Hi Jens, on Mon, 2 Feb 2004 08:30:42 +0100 you wrote:
> Someone sends with our Domain eMail-attacs to any server
> in the internet and all failing messages comes back as errormessage to
> our mailhost. So our mailhost has over 500 failingmessages from sender
> "<>" to an unknown user like "68758esw@???". What can I do to
> block those messages ?
Are you rejecting them (at least those to unknown users) at SMTP RCPT time
at present? If so, that's probably the best you're likely to be able to
do, short of finding the source and stemming it. If not, then I would
suggest you remove any "catchall"-type rules, which accept mail to
<anyuser>@domain, so that you at least reject most of the junk at SMTP
RCPT time.
> And what can we do to find out which server sends these mails to the
> rest of the world ? The mail itself does not show any way of the mail.
> An example here:
You only sent the headers of the bounce. Did that not have the original
message (which caused the bounce) attached?
> I hope that our domain will not be listed on spamhaus.org !
Spamhaus.org does not list domains, only IP addresses. And no, you won't
get on Spamhaus (or SpamCop for that matter, which is more likely) because
someone's "joe-jobbing" you (i.e. sending out spam with your domain as the
sender). If you're unlucky you might end up on some private domain
blocklists, although most admins can tell the difference between a domain
which is really owned by a spammer and might be worth blocking, and one
that's being faked.
Tim
