Re: [Exim] Spammer spoofing as a nonexistant user on my syst…

Top Page
Delete this message
Reply to this message
Author: Matthew Byng-Maddick
Date:  
To: exim-users
Subject: Re: [Exim] Spammer spoofing as a nonexistant user on my system!
On Wed, Jun 18, 2003 at 09:01:27AM -0700, Rick Duvall wrote:
> Well, the default account is still set up, and it receives anywhere from
> 5000 to 7000 bounce messages per day, and is increasing, as well as the
> number of from addresses this spammer is using with our domain attached.


You had it worse than me. I was only getting about 50.

> The easiest solution for me is to just delete them all. But I think there
> is probably a better solution. If I bounce the bounce messages, wouldn't I
> end up with a mail loop of bouncing messages? Is there any way to block


The thing to do is to not accept the messages in the first place. Then the
relay machines end up with the double-bounces, which will fill up their
queue/postmaster mailbox, and hopefully make them sort out something which
rejects the messages on input, rather than bouncing them at all (just as
you are currently being forced to do).

> messages that are to an address that doesn't exist? The only problem I see
> with doing that is that spammers could then connect to my port 25 and test
> until they find a good address.


They could do, but they won't. I think I'm still seeing a few attempts, but
not on the same scale as I was, most of them seem to be bouncing from
machines in .ru. Almost all of those are random tries, by the look of it.

MBM

--
Matthew Byng-Maddick         <mbm@???>           http://colondot.net/