[Exim] Big SPAM-Problem

Top Page
Delete this message
Reply to this message
Author: Jens Strohschnitter
Date:  
To: EXIM Official Maillist
Subject: [Exim] Big SPAM-Problem
Hi there,

I hope this message is on the right list, because we have a real big SPAM-problem.
Someone sends with our Domain eMail-attacs to any server in the internet and all
failing messages comes back as errormessage to our mailhost.
So our mailhost has over 500 failingmessages from sender "<>" to an unknown user
like "68758esw@???". What can I do to block those messages ? And
what can we do to find out which server sends these mails to the rest of the world ?
The mail itself does not show any way of the mail. An example here:


1AmiaO-00086c-Pj-H
mail 504 12
<>
1075507328 0
-ident mail
-received_protocol spam-scanned
-body_linecount 115
-frozen 1075507329
XX
1
zn90nb@???

141P Received: from mail by mailhost.mydom.com with spam-scanned (Exim 4.20)
        id 1AmiaO-00086c-Pj
        for zn90nb@???; Sat, 31 Jan 2004 01:02:09 +0100
175P Received: from mailhost.mydom.com ([192.168.1.1] ident=foobar)
        by mailhost.mydom.com with esmtp (Exim 4.20)
        id 1AmiaO-00086Y-Mm
        for zn90nb@???; Sat, 31 Jan 2004 01:02:08 +0100
135P Received: from amavis by firewall.mydom.com with scanned-ok (Exim 3.35 #1 (Debian))
        id 1Amigp-0005Nx-00; Sat, 31 Jan 2004 01:08:47 +0100
164P Received: from mta2.sucs.soton.ac.uk [152.78.128.141]
        by firewall.rhg.de with esmtp (Exim 3.35 #1 (Debian))
        id 1Amign-0005Nm-00; Sat, 31 Jan 2004 01:08:45 +0100
215P Received: from mailspool1.sucs.soton.ac.uk (mailspool1.sucs.soton.ac.uk [152.78.128.143])
        by mta2.sucs.soton.ac.uk (8.12.10/8.12.10) with ESMTP id i0UMLPXl004627
        for <zn90nb@???>; Fri, 30 Jan 2004 22:27:59 GMT
136P Received: from localhost (localhost)
        by mailspool1.sucs.soton.ac.uk (8.12.10/8.12.9) id i0UGhLCO017414;
        Fri, 30 Jan 2004 22:27:59 GMT
036  Date: Fri, 30 Jan 2004 22:27:59 GMT
058F From: Mail Delivery Subsystem <MAILER-DAEMON@???>
070I Message-Id: <200401302227.i0UGhLCO017414@???>
020T To: <zn90nb@???>
018  MIME-Version: 1.0
127  Content-Type: multipart/report; report-type=delivery-status;
        boundary="i0UGhLCO017414.1075501679/mailspool1.sucs.soton.ac.uk"
051  Subject: Returned mail: see transcript for details
041  Auto-Submitted: auto-generated (failure)
040  X-ISS-MailScanner: Believed to be clean
054  X-Virus-Scanned: scanned for known virus with sweep
181  X-Spam-Status: No, hits=2.2 required=5.0



I hope that our domain will not be listed on spamhaus.org !

--
Regards,

     Jens Strohschnitter


-------------------------------------
*!!!LINUX LINUX LINUX LINUX LINUX!!!*

* http://www.jens-strohschnitter.de *
-------------------------------------
Set the controls for
         the heart of the sun
-------------------------------------