RE: Possible Spam: RE: [Declude.JunkMail] NDR's
looks to me that the spammer is just using a dictionary of user names and sending to them by appending on the domain name in the hopes that they may get a hit on another mailbox. Kevin Bilbee > -Original Message- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] Behalf Of declude > Sent: Friday, June 11, 2004 9:35 AM > To: [EMAIL PROTECTED] > Subject: RE: Possible Spam: RE: [Declude.JunkMail] NDR's > > > Hi Markus, > > I know what you mean, just like the list below > > I have a customer, nst.ie, and this is what is happening to them. > > Kevin > > > QD:\IMail\spool\Ddbdf01e626ff.SMD > Hkadmail.co.uk > WD:\Imail\kadmail_co_uk > E0, > S<[EMAIL PROTECTED]> > NRCPT TO: <[EMAIL PROTECTED]> > R<[EMAIL PROTECTED]> > NRCPT TO: <[EMAIL PROTECTED]> > R<[EMAIL PROTECTED]> > NRCPT TO: <[EMAIL PROTECTED]> > R<[EMAIL PROTECTED]> > NRCPT TO: <[EMAIL PROTECTED]> > R<[EMAIL PROTECTED]> > NRCPT TO: <[EMAIL PROTECTED]> > R<[EMAIL PROTECTED]> > NRCPT TO: <[EMAIL PROTECTED]> > R<[EMAIL PROTECTED]> > NRCPT TO: <[EMAIL PROTECTED]> > R<[EMAIL PROTECTED]> > NRCPT TO: <[EMAIL PROTECTED]> > R<[EMAIL PROTECTED]> > NRCPT TO: <[EMAIL PROTECTED]> > R<[EMAIL PROTECTED]> > NRCPT TO: <[EMAIL PROTECTED]> > R<[EMAIL PROTECTED]> > NRCPT TO: <[EMAIL PROTECTED]> > R<[EMAIL PROTECTED]> > NRCPT TO: <[EMAIL PROTECTED]> > R<[EMAIL PROTECTED]> > NRCPT TO: <[EMAIL PROTECTED]> > R<[EMAIL PROTECTED]> > NRCPT TO: <[EMAIL PROTECTED]> > R<[EMAIL PROTECTED]> > NRCPT TO: <[EMAIL PROTECTED]> > R<[EMAIL PROTECTED]> > NRCPT TO: <[EMAIL PROTECTED]> > R<[EMAIL PROTECTED]> > NRCPT TO: <[EMAIL PROTECTED]> > R<[EMAIL PROTECTED]> > NRCPT TO: <[EMAIL PROTECTED]> > R<[EMAIL PROTECTED]> > NRCPT TO: <[EMAIL PROTECTED]> > R<[EMAIL PROTECTED]> > NRCPT TO: <[EMAIL PROTECTED]> > R<[EMAIL PROTECTED]> > NRCPT TO: <[EMAIL PROTECTED]> > R<[EMAIL PROTECTED]> > NRCPT TO: <[EMAIL PROTECTED]> > R<[EMAIL PROTECTED]> > NRCPT TO: <[EMAIL PROTECTED]> > R<[EMAIL PROTECTED]> > NRCPT TO: <[EMAIL PROTECTED]> > R<[EMAIL PROTECTED]> > NRCPT TO: <[EMAIL PROTECTED]> > R<[EMAIL PROTECTED]> > NRCPT TO: <[EMAIL PROTECTED]> > R<[EMAIL PROTECTED]> > NRCPT TO: <[EMAIL PROTECTED]> > R<[EMAIL PROTECTED]> > NRCPT TO: <[EMAIL PROTECTED]> > R<[EMAIL PROTECTED]> > NRCPT TO: <[EMAIL PROTECTED]> > R<[EMAIL PROTECTED]> > NRCPT TO: <[EMAIL PROTECTED]> > R<[EMAIL PROTECTED]> > NRCPT TO: <[EMAIL PROTECTED]> > R<[EMAIL PROTECTED]> > NRCPT TO: <[EMAIL PROTECTED]> > R<[EMAIL PROTECTED]> > NRCPT TO: <[EMAIL PROTECTED]> > R<[EMAIL PROTECTED]> > NRCPT TO: <[EMAIL PROTECTED]> > R<[EMAIL PROTECTED]> > NRCPT TO: <[EMAIL PROTECTED]> > R<[EMAIL PROTECTED]> > NRCPT TO: <[EMAIL PROTECTED]> > R<[EMAIL PROTECTED]> > NRCPT TO: <[EMAIL PROTECTED]> > R<[EMAIL PROTECTED]> > NRCPT TO: <[EMAIL PROTECTED]> > R<[EMAIL PROTECTED]> > NRCPT TO: <[EMAIL PROTECTED]> > R<[EMAIL PROTECTED]> > NRCPT TO: <[EMAIL PROTECTED]> > R<[EMAIL PROTECTED]> > > -- Original Message -- > From: "Markus Gufler" <[EMAIL PROTECTED]> > Reply-To: [EMAIL PROTECTED] > Date: Fri, 11 Jun 2004 18:06:41 +0200 > > > > >> We've been getting upwards of 30k messages a day which are > >> NDR's with our domain name, but with a randomly generated > >> username. We found that although our mail server is more > >> then capable of handling the volume, it was creating a lot of > >> lag with POP3 accounts when the server was being hammered > >> with the dang things. Seems this is getting to be the latest > >> craze, spamming with legit domain names attached to a random username. > > > >Thats not the current problem. > >The problem are NDR's send back to real existing email addresses > because the > >original message has had only one (or a few) valid recipient > addresses but a > >lot of random generated name parts of the email address. (in sober.g case > >this are one valid recipient and 39 usualy inexistant, random generated > >addresses) > > > >Your gateway would filter out this type of NDRs > > > >Markus > > > > > > >
RE: Possible Spam: RE: [Declude.JunkMail] NDR's
Hi Markus, I know what you mean, just like the list below I have a customer, nst.ie, and this is what is happening to them. Kevin QD:\IMail\spool\Ddbdf01e626ff.SMD Hkadmail.co.uk WD:\Imail\kadmail_co_uk E0, S<[EMAIL PROTECTED]> NRCPT TO: <[EMAIL PROTECTED]> R<[EMAIL PROTECTED]> NRCPT TO: <[EMAIL PROTECTED]> R<[EMAIL PROTECTED]> NRCPT TO: <[EMAIL PROTECTED]> R<[EMAIL PROTECTED]> NRCPT TO: <[EMAIL PROTECTED]> R<[EMAIL PROTECTED]> NRCPT TO: <[EMAIL PROTECTED]> R<[EMAIL PROTECTED]> NRCPT TO: <[EMAIL PROTECTED]> R<[EMAIL PROTECTED]> NRCPT TO: <[EMAIL PROTECTED]> R<[EMAIL PROTECTED]> NRCPT TO: <[EMAIL PROTECTED]> R<[EMAIL PROTECTED]> NRCPT TO: <[EMAIL PROTECTED]> R<[EMAIL PROTECTED]> NRCPT TO: <[EMAIL PROTECTED]> R<[EMAIL PROTECTED]> NRCPT TO: <[EMAIL PROTECTED]> R<[EMAIL PROTECTED]> NRCPT TO: <[EMAIL PROTECTED]> R<[EMAIL PROTECTED]> NRCPT TO: <[EMAIL PROTECTED]> R<[EMAIL PROTECTED]> NRCPT TO: <[EMAIL PROTECTED]> R<[EMAIL PROTECTED]> NRCPT TO: <[EMAIL PROTECTED]> R<[EMAIL PROTECTED]> NRCPT TO: <[EMAIL PROTECTED]> R<[EMAIL PROTECTED]> NRCPT TO: <[EMAIL PROTECTED]> R<[EMAIL PROTECTED]> NRCPT TO: <[EMAIL PROTECTED]> R<[EMAIL PROTECTED]> NRCPT TO: <[EMAIL PROTECTED]> R<[EMAIL PROTECTED]> NRCPT TO: <[EMAIL PROTECTED]> R<[EMAIL PROTECTED]> NRCPT TO: <[EMAIL PROTECTED]> R<[EMAIL PROTECTED]> NRCPT TO: <[EMAIL PROTECTED]> R<[EMAIL PROTECTED]> NRCPT TO: <[EMAIL PROTECTED]> R<[EMAIL PROTECTED]> NRCPT TO: <[EMAIL PROTECTED]> R<[EMAIL PROTECTED]> NRCPT TO: <[EMAIL PROTECTED]> R<[EMAIL PROTECTED]> NRCPT TO: <[EMAIL PROTECTED]> R<[EMAIL PROTECTED]> NRCPT TO: <[EMAIL PROTECTED]> R<[EMAIL PROTECTED]> NRCPT TO: <[EMAIL PROTECTED]> R<[EMAIL PROTECTED]> NRCPT TO: <[EMAIL PROTECTED]> R<[EMAIL PROTECTED]> NRCPT TO: <[EMAIL PROTECTED]> R<[EMAIL PROTECTED]> NRCPT TO: <[EMAIL PROTECTED]> R<[EMAIL PROTECTED]> NRCPT TO: <[EMAIL PROTECTED]> R<[EMAIL PROTECTED]> NRCPT TO: <[EMAIL PROTECTED]> R<[EMAIL PROTECTED]> NRCPT TO: <[EMAIL PROTECTED]> R<[EMAIL PROTECTED]> NRCPT TO: <[EMAIL PROTECTED]> R<[EMAIL PROTECTED]> NRCPT TO: <[EMAIL PROTECTED]> R<[EMAIL PROTECTED]> NRCPT TO: <[EMAIL PROTECTED]> R<[EMAIL PROTECTED]> NRCPT TO: <[EMAIL PROTECTED]> R<[EMAIL PROTECTED]> NRCPT TO: <[EMAIL PROTECTED]> R<[EMAIL PROTECTED]> NRCPT TO: <[EMAIL PROTECTED]> R<[EMAIL PROTECTED]> -- Original Message -- From: "Markus Gufler" <[EMAIL PROTECTED]> Reply-To: [EMAIL PROTECTED] Date: Fri, 11 Jun 2004 18:06:41 +0200 > >> We've been getting upwards of 30k messages a day which are >> NDR's with our domain name, but with a randomly generated >> username. We found that although our mail server is more >> then capable of handling the volume, it was creating a lot of >> lag with POP3 accounts when the server was being hammered >> with the dang things. Seems this is getting to be the latest >> craze, spamming with legit domain names attached to a random username. > >Thats not the current problem. >The problem are NDR's send back to real existing email addresses because the >original message has had only one (or a few) valid recipient addresses but a >lot of random generated name parts of the email address. (in sober.g case >this are one valid recipient and 39 usualy inexistant, random generated >addresses) > >Your gateway would filter out this type of NDRs > >Markus > > > >--- >[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] > >--- >This E-mail came from the Declude.JunkMail mailing list. To >unsubscribe, just send an E-mail to [EMAIL PROTECTED], and >type "unsubscribe Declude.JunkMail". The archives can be found >at http://www.mail-archive.com. > > >[ PS. This email has been securely processed by Sorting Office ] > > > __ This email has been Processed using Sorting Office Email Services This email and any attachments are confidential to the intended recipient and may also be privileged. If you are not the intended recipient please delete it from your system and notify the sender. You should not copy it or use it for any purpose nor disclose or distribute its contents to any other person. Sorting Office Email Filter Solution Anti-Virus | Anti-Spam For kad.co.uk --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
RE: Possible Spam: RE: [Declude.JunkMail] NDR's
> We've been getting upwards of 30k messages a day which are > NDR's with our domain name, but with a randomly generated > username. We found that although our mail server is more > then capable of handling the volume, it was creating a lot of > lag with POP3 accounts when the server was being hammered > with the dang things. Seems this is getting to be the latest > craze, spamming with legit domain names attached to a random username. Thats not the current problem. The problem are NDR's send back to real existing email addresses because the original message has had only one (or a few) valid recipient addresses but a lot of random generated name parts of the email address. (in sober.g case this are one valid recipient and 39 usualy inexistant, random generated addresses) Your gateway would filter out this type of NDRs Markus --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
RE: Possible Spam: RE: [Declude.JunkMail] NDR's
Great.. Thanks.. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Rich Sent: Friday, June 11, 2004 10:50 AM To: [EMAIL PROTECTED] Subject: Re: Possible Spam: RE: [Declude.JunkMail] NDR's I'm working on creating one, a version of what we have, it's started at http://www.kendra.com/Support/PerUser_Gateway/index.htm, I'm trying to finish it today. Rich - Original Message - From: "Jeff Maze" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Friday, June 11, 2004 8:42 AM Subject: RE: Possible Spam: RE: [Declude.JunkMail] NDR's > Was there a HOWTO you found online to do this? Wouldn't mind attempting > this when I get a chance.. > > > -Original Message- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of Rich > Sent: Friday, June 11, 2004 10:33 AM > To: [EMAIL PROTECTED] > Subject: Re: Possible Spam: RE: [Declude.JunkMail] NDR's > > We've been getting upwards of 30k messages a day which are NDR's with our > domain name, but with a randomly generated username. We found that although > our mail server is more then capable of handling the volume, it was creating > a lot of lag with POP3 accounts when the server was being hammered with the > dang things. Seems this is getting to be the latest craze, spamming with > legit domain names attached to a random username. > > So what we did was to set up two BSD/Postfix boxes that filter based on a > list of our valid users which we update as needed. The incoming NDR's are > then trashed at the BSD/Postfix level and Imail and Declude don't have to > deal with them. This is kind of like Len Conrads Imgate, but it only checks > for a valid username before relaying the email into the Imail box. > > Rich > > > - Original Message - > From: "declude" <[EMAIL PROTECTED]> > To: <[EMAIL PROTECTED]> > Sent: Friday, June 11, 2004 4:05 AM > Subject: Possible Spam: RE: [Declude.JunkMail] NDR's > > > > Markus > > > > We are seeing 1 in 10 email's which are NDR's and are nothing to do with > the german-politic spam messages. > > > > Look's like we have a new problem, which is growing quickly. > > > > Scott I hope you can help on this one or anyone else... > > > > Kevin > > > > > > -- Original Message -- > > From: "Markus Gufler" <[EMAIL PROTECTED]> > > Reply-To: [EMAIL PROTECTED] > > Date: Fri, 11 Jun 2004 12:49:55 +0200 > > > > > > > >> We are seeing a lot of NDR's coming from ligit servers, with > > >> a spoofed user name, but a correct domain name. > > >> > > >> What would be the best way to deal with this ever growing problem. > > > > > >Yipiieee :-) > > >I'm not the only one having this problem. > > > > > >As I can see this are NDR's from current spam messages having forged but > > >real existing mailfrom addresses and a lot of random recipient names in > > >combination with valid domains. (german-politic spam messages send from > > >sober.g zombies) > > > > > >Markus > > > > > > > > >--- > > >[This E-mail was scanned for viruses by Declude Virus > (http://www.declude.com)] > > > > > >--- > > >This E-mail came from the Declude.JunkMail mailing list. To > > >unsubscribe, just send an E-mail to [EMAIL PROTECTED], and > > >type "unsubscribe Declude.JunkMail". The archives can be found > > >at http://www.mail-archive.com. > > > > > > > > >[ PS. This email has been securely processed by Sorting Office ] > > > > > > > > > > > __ > > This email has been Processed using Sorting Office Email Services > > This email and any attachments are confidential to the intended > > recipient and may also be privileged. If you are not the intended > > recipient please delete it from your system and notify the sender. > > You should not copy it or use it for any purpose nor disclose or > > distribute its contents to any other person. > > > >Sorting Office Email Filter Solution > > Anti-Virus | Anti-Spam > > For kad.co.uk > > --- > > [This E-mail was scanned for viruses by Declude Virus > (http://www.declude.com)] > > > > --- > > This E-mail came from the Declude.JunkMail mailing list. To > > unsubsc
Re: Possible Spam: RE: [Declude.JunkMail] NDR's
I'm working on creating one, a version of what we have, it's started at http://www.kendra.com/Support/PerUser_Gateway/index.htm, I'm trying to finish it today. Rich - Original Message - From: "Jeff Maze" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Friday, June 11, 2004 8:42 AM Subject: RE: Possible Spam: RE: [Declude.JunkMail] NDR's > Was there a HOWTO you found online to do this? Wouldn't mind attempting > this when I get a chance.. > > > -Original Message- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of Rich > Sent: Friday, June 11, 2004 10:33 AM > To: [EMAIL PROTECTED] > Subject: Re: Possible Spam: RE: [Declude.JunkMail] NDR's > > We've been getting upwards of 30k messages a day which are NDR's with our > domain name, but with a randomly generated username. We found that although > our mail server is more then capable of handling the volume, it was creating > a lot of lag with POP3 accounts when the server was being hammered with the > dang things. Seems this is getting to be the latest craze, spamming with > legit domain names attached to a random username. > > So what we did was to set up two BSD/Postfix boxes that filter based on a > list of our valid users which we update as needed. The incoming NDR's are > then trashed at the BSD/Postfix level and Imail and Declude don't have to > deal with them. This is kind of like Len Conrads Imgate, but it only checks > for a valid username before relaying the email into the Imail box. > > Rich > > > - Original Message - > From: "declude" <[EMAIL PROTECTED]> > To: <[EMAIL PROTECTED]> > Sent: Friday, June 11, 2004 4:05 AM > Subject: Possible Spam: RE: [Declude.JunkMail] NDR's > > > > Markus > > > > We are seeing 1 in 10 email's which are NDR's and are nothing to do with > the german-politic spam messages. > > > > Look's like we have a new problem, which is growing quickly. > > > > Scott I hope you can help on this one or anyone else... > > > > Kevin > > > > > > -- Original Message -- > > From: "Markus Gufler" <[EMAIL PROTECTED]> > > Reply-To: [EMAIL PROTECTED] > > Date: Fri, 11 Jun 2004 12:49:55 +0200 > > > > > > > >> We are seeing a lot of NDR's coming from ligit servers, with > > >> a spoofed user name, but a correct domain name. > > >> > > >> What would be the best way to deal with this ever growing problem. > > > > > >Yipiieee :-) > > >I'm not the only one having this problem. > > > > > >As I can see this are NDR's from current spam messages having forged but > > >real existing mailfrom addresses and a lot of random recipient names in > > >combination with valid domains. (german-politic spam messages send from > > >sober.g zombies) > > > > > >Markus > > > > > > > > >--- > > >[This E-mail was scanned for viruses by Declude Virus > (http://www.declude.com)] > > > > > >--- > > >This E-mail came from the Declude.JunkMail mailing list. To > > >unsubscribe, just send an E-mail to [EMAIL PROTECTED], and > > >type "unsubscribe Declude.JunkMail". The archives can be found > > >at http://www.mail-archive.com. > > > > > > > > >[ PS. This email has been securely processed by Sorting Office ] > > > > > > > > > > > __ > > This email has been Processed using Sorting Office Email Services > > This email and any attachments are confidential to the intended > > recipient and may also be privileged. If you are not the intended > > recipient please delete it from your system and notify the sender. > > You should not copy it or use it for any purpose nor disclose or > > distribute its contents to any other person. > > > >Sorting Office Email Filter Solution > > Anti-Virus | Anti-Spam > > For kad.co.uk > > --- > > [This E-mail was scanned for viruses by Declude Virus > (http://www.declude.com)] > > > > --- > > This E-mail came from the Declude.JunkMail mailing list. To > > unsubscribe, just send an E-mail to [EMAIL PROTECTED], and > > type "unsubscribe Declude.JunkMail". The archives can be found > > at http://www.mail-archive.com. > > > > --- > [This E-mail was scanned for vi
RE: Possible Spam: RE: [Declude.JunkMail] NDR's
Was there a HOWTO you found online to do this? Wouldn't mind attempting this when I get a chance.. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Rich Sent: Friday, June 11, 2004 10:33 AM To: [EMAIL PROTECTED] Subject: Re: Possible Spam: RE: [Declude.JunkMail] NDR's We've been getting upwards of 30k messages a day which are NDR's with our domain name, but with a randomly generated username. We found that although our mail server is more then capable of handling the volume, it was creating a lot of lag with POP3 accounts when the server was being hammered with the dang things. Seems this is getting to be the latest craze, spamming with legit domain names attached to a random username. So what we did was to set up two BSD/Postfix boxes that filter based on a list of our valid users which we update as needed. The incoming NDR's are then trashed at the BSD/Postfix level and Imail and Declude don't have to deal with them. This is kind of like Len Conrads Imgate, but it only checks for a valid username before relaying the email into the Imail box. Rich - Original Message - From: "declude" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Friday, June 11, 2004 4:05 AM Subject: Possible Spam: RE: [Declude.JunkMail] NDR's > Markus > > We are seeing 1 in 10 email's which are NDR's and are nothing to do with the german-politic spam messages. > > Look's like we have a new problem, which is growing quickly. > > Scott I hope you can help on this one or anyone else... > > Kevin > > > -- Original Message -- > From: "Markus Gufler" <[EMAIL PROTECTED]> > Reply-To: [EMAIL PROTECTED] > Date: Fri, 11 Jun 2004 12:49:55 +0200 > > > > >> We are seeing a lot of NDR's coming from ligit servers, with > >> a spoofed user name, but a correct domain name. > >> > >> What would be the best way to deal with this ever growing problem. > > > >Yipiieee :-) > >I'm not the only one having this problem. > > > >As I can see this are NDR's from current spam messages having forged but > >real existing mailfrom addresses and a lot of random recipient names in > >combination with valid domains. (german-politic spam messages send from > >sober.g zombies) > > > >Markus > > > > > >--- > >[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] > > > >--- > >This E-mail came from the Declude.JunkMail mailing list. To > >unsubscribe, just send an E-mail to [EMAIL PROTECTED], and > >type "unsubscribe Declude.JunkMail". The archives can be found > >at http://www.mail-archive.com. > > > > > >[ PS. This email has been securely processed by Sorting Office ] > > > > > > > __ > This email has been Processed using Sorting Office Email Services > This email and any attachments are confidential to the intended > recipient and may also be privileged. If you are not the intended > recipient please delete it from your system and notify the sender. > You should not copy it or use it for any purpose nor disclose or > distribute its contents to any other person. > >Sorting Office Email Filter Solution > Anti-Virus | Anti-Spam > For kad.co.uk > --- > [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] > > --- > This E-mail came from the Declude.JunkMail mailing list. To > unsubscribe, just send an E-mail to [EMAIL PROTECTED], and > type "unsubscribe Declude.JunkMail". The archives can be found > at http://www.mail-archive.com. > --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
Re: Possible Spam: RE: [Declude.JunkMail] NDR's
We've been getting upwards of 30k messages a day which are NDR's with our domain name, but with a randomly generated username. We found that although our mail server is more then capable of handling the volume, it was creating a lot of lag with POP3 accounts when the server was being hammered with the dang things. Seems this is getting to be the latest craze, spamming with legit domain names attached to a random username. So what we did was to set up two BSD/Postfix boxes that filter based on a list of our valid users which we update as needed. The incoming NDR's are then trashed at the BSD/Postfix level and Imail and Declude don't have to deal with them. This is kind of like Len Conrads Imgate, but it only checks for a valid username before relaying the email into the Imail box. Rich - Original Message - From: "declude" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Friday, June 11, 2004 4:05 AM Subject: Possible Spam: RE: [Declude.JunkMail] NDR's > Markus > > We are seeing 1 in 10 email's which are NDR's and are nothing to do with the german-politic spam messages. > > Look's like we have a new problem, which is growing quickly. > > Scott I hope you can help on this one or anyone else... > > Kevin > > > -- Original Message -- > From: "Markus Gufler" <[EMAIL PROTECTED]> > Reply-To: [EMAIL PROTECTED] > Date: Fri, 11 Jun 2004 12:49:55 +0200 > > > > >> We are seeing a lot of NDR's coming from ligit servers, with > >> a spoofed user name, but a correct domain name. > >> > >> What would be the best way to deal with this ever growing problem. > > > >Yipiieee :-) > >I'm not the only one having this problem. > > > >As I can see this are NDR's from current spam messages having forged but > >real existing mailfrom addresses and a lot of random recipient names in > >combination with valid domains. (german-politic spam messages send from > >sober.g zombies) > > > >Markus > > > > > >--- > >[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] > > > >--- > >This E-mail came from the Declude.JunkMail mailing list. To > >unsubscribe, just send an E-mail to [EMAIL PROTECTED], and > >type "unsubscribe Declude.JunkMail". The archives can be found > >at http://www.mail-archive.com. > > > > > >[ PS. This email has been securely processed by Sorting Office ] > > > > > > > __ > This email has been Processed using Sorting Office Email Services > This email and any attachments are confidential to the intended > recipient and may also be privileged. If you are not the intended > recipient please delete it from your system and notify the sender. > You should not copy it or use it for any purpose nor disclose or > distribute its contents to any other person. > >Sorting Office Email Filter Solution > Anti-Virus | Anti-Spam > For kad.co.uk > --- > [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] > > --- > This E-mail came from the Declude.JunkMail mailing list. To > unsubscribe, just send an E-mail to [EMAIL PROTECTED], and > type "unsubscribe Declude.JunkMail". The archives can be found > at http://www.mail-archive.com. > --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.