Re: [EXIM] Spam reply address

Top Page
Delete this message
Reply to this message
Author: Exim Users Mailing List
Date:  
To: exim-users
Subject: Re: [EXIM] Spam reply address
[ On Sat, November 21, 1998 at 23:50:00 (+1100), David Latter wrote: ]
> Subject: [EXIM] Spam reply address
>
> Below is a copy of a dam spam message. The only thing I can see wrong here
> is they used us as the reply address. How can I stop all them message
> coming in? We don't even have a user named dow45rntown. I don't think we are
> the rely but I am not %100 sure. I have deleted over 1200 messages that
> have bounced to us.


The best solution I know of is to reject messages destined to
undeliverable addresses without ever letting them on your server in the
first place. I.e. to reject them at the RCPT TO: SMTP command.

Yes, this means you can't generate a nice clean bounce message, but
since there's no sender address to bounce to anyway you're not losing
anything, at least not in this case. I guess if you want to generate
nice bounce messages then you'll have to distinguish between valid
sender addresses and invalid ones and base the decision of whether to
validate RCPT TO addresses on that. I don't know if exim can do that,
or not. Of course determining if a sender address is truely valid is
far from trivial. Many spammers use <valid-looking-id@???> or
whatever and if the address really isn't valid you'll end up sending the
bounce to AOL, which will send it right back to your postmaster mailbox
and you'll be right back where you started. So, in the end, it's just
not worth the bother to try and generate your own bounce messages --
just reject them at the SMTP layer and be done with it.

(Yes, if the sender is an unfortunate relay they'll just have their
damage doubled by getting all the spam dumped into their postmaster
mailbox, but then it's not your problem any more!)

-- 
                            Greg A. Woods


+1 416 218-0098      VE3TCP      <gwoods@???>      <robohack!woods>
Planix, Inc. <woods@???>; Secrets of the Weird <woods@???>


--
*** Exim information can be found at http://www.exim.org/ ***