Congratulations - you are the victim of a "joe job" where the spammers use your address as the "sending" and "reply to" address.
I have one such address that gets between 15,000 and 25,000 "replies" per day and has for over 2 years that I can track. ([email protected] which has never been used by the owner of that domain) In severe cases (such as the above) only a change in your address will stop the flood. Most however will tail off after a few days or weeks. My own address has suffered a couple of times but seems to be fine at this time. For the above joe job I have a special error message crafted to send to reply hosts after the envelope but before the body. Most severe case I've ever run across - anyone able to top it? richard On Sun, 2008-12-21 at 17:45 +0000, Terry wrote: > Hi over the last 2 weeks I am suddenly getting a lot of spam that claims > I sent it which of course i didnt. > What sort of acl could I use to catch it ? > > Here is what shows in my logs > > --------- > 2008-12-21 17:39:36 1LESH5-0009Zl-3u <= [email protected] > H=host81-153-121-27.range81-153.btcentralplus.com [81.153.121.27]:2656 > I=[217.112.92.232]:25 P=smtp S=3067 T="Your sales agent for consumer > healthcare products" from <[email protected]> for [email protected] > 2008-12-21 17:39:38 1LESH5-0009Zl-3u => [email protected] > <[email protected]> F=<[email protected]> P=<[email protected]> > R=dnslookup T=remote_smtp S=3128 H=mail.bluelight.org.uk > [80.229.144.50]:25 C="250 OK id=1LESHQ-00019y-Si" QT=7s DT=1s > 2008-12-21 17:39:38 1LESH5-0009Zl-3u Completed QT=7s > > Thanks > -- Richard C. Pitt Pacific Data Capture [email protected] 604-644-9265 http://blog.pacdat.net www.pacdat.net PGP Fingerprint: FCEF 167D 151B 64C4 3333 57F0 4F18 AF98 9F59 DD73 -- ## List details at http://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
