> SPAM is not a big deal if you are getting only SPAM.
> It is much worse when you are getting thousands and thousands of failure messages.
>
> This is exactly what happened to me: some smart guy has a huge list of
> emails addresses which are intended to be his spam victims.
> Tousands of them are not working any more, because the list is out-dated,
> but the error messages have to end somewhere, don't they?
> Ok, we pick up some existing domain.com and then we wiil randomly generate
> [EMAIL PROTECTED] So, all this mess ends up in the postmasters mail.
> Apart from these, you find there also tons of threats that people will
> suit me for spamming.
Are your server being used as a Relay for these messages,
or are the SPAMMERS simply using your domain to forge their envelope sender.
> My question is:
>
> 1) is there a way out?
Yes, it's however mighty complexed and for most people unacceptable.
You have to "compromize" your security so that your service to your users
are balancing right where you and your users are happy,
secondly you have to "compromize" security to insure that your work day
is less than 24 hours everyday while still making your server maximum safe.
> 2) can qmail reject email based on "Received: " envelope?
> I want it not to bounce a message back,
> if there is the bad.host.com listed in the Received line.
You can only purge them automaticly, I'm not sure that's to smart.
The best is to reject based on envelope sender or recipient,
that way you can tell the "offening" server that you rejected the message.
(This is done throug the files control/badmailfrom and control/badrcptto.)
BTW: would it be possible to see one COMPLETE
bounce message you are having trouble with.
MVH André Paulsberg
