<br><br><div class="gmail_quote">2009/8/20 Kevin Miller <span dir="ltr"><<a href="mailto:Kevin_Miller@ci.juneau.ak.us">Kevin_Miller@ci.juneau.ak.us</a>></span><br><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
I'm being bombarded with a ton of spam that claims to be from localhost (but the IP isn't in the 127. range). They are false NDRs, bouncing off of foreign servers. A large number of my users are being joe-jobbed, and the remote servers send the NDRs here. Here's a couple of examples from the the mail log:<br>
<br>
Aug 20 06:32:30 mx2 sendmail-in[25703]: n7KEVnN7025703: from=<<a href="mailto:qvmanifestation@grahamevinson.com">qvmanifestation@grahamevinson.com</a>>, size=0, class=0, nrcpts=0, proto=ESMTP, daemon=MTA, relay=localhost [123.26.216.57] (may be forged)<br>
Aug 20 07:34:33 mx2 sendmail-in[29611]: n7KFYJdI029611: from=<<a href="mailto:kzmatrimony@ivory.plala.or.jp">kzmatrimony@ivory.plala.or.jp</a>>, size=0, class=0, nrcpts=0, proto=ESMTP, daemon=MTA, relay=localhost [222.254.108.100] (may be forged)<br>
<br>
I'd really like to be able to block them at the MTA level, but barring that, a spamassassin rule would do nicely. Anybody have a rule available that would fit the bill? There are too many sources to try to blacklist - I'd be playing whack-a-mole all day long.<br>
<br>
(I've been on vacation the past few weeks, so if this has been discussed please let me know the subject line.)<br>
<br>
Thanks...<br>
<br>
...Kevin<br>
--<br>
Kevin Miller Registered Linux User No: 307357<br>
CBJ MIS Dept. Network Systems Admin., Mail Admin.<br>
155 South Seward Street ph: (907) 586-0242<br>
Juneau, Alaska 99801 fax: (907 586-4500 --<br>
MailScanner mailing list<br>
<a href="mailto:mailscanner@lists.mailscanner.info">mailscanner@lists.mailscanner.info</a><br>
<a href="http://lists.mailscanner.info/mailman/listinfo/mailscanner" target="_blank">http://lists.mailscanner.info/mailman/listinfo/mailscanner</a><br>
<br>
Before posting, read <a href="http://wiki.mailscanner.info/posting" target="_blank">http://wiki.mailscanner.info/posting</a><br>
<br>
Support MailScanner development - buy the book off the website!<br>
</blockquote></div><br>Kevin<br><br>does you outgoing go via MailScanner? if so make ure you're using the watermark feature of MailScanner. Still means you're accepting the email but it will mean any email thats an NDR without those watermark headers will get marked as spam.<br>
<br clear="all"><br>-- <br>Martin Hepworth<br>Oxford, UK<br>