[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Spammers using a non-existant address as return-path

We have the same problem here.  Someone has been using our domain name
in their headers since January.  At times, we were getting a few
thousand bounces from mail to over-quota or non-existant accounts.

I added the following line to my exim.conf

  receiver_try_verify = true

This results in an immediate error result to the RCPT command if the
user is unknown.  I run a script to grep for these errors in the log
file just after they are rotated so I know how many of these messages
were rejected in the last 24 hours.  Currently, there are up to 100
messages a day that get rejected this way.

Once in a while, I accept the messages and comb through them to find
valid headers, but there is a startling number of USELESS error messages
(ie. only From, To, Date, and Subject of bounced message).


On Mon, Nov 25, 2002 at 10:38:10PM +0100, Kjetil Kjernsmo wrote:
> I have just received a spam complaint, and unfortunately, some spammers 
> have been using an address on one of my domains in their Return-Path 
> and From-headers. How nice of them :-( . This address has never 
> existed. I'm using the Exim packages from Woody. 
> Kjetil

Reply to: