Author: Dave C. Date: To: Toralf Lund CC: Tabor J. Wells, Exim Mailing List Subject: Re: [Exim] Frozen delivery failure notifications (invalid sender)
- again
On Mon, 23 Sep 2002, Toralf Lund wrote:
> [ ... ]
> > >
> > > Questions:
> > > 1. Does anyone have any idea about how I can figure out what where the
> > > failed messages actually come from.
> >
> > Look at the message? (exim -Mvb 17tRfs-00vg6d-00)
> Yes, I'm looking at the headers of the bounced messages, trying to find a
> pattern, but it's not very easy ;-/ (I certainly see different sender IP
> addresses.)
Dont look at the headers of the bounce. Look at the BODY of the bounce
to find the headers of the original message (that bounced)
The bounces themselves will surely come from all over, since the spammer
sent his crap to all sorts of different different, and each of those
servers may generate bounces for invalid addresses.
Actually, this is another benefit of rejecting directly at SMTP time -
the spammers own server is stuck with them, or his ISP is, which might
get him noticed sooner, or the relay he is abusing is, which might cause
it to jam up and get noticed and/or fixed sooner.