[Exim] Spammer spoofing as a nonexistant user on my system!

Top Page
Delete this message
Reply to this message
Author: Rick Duvall
Date:  
To: exim-users
Subject: [Exim] Spammer spoofing as a nonexistant user on my system!
This is a multi-part message in MIME format.
--
I was spending hours on end trying to figure out why my mail queue is full
of bounce messages to people that don't exist on our system (vlad@???,
ray@???, etc) (attached is my config for exim 3.34). I finally decided
there was some spammer out there on a DSL line that was sending out spam as
these from addresses, and the bounce messages came back to me. My queue was
filled with over 29,000 bounce messages by the time I noticed it. So, to
clear them out of the queue, I set up a catchall of default@???. All
undelivered bounce messages were then delivered to the default account on
the next queue run.

Well, the default account is still set up, and it receives anywhere from
5000 to 7000 bounce messages per day, and is increasing, as well as the
number of from addresses this spammer is using with our domain attached.
The easiest solution for me is to just delete them all. But I think there
is probably a better solution. If I bounce the bounce messages, wouldn't I
end up with a mail loop of bouncing messages? Is there any way to block
messages that are to an address that doesn't exist? The only problem I see
with doing that is that spammers could then connect to my port 25 and test
until they find a good address.

Spam is also increasing since I enabled the default@??? catchall.
Probably because spammers know there is a good address everywhere@???.

I have no problem upgrading to 4.20. The reason I havn't so far is because
the system works and why fix it if it aint broke. Well, I guess this
problem is considered "broke" so now I'm motivated if it will fix the
problem.

Sincerely,

Rick Duvall
Online Highways
--
[ config of type application/octet-stream deleted ]
--