Oliver Howe wrote: > > A lot of my users are complaining that they are receiving bounce back emails > of messages that they did not send. Each message contains some kind of spam > text at the bottom. > > For example, from the headers below the message came from [212.40.112.118] > (helo=pool-01077.externet.hu) which has nothing to do with my domain > (postmaster.co.uk). > > So I'm thinking I could check the envelope-from on my mailservers and reject > if it is for a local user who is not coming from one of my mailservers (so > then they can still send to themselves if they want to). Has anyone else had > this problem? Is there a better solution? > > Thanks, > > Oliver > > > ------ This is a copy of the message, including all the headers. ------ > > Return-path: <[email protected]> > Received: from [212.40.112.118] (helo=pool-01077.externet.hu) > by smtp10.postmaster.co.uk with smtp (Exim 4.68) > (envelope-from <[email protected]>) > id 1LCIqn-0003Ss-PR > for [email protected]; Mon, 15 Dec 2008 19:11:54 +0000 > To: <[email protected]> > Subject: <[email protected]>, December 96% off > From: <[email protected]> > MIME-Version: 1.0 > Importance: High > Content-Type: text/html
You could also try using ips.backscatterer.org. It wont have stopped this one unfortunately, but it stopped all but 5 of thousands since I put it on one of the servers that was being bounce spammed into the ground. If the headers above are correct, the MAIL FROM was set to [email protected] ? If this is correct, you might want to look into only allowing trusted hosts to say they are sending email from your domain - either with SPF or a host list. -- The Exim Manual http://www.exim.org/docs.html http://docs.exim.org/current/ -- ## List details at http://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
