Re: [exim] NDR spam avoidance

Top Page
Delete this message
Reply to this message
Author: Ted Cooper
Date:  
To: exim-users
Subject: Re: [exim] NDR spam avoidance
Oliver Howe wrote:
>
> A lot of my users are complaining that they are receiving bounce back emails of messages that they did not send. Each message contains some kind of spam text at the bottom.
>
> For example, from the headers below the message came from [212.40.112.118] (helo=pool-01077.externet.hu) which has nothing to do with my domain (postmaster.co.uk).
>
> So I'm thinking I could check the envelope-from on my mailservers and reject if it is for a local user who is not coming from one of my mailservers (so then they can still send to themselves if they want to). Has anyone else had this problem? Is there a better solution?
>
> Thanks,
>
> Oliver
>
>
> ------ This is a copy of the message, including all the headers. ------
>
> Return-path: <oliver@???>
> Received: from [212.40.112.118] (helo=pool-01077.externet.hu)
> by smtp10.postmaster.co.uk with smtp (Exim 4.68)
> (envelope-from <oliver@???>)
> id 1LCIqn-0003Ss-PR
> for oliver@???; Mon, 15 Dec 2008 19:11:54 +0000
> To: <oliver@???>
> Subject: <oliver@???>, December 96% off
> From: <oliver@???>
> MIME-Version: 1.0
> Importance: High
> Content-Type: text/html


You could also try using ips.backscatterer.org. It wont have stopped
this one unfortunately, but it stopped all but 5 of thousands since I
put it on one of the servers that was being bounce spammed into the ground.

If the headers above are correct, the MAIL FROM was set to
oliver@??? ? If this is correct, you might want to look
into only allowing trusted hosts to say they are sending email from your
domain - either with SPF or a host list.

--
The Exim Manual
http://www.exim.org/docs.html
http://docs.exim.org/current/