All,
One thing, although the blank senders seem to be lessening in my queue, I am
still seeing them.
How can I troubleshoot 'how' the sender in the logfile below, is even
getting to send anything on the server?
constellation# grep 1JXI4t-000ExZ mainlog
2008-03-06 10:32:15 1JXI4t-000ExZ-L9 <= <> R=1JXI4k-000EvZ-0f U=mailnull
P=local S=1180
2008-03-06 10:32:15 1JXI4t-000ExZ-L9 ms13a.hinet.net [168.95.5.13]
Connection refused
2008-03-06 10:32:15 1JXI4t-000ExZ-L9 == jqwedc@??? R=dnslookup
T=remote_smtp defer (61): Connection refused
-Grant
----- Original Message -----
From: "Grant Peel" <gpeel@???>
To: "Craig Jackson" <CJackson@???>; <exim-users@???>
Sent: Thursday, March 06, 2008 10:39 AM
Subject: Re: [exim] Backscatter Spam Again. HELP PLEASE!
> Hi Craig,
>
> One thing I have notice that has taken care of 90% of the problem is
> adding
> the line that a sender can only have one email address, otherwise it is
> rejected right away.
>
> deny senders = :
> condition = ${if ! eq{$recipients_count}{1}{1}}
> message = Bounces must have only a single recipient
> log_message = Another denied due to backscatter-Single
> Recipient
>
> -Grant
>
> ----- Original Message -----
> From: "Craig Jackson" <cjackson@???>
> To: "Grant Peel" <gpeel@???>; "exim users" <exim-users@???>
> Sent: Thursday, March 06, 2008 10:25 AM
> Subject: Re: [exim] Backscatter Spam Again. HELP PLEASE!
>
>
>>
>>
>>> -----Original Message-----
>>> From: exim-users-bounces@???
>>> [mailto:exim-users-bounces@exim.org] On Behalf Of Grant Peel
>>> Sent: Thursday, March 06, 2008 7:49 AM
>>> To: ??? Bill Hacker; exim users
>>> Subject: Re: [exim] Backscatter Spam Again. HELP PLEASE!
>>>
>>> Hi all,
>>>
>>> Interesting replies.
>>>
>>> I *think* that a few of you *might* have mesread, or misunderstood my
>>> problem:
>>>
>>> My servers are being seen as the SOURCE of the spam. That is
>>> to say, my
>>> servers are being bombarded with messages that have a non
>>> existent user,
>>> then, my server bounces the mail to many recipients.
>>>
>>> I must admit, that I am suprised that none of you *seem* to
>>> have had to deal
>>> with this exact same issue...or am I missing something? I
>>> hope it does not
>>> mean that my configuration is so bad ...
>>>
>>
>> Why don't you perform several useful checks of the email before checking
>> for a valid recipient. That's what I do. Checking valid recipient is the
>> last thing I do in the rcpt acl. For instance...
>>
>> 1) If the sending domain is a popular domain such as Yahoo, the IP
>> address is checked against the CIDR blocks that I know Yahoo sends from.
>> If the IP doesn't match, the email is tagged as spam and made to wait a
>> short length of time.
>>
>> 2) The IP address is checked against a list of naughty CIDR address
>> blocks, and tagged as spam and made to wait a bit of time weighted based
>> as to how naughty that network is.
>>
>> 3) Then there are the spamhaus/spamcop checks.
>>
>> Etc.
>>
>> The idea here is to make spamming as painful as possible for the spammer
>> before the message is finally rejected due to invalid recipient. Maybe
>> I'm off base here.
>>
>> These basic checks along with the ones WBHacker suggests -- before the
>> recipient check -- will probably solve your problem. Unfortunately, I
>> don't know how to do what you actually ask, which is turn off bounces in
>> favor of a flat out rejection. I would not do that anyway because
>> bounces are a good thing.
>>
>> Craig
>>
>> --
>> ## List details at http://lists.exim.org/mailman/listinfo/exim-users
>> ## Exim details at http://www.exim.org/
>> ## Please use the Wiki with this list - http://wiki.exim.org/
>>
>>
>
>
> --
> ## List details at http://lists.exim.org/mailman/listinfo/exim-users
> ## Exim details at http://www.exim.org/
> ## Please use the Wiki with this list - http://wiki.exim.org/
>