This one time, at band camp, JJ van Gorkum said: > John Kelly wrote: > > Every day, I get mail delivery attempts to non-existent users like: > > > > k2159jcd003343@isp2dial.com > > k1mmcsoa007563@isp2dial.com > > k1nardpb001747@isp2dial.com > > > > > > These totally bogus user names are not a good dictionary attack. I > > don't know what the spammer is trying to accomplish, since delivery is > > impossible. The user portion almost looks like a mail queue message > > id. > > > > Anyone else seeing this? > > > Yep, Most effective is (if you are using exim4) check if the sender has > an MX record (from http://www.sput.nl/spam/ ) > > > # There has to be an MX, except in case of DSN deny message = No MX for > envelope sender domain $sender_address_domain. See http://www.sput.nl/spam/ > hosts = ! : !+relay_from_hosts > senders = ! : > condition = ${if eq\ > {${lookup dnsdb{mx=$sender_address_domain}{$value}fail}}\ > {fail}\ > {yes}{no}} Er, just: verify = sender will make sure the mail is routable, by either MX or A records. Similarly, verify = recipient will keep you from having to deal with mail to nonexistant users. Accepting mail for random local parts and bouncing later is bad, mmk? -- ----------------------------------------------------------------- | ,''`. Stephen Gran | | : :' : sgran@debian.org | | `. `' Debian user, admin, and developer | | `- http://www.debian.org | -----------------------------------------------------------------
Attachment:
signature.asc
Description: Digital signature