Bouncing to spoofed domain name

John Rowan rowan at rownetco.com
Thu Apr 12 15:01:29 IST 2007 

Gareth, thanks for the quick reply.  I do not use Postfix and don't know 
anything about it.
I read the ADDRESS_VERIFICATION_README.html.  Does Postfix replace Sendmail
as the MTA or does it work in conjunction with it?  I have two months 
worth of projects
in my queue and don't have time right now to reconfigure and test email 
server configurations
if Postfix needs to replace Sendmail as the MTA.  From what I see 
Googling Postfix it is a replacement
for Sendmail.   I'll have to revisit this when I close out some of the 
projects I'm working on.

Thanks.


Gareth wrote:
> You can get Postfix to verify that the sender address exists. It does
> this by connecting to the mail server for the domain and checks to see
> if the server accepts the senders email address. For more information
> see http://www.postfix.org/ADDRESS_VERIFICATION_README.html
>
> The downside of this is that your mail server pauses while it checks the
> address so if it takes a while the sender may time out. This is rare
> though as most timeouts are quite long. All check results are cached.
>
> I use this myself but on the destination address so Postfix rejects mail
> to users who dont exist at our domains.
>
> On Thu, 2007-04-12 at 14:33, John Rowan wrote:
>   
>> Is there any way to configure MailScanner to bounce mail to the abuse
>> contact of an IP Netblock rather than what happened below. 
>> The sender was falsified and MailScanner sent it to the non existent
>> person at watermaster.org.  Watermaster.org rejected the bounce
>> since ktf doesn't exist.  I'm dealing with the same problem on several
>> servers where garbage is being sent out saying it is from domains
>> I support and then it's bounced to me but my /etc/mail/virtusertable
>> is similarly configured to that mail to non existent users is not
>> accepted.
>>
>> In the example below the mail came from 219.134.77.247 which is in
>> China
>>
>> inetnum:      219.128.0.0 - 219.137.255.255
>> netname:      CHINANET-GD
>> descr:        CHINANET Guangdong province network
>> descr:        Data Communication Division
>> descr:        China Telecom
>> country:      CN
>> I would want to bounce to the correct: abuse at gddc.com.cn
>>
>> -------- Original Message -------- 
>>                           Subject: 
>> Bad Filename Detected
>>                              Date: 
>> Thu, 12 Apr 2007 04:20:57 -0400
>>                              From: 
>> MailScanner
>> <postmaster at corvette.deleted.com>
>>                                To: 
>> postmaster at corvette.deleted.com
>>
>> The following e-mails were found to have: Bad Filename Detected
>>
>>     Sender: ktf at watermaster.org
>> IP Address: 219.134.77.247
>>  Recipient: username at deleted.com
>>    Subject: I Love You Because
>>  MessageID: l3C8KHHg013901
>>     Report: MailScanner: Executable DOS/Windows programs are dangerous in email (greeting card.exe)
>>     
>
>   

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20070412/46d9cc90/attachment.html

More information about the MailScanner mailing list