Author: John McMurray Date: To: Exim Mailing List Subject: [exim] Bounce spam
Hi all,
I've been seeing an increasing amount of spam arriving as bounce
messages. I'm not sure at all if this is some clever trick to send spam
in a bounce format, or if its actual bounces that was sent somewhere
else with our email addresses as the sender.
Below is an example. Is there anything I can do to prevent my users from
getting these? I've searched as much as I can but I don't seem to see
anything useful for this type of case. I might just be looking in the
wrong places (search terms).
Thanks for the help!
2016-06-29 21:14:01 [989] SMTP connection from [172.89.165.229]:60869
I=[129.232.192.107]:25 (TCP/IP connection count = 1)
2016-06-29 21:14:07 [2608] 1bIKw2-0000g4-J1 <= <>
H=cpe-172-89-165-229.socal.res.rr.com (172.89.165.229)
[172.89.165.229]:60869 I=[129.232.192.107]:25 P=smtp S=692 T="Shocking
revelation about your love life" from <> for niekie@???
2016-06-29 21:14:07 [2713] cwd=/var/spool/exim 3 args: /usr/sbin/exim
-Mc 1bIKw2-0000g4-J1
2016-06-29 21:14:07 [2713] 1bIKw2-0000g4-J1 => niekie
<niekie@???> F=<> P=<> R=localuser T=dovecot_delivery S=785
QT=1s DT=0s
2016-06-29 21:14:07 [2713] 1bIKw2-0000g4-J1 Completed QT=1s
2016-06-29 21:14:07 [2608] SMTP connection from
cpe-172-89-165-229.socal.res.rr.com (172.89.165.229)
[172.89.165.229]:60869 I=[129.232.192.107]:25 closed by QUIT