Barry Hill <[EMAIL PROTECTED]> wrote:
>
> I got a shock when I browsed the mail logs today: huge amounts of mails
> are landing on my machine to users which don't exist (usernames
> composed of random letters). These mails are mainly "user doesn't
> exist" messages, and they are landing on my machine because the
> REPLY-TO and FROM addresses have been set to my domain.
You've been joe-jobbed.
> This is causing an large increase in traffic, which I have to pay for :-(
>
> Having a default user for the domain collects these mails, and not
> having a default user responds with a bounce, and a log entry:
> "discarding triple bounce". Which uses more bandwidth ??
If you don't have a default user, you deliver a lot of double-bounces (or try
to, anyways), and that will use some bandwidth. Better to just save or
discard them locally.
> I've looked in the archives, but there is only a mention of adding the
> domain to "badrcptto". Which doesn't help my legitimate users.
No. There's no way to (a) continue providing service to the legitimate users
in the same domain, and (b) stop receiving the spam bounces.
> This could go on for ever - has anyone any ideas what I can do?
It won't last forever. Your best bet is track down the spammer based on what
they're promoting (a website, a phone number, etc) and get them shut down.
Within a week, the bounces will have stopped.
> Are there any free services which would accept being entered as a
> MX and which would filter out the sh*t and forward the rest?
Not for free -- it takes significant system resources, as you've seen.
> There doesn't seem to be anything in the mails which would point
> towards the ISP of the spammer:
The headers are forged anyways. Look in the body of the message to see what
the spammer was promoting.
Charles
--
-----------------------------------------------------------------------
Charles Cazabon <[EMAIL PROTECTED]>
GPL'ed software available at: http://www.qcc.sk.ca/~charlesc/software/
Any opinions expressed are just that -- my opinions.
-----------------------------------------------------------------------
