Re: [Exim] Frozen delivery failure notifications (invalid se…

Top Page
Delete this message
Reply to this message
Author: Dave C.
Date:  
To: Toralf Lund
CC: Exim Mailing List
Subject: Re: [Exim] Frozen delivery failure notifications (invalid sender) - again
On Mon, 23 Sep 2002, Toralf Lund wrote:

> I have mentioned this before, but...
>
> The mail queue on our main MX keeps filling up with entries of the form:
>
>
> 59m  3.4K 17tRfs-00vg6d-00 <> *** frozen ***
>            users002@???

>
> Closer inspection shows that the corresponding message is a delivery
> failure report from some mail server. The messages are frozen because
> there is no such user here. I'm fairly sure that the original message did
> not originate on our network, i.e. someone outside our company must be
> faking the sender address.
>
> Questions:
> 1. Does anyone have any idea about how I can figure out what where the
> failed messages actually come from.


/path/to/exim -Mvh 17tRfs-00vg6d-00
/path/to/exim -Mvb 17tRfs-00vg6d-00

will show you the headers and body (respectively) of this message. The
body _should_ contain the headers of the message which bounces.

> 2. Has anyone seen anything similar? Note that the address is always the
> same (users002@???)


Some spammer is probably forging this address in their junk.

> 3. Is there a simple way to block the error reports? (If all else fails;
> these messages themselves


Arrange for your MTA reject "RCPT TO: <users002@???>"
Ideally, it should do this by default if that account is invalid

> represent a problem as they fill up the spool area and also make it hard
> to spot real problems.)


There is an option to automatically drop undeliverable bounces.

>
> --
> Toralf Lund <toralf@???>
>
> --
>
> ## List details at http://www.exim.org/mailman/listinfo/exim-users Exim details at http://www.exim.org/ ##
>
>