Many thanks, I'll make use of it.
-a
--
Aaron Stromas | "Tik-tik-tik!!!... ja, Pantani is weg..."
mailto:ams@izoard.com | BRTN commentator
+1 (301) 493 4933 | L'Alpe d'Huez
http://www.izoard.com | 1995 Tour de France
> "Alan J. Flavell" wrote:
>> On Mon, 14 Nov 2005, Cliff Pratt wrote:
>>
>> > On 11/14/05, Aaron Stromas <ams@???> wrote:
>> >
>> > > Some S.O.B. is sending spam faking the sender to be from my domain,
>> > > izoard.com <http://izoard.com>, so the postmaster get all that mail
>> > > bounced by spam filters
>> > > (see below). Is there anything I can do about it?
>> [...]
>>
>> > No, there is nothing that you can really do about it.
>>
>> I don't know about that. If I was on the receiving end of such stuff,
>> and there wasn't *too* much of it, I think I would configure our
>> spamassassin to rate the rejection reports as spam and reject them.
>>
>> If the situation was too bad for that (as it has sometimes been for
>> antivirus rejection reports when the virus was faking our domain as
>> sender) then I'd blacklist the envelope sender address of the reports,
>> to avoid putting too much load on our spamassassin.
>
> Well, the times that this has happened to me or at least the times
> that I've noticed, It would have been far too expensive to run the
> mail through SpamAssassin. I've seen millions of bounces over a
> day or two.
>
> This little ACL snippet helped:
>
> acl_smtp_rcpt:
> deny message = This domain is Joe Job victim
> senders = :
> condition = ${if < {eval:$tod_epoch - \
> ${lookup{$domain} \
> lsearch{<config path>/domains.joe-jobbed} \
> {$value}{0}}} \
> {eval:3 * 86400} {yes}{no}}
>
> This just blocks DSNs to the particular domain for 3 days. I know
> that's not always ideal, but in this situation it's the smaller of
> two evils. The timeout is beacause I normally forget to remove the
> block.
>
> It doesn't stop incoming DSNs from even more badly configured that
> send DSNs with a non null reverse path.
>
> Ian
>
> --
> Ian Freislich
>
> --
> ## List details at http://www.exim.org/mailman/listinfo/exim-users
> ## Exim details at http://www.exim.org/
> ## Please use the Wiki with this list - http://www.exim.org/eximwiki/
>