I've been receiving these kinds of messages myself. And, in fairly large numbers. In my case, when I trace it back to the source, I discover that someone is using an invalid user name from my domain as the envelope sender address when sending spam. A non-delivery message then bounces back to the invalid user name from the server of the intended spam recipient. This non-delivery message is attached to the "weird" message, and clearly identifies the IP address of the bot net system that sent the original spam.
There really is some mechanism here that I would like to have the power to change. These "weird" messages clearly occur as reports of non-delivery being sent to "postmaster". For me, the postmaster, the quantity of non-delivery messages overwhelms me to the point that I ignore real non-delivery messages that I would like to be alert to. Just as clear is the fact that these messages are originating inside of Courier. My own Courier software is the current "stable" Debian binary version of Courier 0.53.3 retrieved by apt-get, and non-delivery messages to postmaster are enabled. Just why Courier believes that these particular kinds of non-delivery messages should be originated remains a mystery to me... ----- Original Message ----- From: "Gordan Bobic" <[EMAIL PROTECTED]> To: <[email protected]> Sent: Friday, October 19, 2007 12:57 AM Subject: Re: [courier-users] Weird messages received > On Fri, 19 Oct 2007, M Core wrote: > >> Sometimes I receive an email to my admin account stating that the email >> I sent to an [EMAIL PROTECTED] was not sent. >> The message has an attachment and when you open them down eventually you >> find a spam email that is FROM the [EMAIL PROTECTED] to a >> [EMAIL PROTECTED] >> >> How is this happening? What do I look at? >> >>> From an external account I teleneted in and sent a message from the >> [EMAIL PROTECTED] to [EMAIL PROTECTED] And it worked... >> so I thought it is an open relay. >> But when I try any of the websites etc. to check for this none of them >> can find an open relay on my mail server. > > It's not an open relay. It accepts email for [EMAIL PROTECTED] > That's where the bounce went to, because somebody forged the envelope from > header to your valid account. > > But now that you mentioned it - is there a way to make Courier make an > additional check? > > e.g. it receives a message: > From: [EMAIL PROTECTED] > To: [EMAIL PROTECTED] > > Normally, this is not too plausible to check if from is for a non-locally > hosted domain, but if from is from a locally hosted domain, can we make > Courier check if from is deliverable, and if not, reject with "unknown > sender" or some such? > > On a separate note, is it possible to get Courier to do return path > verification? i.e. for the from address, look up mx, connect, and do: > HELO, MAIL FROM, RCPT TO, QUIT, just to see if the FROM address is > deliverable? > > Gordan > > ------------------------------------------------------------------------- > This SF.net email is sponsored by: Splunk Inc. > Still grepping through log files to find problems? Stop. > Now Search log events and configuration files using AJAX and a browser. > Download your FREE copy of Splunk now >> http://get.splunk.com/ > _______________________________________________ > courier-users mailing list > [email protected] > Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users > ------------------------------------------------------------------------- This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files using AJAX and a browser. Download your FREE copy of Splunk now >> http://get.splunk.com/ _______________________________________________ courier-users mailing list [email protected] Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
