Bouncing to spoofed domain name

Gareth list-mailscanner at linguaphone.com
Thu Apr 12 14:41:18 IST 2007 

You can get Postfix to verify that the sender address exists. It does
this by connecting to the mail server for the domain and checks to see
if the server accepts the senders email address. For more information
see http://www.postfix.org/ADDRESS_VERIFICATION_README.html

The downside of this is that your mail server pauses while it checks the
address so if it takes a while the sender may time out. This is rare
though as most timeouts are quite long. All check results are cached.

I use this myself but on the destination address so Postfix rejects mail
to users who dont exist at our domains.

On Thu, 2007-04-12 at 14:33, John Rowan wrote:
> Is there any way to configure MailScanner to bounce mail to the abuse
> contact of an IP Netblock rather than what happened below. 
> The sender was falsified and MailScanner sent it to the non existent
> person at watermaster.org.  Watermaster.org rejected the bounce
> since ktf doesn't exist.  I'm dealing with the same problem on several
> servers where garbage is being sent out saying it is from domains
> I support and then it's bounced to me but my /etc/mail/virtusertable
> is similarly configured to that mail to non existent users is not
> accepted.
> 
> In the example below the mail came from 219.134.77.247 which is in
> China
> 
> inetnum:      219.128.0.0 - 219.137.255.255
> netname:      CHINANET-GD
> descr:        CHINANET Guangdong province network
> descr:        Data Communication Division
> descr:        China Telecom
> country:      CN
> I would want to bounce to the correct: abuse at gddc.com.cn
> 
> -------- Original Message -------- 
>                           Subject: 
> Bad Filename Detected
>                              Date: 
> Thu, 12 Apr 2007 04:20:57 -0400
>                              From: 
> MailScanner
> <postmaster at corvette.deleted.com>
>                                To: 
> postmaster at corvette.deleted.com
> 
> The following e-mails were found to have: Bad Filename Detected
> 
>     Sender: ktf at watermaster.org
> IP Address: 219.134.77.247
>  Recipient: username at deleted.com
>    Subject: I Love You Because
>  MessageID: l3C8KHHg013901
>     Report: MailScanner: Executable DOS/Windows programs are dangerous in email (greeting card.exe)

More information about the MailScanner mailing list