Author: Ian Southam Date: To: I. Forbes CC: exim-users Subject: Re: [Exim] Tarpit SPAM trap
On Thu, Mar 02, 2000 at 11:08:20AM +0200 I. Forbes wrote :
> To give you an idea of the scope of the problem we have received
> about eleven thousand bounces with the same forged address over
> the last month. All of the Spam was launced from AOL, and relayed
> using a whole list of open relays - many in Eastern Europe and the
> Far East.
This sadly happens from time to time. Spammers fake an envelope in your
domain and you get the bounces. All you can do, is to dev null the address
the mail is coming to and ride out the storm. In the meantime, take up all
the proper action you can to stop the spammer.
You will also get a lot of "back spam" abuse from people who are too ignorant
to analyse headers. Do make sure you reply to these mails to reassure these
idiots. If you don't they will start making big trouble for you and possibly
attack your servers.
> We send copies of this spam to abuse@??? on a daily basis.
This is daft and all you are doing is generating yet more spam. Take a look
at your abuse inbox at the moment and realise how futile posting streams of
complaints is. One message to inform the hostmaster in question is plenty.
> The problem is an irritation to me and obviously to all of the people
> who are getting the spam. My plan is to convert the qmail to exim
> (this is part of a larger project, which is why I have not done anything
> yet) then let exim refuse the bounce messages with a 500 error
> before they are accepted.
Don't refuse them, this will cause you more grief, just accept them and
dev/null them.