> Does anyone have knowledge of the SMTP header option X-RCPT-TO: ?
> At the moment I am receiving around 1000 messages an hour - not one of
these
> messages is addressed to my domain (most if not all of them are junk spam
> messages to <undisclosed recipients> or variations on that theme), the
only
> thing they have in common is that my domain is listed under the X-RCPT-TO:
> header.
Actually, they almost positively ARE addressed to your domain.
The "<undisclosed recipients>" just means that the spammer doesn't want you
knowing everyone he is spamming to. He's actually being nice (rare for
spammers!), so you don't have several megabytes of headers.
The "To:", "Cc:" and "Bcc:" fields in the headers of a message just show
what the sender wants you to see. They are almost always forged by
spammers.
If you check the IMail logs, you'll see that these messages are addressed to
people on your system. You'll see a "RCPT TO:" line that shows the
recipient. That's the person the spammer (or mailbomber, as I'm suspecting)
wanted the E-mail to go to. And, it's on your domain.
The X-RCPT-TO header is added by IMail, and should be exactly the same as
the "RCPT TO:" that the spammer sent. However, it's possible that IMail
could change this if there is forwarding/aliasing going on, so check the
logs to be sure.
> The mails come from multipe sources, so restricting Access Control is not
> really feasible. Any ideas as to why multiple spammers would choose my
> domain?
Most likely, they are coming from the same source. Check the IMail log to
see the IP address they are coming from, and block it. Never rely on
information from the headers of a message, except that which you can verify.
It sounds like you are being mailbombed. Spammers around the world aren't
going to all of a sudden start sending you that much E-mail. Even our spam
traps are lucky to receive 100 spams a day.
> Why does IMail get stuck with the mails, rather than rejecting them
>as undeliverable
Assuming they were destined for your domain, that's why IMail gets stuck
with them.
-Scott
Declude: Anti-spam and Anti-virus solutions for IMail.
http://www.declude.com
Please visit http://www.ipswitch.com/support/mailing-lists.html
to be removed from this list.
An Archive of this list is available at:
http://www.mail-archive.com/imail_forum%40list.ipswitch.com/
