Looks like I'm not the only one weird by this?
To get things clear, this is the process as it explores to me:
Somebody sends spam with a faked sender of my domain.
This spam bounces back to my mailserver (Exim 4.5.1).
Example here:
----------------------------------
> Delivery-date: Mon, 14 Nov 2005 04:26:51 +0100
> Received: from [195.161.113.101] (helo=inc.ru)
> by stamp.lbd.de with smtp (Exim 4.51)
> id IPXDKM-000KV5-KU
> for debian@???; Mon, 14 Nov 2005 04:26:51 +0100
> Subject: Undeliverable mail:
> =?windows-1251?B?x+js7ejlIOrg7ejq8+v7IOIg7eXs5fbq6PUgwOv87+D1?=
> From: MAILER-DAEMON@???
> To: <debian@???>
> Date: Mon, 14 Nov 2005 06:26:28 +0300
> Message-ID: <receipt-42829316@???>
> MIME-Version: 1.0
> Content-Type: multipart/report; report-type="delivery-status";
> boundary="_===42829316====inc.ru===_"
> X-Spam-Score: 0.1 (/)
> X-Spam-Report: 0.1/5.0 - SA 3.0.3
> ---- Start SpamAssassin results
> * 0.1 NO_REAL_NAME From: does not include a real name
> ---- End of SpamAssassin results
> X-Virus-Scanned: Scanned with Clam AntiVirus
>
>
> --_===42829316====inc.ru===_
> Content-Type: text/plain; charset="utf-8"
>
> Failed to deliver to '<anthon@???>'
> LOCAL module(account mail@???) reports:
> account disabled
>
>
> --_===42829316====inc.ru===_
> Content-Type: message/delivery-status
>
> Reporting-MTA: dns; inc.ru
>
> Original-Recipient: rfc822;<anthon@???>
> Final-Recipient: LOCAL;<>
> Action: failed
> Status: 5.0.0
>
> --_===42829316====inc.ru===_
> Content-Type: text/rfc822-headers
>
> Received: from [221.2.194.86] (HELO gamemakers.de)
> by inc.ru (CommuniGate Pro SMTP 4.1.8)
> with SMTP id 42829309 for anthon@???; Mon, 14 Nov 2005 06:26:26
> +0300
> Received: from lbd.de (stamp.lbd.de [192.166.195.91])
> by gamemakers.de (Postfix) with ESMTP id CFB65E2BF5
> for <anthon@???>; Sun, 13 Nov 2005 22:29:43 -0500
> From: Àëüïû <debian@???>
> To: Anthon <anthon@???>
> Subject: =?windows-1251?B?x+js7ejlIOrg7ejq8+v7IOIg7eXs5fbq6PUgwOv87+D1?=
> Date: Sun, 13 Nov 2005 22:29:43 -0500
> Message-ID: <110101c5e8cb$35d701f3$c3e98fd7@???>
> MIME-Version: 1.0
> Content-Type: text/html;
> charset=windows-1251
> Content-Transfer-Encoding: quoted-printable
> X-Priority: 3 (Normal)
> X-MSMail-Priority: Normal
> X-Mailer: Microsoft Outlook, Build 10.0.2616
> Importance: Normal
> X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1081
> X-AntiVirus: checked by AntiVir MailGate (version: 2.0.1.10; AVE: 6.20.0.1;
> VDF: 6.20.0.46; host: gamemakers.de)
>
> --_===42829316====inc.ru===_--
------------------------------------------
End example
Then my mailserver tries to deliver this bounce to the faked address, which
is non-existant. Somewhere here it loses the sender or whatsoever and can't
deliver it, so it gets frozen.
Example:
------------------------------
> Message IPXDKM-000KV5-KU has been frozen (delivery error message).
> The sender is <>.
>
> The following address(es) have yet to be delivered:
> debian@??? <debian@???>: User unknown
------------------------------
End example
My acl_check_rcpt contains " require verify = sender", or do you think about
something else?
Thanks
Sebastian
Am 14.11.2005 11:48 Uhr schrieb "Jeremy Harris" unter <jgh@???>:
> Exim User wrote:
>> Just the same here and a lot of them.
>> My special problem: The faked addresses are non existant, and I get the
>> following frozen messages from my own mailer-daemon for every single bounce:
>>
>>
>>> Message IPU3LU-00078D-LK has been frozen (delivery error message).
>>> The sender is <>.
>>
>>
>>> The following address(es) have yet to be delivered:
>>
>>> ittay@??? <ittay@???>: User unknown
>> where "ittay@???" was the fake address used by the spammer.
>>
>> My ACL already uses
>> require verify = header_syntax
>> !verify = header_sender
>>
>> so how can this happen?
>
> This is a bounce created by you?
> a) why did you accept the original mail, and then bounce it?
> b) did you do sender-verify callout on the original mail?
>
> - Jeremy
