On Thu, 8 Sep 2011, Steve wrote:

On 08/09/2011 17:04, Mark Martinec wrote:
Sep  8 15:04:43 svr amavis[9242]: (09242-14)
  Passed SPAM, [208.30.118.112] [208.30.118.112]
  <adelama...@boimail.com> ->
    <st...@svr.mydom.org>,<st...@svr.mydom.org>,<st...@svr.mydom.org>,
    <st...@svr.mydom.org>,<st...@svr.mydom.org>,<st...@svr.mydom.org>,
   <st...@svr.mydom.org>,<st...@svr.mydom.org>,
Message-ID: <201109081759.8B7F082565A0D33F9A15@p00905q4tw>,
mail_id: 0eFkT73PzE2y, Hits: 25.936, size: 1608, queued_as: E24C916C02A6,
8169 ms

In a sense that's what's wanted... /etc/postfix/virtual contains:
@mydom.org st...@mydom.org
I want all messages to all users delivered to steve.

That's really discouraged these days, because spammers send a _lot_ of mail to essentially randomly-generated addresses in the hope that something will actually get delivered to a person with a wallet, and if you have a catch-all rather than rejecting invalid recipients, you actually _get_ all that spam (as you've seen).

Disabling your catch-all would cure 90%-ish of this problem. How critical is that catch-all to you?

Also: the log watcher idea wouldn't work, because it's only one inbound message. Greylisting _would_ still delay the message and would filter them completely if the spammer isn't retrying.

--
 John Hardin KA7OHZ                    http://www.impsec.org/~jhardin/
 jhar...@impsec.org    FALaholic #11174     pgpk -a jhar...@impsec.org
 key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C  AF76 D822 E6E6 B873 2E79
-----------------------------------------------------------------------
 Windows and its users got mentioned at home today, after my wife the
 psych major brought up Seligman's theory of "learned helplessness."
                                             -- Dan Birchall in a.s.r
-----------------------------------------------------------------------
 9 days until the 224th anniversary of the signing of the U.S. Constitution

Reply via email to