On Fri, Oct 17, 2008 at 09:59:17AM +1100, Edwin Groothuis wrote:
> > In the last hour, I've received over 200 legitimate bounce messages
> > from email services as a result of someone having used or worse is
> > using my email address in spam from multiple windows machines and ip
> > addresses.
> When this happens I enable the "move all messages from mailer-daemon
> to /dev/null" rules in procmail for a day or two. And curse at the
> people who originated the original spam...

I use a similar approach to Edward's.

My old domain used to get hammered with backscatter which basically I
had no choice but to accept. I was on a pop3 catch-all.

If I had a regular amount of backscatter (<100), I'd accept it & then
pass it to procmail.

I found (I don't know if the OP did too) that the backscatter was
generally addressed to a non-existent user, so it was easy to write
rules to filter it out and send it to the bit-bucket.

I also found that the backscatter was commonly addressed to people
like frankn@ - close but no cigar. The following filtered out that



In the worst case scenario, I'd find that I'd get thousands of
backscattered mails (the swine must have been sending millions of
messages purportedly coming from me).

In this case I'd just delete all my mail off the popserver with a
script. Yes, I might lose a few genuine emails but when I had
thousands of backscattered mails, they'd come in the space of a couple
of hours.

My ultimate sanction was eventually getting a new domain (I know it's
admitting defeat).

I now find that I get very little backscatter on my old domain and I
haven't had a mass mailing effort from it for some time.

Best of luck!




 Contact info: http://www.shute.org.uk/misc/contact.html 

freebsd-questions@freebsd.org mailing list
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Reply via email to