All, One thing, although the blank senders seem to be lessening in my queue, I am still seeing them.
How can I troubleshoot 'how' the sender in the logfile below, is even getting to send anything on the server? constellation# grep 1JXI4t-000ExZ mainlog 2008-03-06 10:32:15 1JXI4t-000ExZ-L9 <= <> R=1JXI4k-000EvZ-0f U=mailnull P=local S=1180 2008-03-06 10:32:15 1JXI4t-000ExZ-L9 ms13a.hinet.net [168.95.5.13] Connection refused 2008-03-06 10:32:15 1JXI4t-000ExZ-L9 == [EMAIL PROTECTED] R=dnslookup T=remote_smtp defer (61): Connection refused -Grant ----- Original Message ----- From: "Grant Peel" <[EMAIL PROTECTED]> To: "Craig Jackson" <[EMAIL PROTECTED]>; <[email protected]> Sent: Thursday, March 06, 2008 10:39 AM Subject: Re: [exim] Backscatter Spam Again. HELP PLEASE! > Hi Craig, > > One thing I have notice that has taken care of 90% of the problem is > adding > the line that a sender can only have one email address, otherwise it is > rejected right away. > > deny senders = : > condition = ${if ! eq{$recipients_count}{1}{1}} > message = Bounces must have only a single recipient > log_message = Another denied due to backscatter-Single > Recipient > > -Grant > > ----- Original Message ----- > From: "Craig Jackson" <[EMAIL PROTECTED]> > To: "Grant Peel" <[EMAIL PROTECTED]>; "exim users" <[email protected]> > Sent: Thursday, March 06, 2008 10:25 AM > Subject: Re: [exim] Backscatter Spam Again. HELP PLEASE! > > >> >> >>> -----Original Message----- >>> From: [EMAIL PROTECTED] >>> [mailto:[EMAIL PROTECTED] On Behalf Of Grant Peel >>> Sent: Thursday, March 06, 2008 7:49 AM >>> To: ??? Bill Hacker; exim users >>> Subject: Re: [exim] Backscatter Spam Again. HELP PLEASE! >>> >>> Hi all, >>> >>> Interesting replies. >>> >>> I *think* that a few of you *might* have mesread, or misunderstood my >>> problem: >>> >>> My servers are being seen as the SOURCE of the spam. That is >>> to say, my >>> servers are being bombarded with messages that have a non >>> existent user, >>> then, my server bounces the mail to many recipients. >>> >>> I must admit, that I am suprised that none of you *seem* to >>> have had to deal >>> with this exact same issue...or am I missing something? I >>> hope it does not >>> mean that my configuration is so bad ... >>> >> >> Why don't you perform several useful checks of the email before checking >> for a valid recipient. That's what I do. Checking valid recipient is the >> last thing I do in the rcpt acl. For instance... >> >> 1) If the sending domain is a popular domain such as Yahoo, the IP >> address is checked against the CIDR blocks that I know Yahoo sends from. >> If the IP doesn't match, the email is tagged as spam and made to wait a >> short length of time. >> >> 2) The IP address is checked against a list of naughty CIDR address >> blocks, and tagged as spam and made to wait a bit of time weighted based >> as to how naughty that network is. >> >> 3) Then there are the spamhaus/spamcop checks. >> >> Etc. >> >> The idea here is to make spamming as painful as possible for the spammer >> before the message is finally rejected due to invalid recipient. Maybe >> I'm off base here. >> >> These basic checks along with the ones WBHacker suggests -- before the >> recipient check -- will probably solve your problem. Unfortunately, I >> don't know how to do what you actually ask, which is turn off bounces in >> favor of a flat out rejection. I would not do that anyway because >> bounces are a good thing. >> >> Craig >> >> -- >> ## List details at http://lists.exim.org/mailman/listinfo/exim-users >> ## Exim details at http://www.exim.org/ >> ## Please use the Wiki with this list - http://wiki.exim.org/ >> >> > > > -- > ## List details at http://lists.exim.org/mailman/listinfo/exim-users > ## Exim details at http://www.exim.org/ > ## Please use the Wiki with this list - http://wiki.exim.org/ > -- ## List details at http://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
