Re: [Exim] Re: Big increase in bounces addressed to non-exis…

Top Page
Delete this message
Reply to this message
Author: Florian Weimer
Date:  
To: Alan J. Flavell
CC: Exim users list
Subject: Re: [Exim] Re: Big increase in bounces addressed to non-existent addresses
"Alan J. Flavell" <a.flavell@???> writes:

> The overwhelming pattern of these addresses was a plausible name -
> sometimes with underscores - followed by a two-letter suffix, such as
> clarencehastingsqi or sheridan_vo or rgainesgk or jordanpowerskc


You are not alone, deneb.enyo.de receives such bounces, too, but
fortunately at a much smaller scale. Back when I had an active
catch-all address, I could see that they were real bounces, not
callout checks.

Maybe a spammer used this because such callout checks would always
succeed (because of the catchall address and a hidden primary MX), I
don't know. The volume is far too low for a real attack directed at
my mail service, and such an attack typically uses mailboxes which are
actually in use, to maximize damage.