Nigel Frankcom-2 wrote: > > Can you not block them at your router or firewall? Then they are not > taking up threads either. It's how I deal with heavy hitters. > > Nigel >
No, I wish I could, but these bounced emails are not coming To Me from a single IP. It goes like this: 1. Some doofus' spambot in France at the previously referenced IP is sending out spam with spoofed return addresses which just happens to be one of my domains. 2. Because the spambot is randomly generating the To addresses, most of the final destination servers end up bouncing the mail to the supposed sender (my legitimate domain). 3. Therefore I am receiving the bounced mails from those non-existent recipient mail servers (which are just whichever unlucky MX record that got stuck having to reject the spam). So the IPs of mail server connecting to my network are almost always different based upon a random To address. Only the original source IP, which is buried in the headers, has any consistency which I could use to establish a "Rule." I suspect that further complicating matters is that when these messages get bounced, they get wrapped by the bouncing MTA, possibly masking the headers from SA which then makes my rules all fail. I had even considered killing any and all email that are bounces, but then no one on my server would ever know if a legit email they sent got bounced... Thanks! Thad -- View this message in context: http://www.nabble.com/Being-Buried-In-Returned-Email---Need-To-Mark-Certain-IPs-tp18181167p18183092.html Sent from the SpamAssassin - Users mailing list archive at Nabble.com.
