvette.deleted.com>
To: 	postmaster at corvette.deleted.com



The following e-mails were found to have: Bad Filename Detected

    Sender: ktf at watermaster.org
IP Address: 219.134.77.247
 Recipient: username at deleted.com
   Subject: I Love You Because
 MessageID: l3C8KHHg013901
    Report: MailScanner: Executable DOS/Windows programs are dangerous in email (greeting card.exe)


-- 
MailScanner
Email Virus Scanner
www.mailscanner.info


-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20070412/fae9af87/attachment.html


More information about the MailScanner mailing list