John Kelly wrote:
Every day, I get mail delivery attempts to non-existent users like:
k2159jcd003343@isp2dial.com
k1mmcsoa007563@isp2dial.com
k1nardpb001747@isp2dial.com
These totally bogus user names are not a good dictionary attack. I
don't know what the spammer is trying to accomplish, since delivery is
impossible. The user portion almost looks like a mail queue message
id.
Anyone else seeing this?
Yep, Most effective is (if you are using exim4) check if the sender has
an MX record (from http://www.sput.nl/spam/ )
# There has to be an MX, except in case of DSN deny message = No MX for
envelope sender domain $sender_address_domain. See http://www.sput.nl/spam/
hosts = ! : !+relay_from_hosts
senders = ! :
condition = ${if eq\
{${lookup dnsdb{mx=$sender_address_domain}{$value}fail}}\
{fail}\
{yes}{no}}