Hi Derrick,

--On Saturday, September 13, 2003 05:10:17 PM -0700 Derrick Ryalls <[EMAIL PROTECTED]> wrote:

No they don't. Email admims look at the last sender IP
address in the headers, which is the only valid address, all
others are usually forged.

What I am referring to is the unable to deliver email that qmail sends to hotmail has an unknown user.

If it is his qmail server, then someone is probably relaying through him. He can determine this through his logs.


If someone is just using one of his email addresses, and he is not a relay, then he is getting Joe-Jobbed.. You have not determined this yet.

Hotmail then bounces the mail back to
my brother's server as an undeliverable, and since it is then a double
bounce, it lands in my brother's inbox (mailer-daemon goes to him).
Today, he has received over 6000 bounced msgs.

Okay, if your question is only - how do I stop double bounces from getting into my system, then here is the answer.


1. Change the /var/qmail/control/doublebounceto file to read only one line saying "obvilion" (without the quotes)

2. Set up an alias in the /var/qmail/alias dir, and make a file called
.qmail-obvilion

3. Edit the file and put in a "#" (no quotes) on one line by itself.

Now, all double bounces with be directed to nowhere, and dissappear.

Yes, but you have to provide more info rather than speculate
on what you are having  a problem with.  Are you an open
relay? Check your logs? If so, something is not configured
properly.  If you are just getting bounces from your own
domain, and someone is forging your domain as the sender or
return address in their spam, that is called a Joe-Job.

In the /var/qmail/control, only his domains are listed.

That would be /var/qmail/control/rcpthosts file. If he does not have that file, he is an open relay and sitting duck.


In tcp.rules,
only localhost can relay email.  Normal clients can only send mail with
SMTP-ATUH.

There is no tcp.rules file in qmail. The local file is called /var/qmail/control/locals, and local host and his domain(s) should be listed there, but not virtual domains.


As above, if he does not check his logs, and read his headers, he has no way of knowing if he is relaying, or suffering from a Joe-Job. There are other ways spammers try to get in, and if he is running a web server, have him also check to make sure he is not running formmail.cgi or pl


-- Gary _______________________________________________ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Reply via email to