I fixed this the easy way. Instead of deleting the offending account I
disable and and route all the mail for that domain to my "special" mailbox
for spam (/dev/null). This is _much_ less expensive than bouncing the
messages.
Matt
> -----Original Message-----
> From: Scott Ramshaw [mailto:[EMAIL PROTECTED]]
> Sent: Tuesday, July 17, 2001 2:25 PM
> To: [EMAIL PROTECTED]
> Subject: spammers forging From: addresses
>
>
> I'm having a serious problem and I'm sure I'm not the only
> one. I run
> a free email service using vpopmail, sqwebmail etc and these spam
> $#%#@%$ keep signing up for an account then proceeding to send immense
> amounts of SPAM (not through my server, mostly through open
> third party
> relays), I mean tens of thousands of SPAMs with a forged From: address
> from my domain. Usually I spot them quick and delete the account, but
> that doesn't stop my server from receiving and processing
> literally tens
> of thousands of bounced emails due to these fools forging the From:
> address from my domain. If there was a badmailto like there is a
> badmailfrom in qmail, that might speed up the denial but currently it
> has to process the message, sees that the account doesn't exist, then
> it does the double bounce then discards it. Also is this behavior in
> compliance with the email RFC's? Should MTAs be bouncing mail back to
> me even though it didn't originate from my server? Seems
> like is a DOS
> attack waiting to happen (well it's happening to me, but it could be
> done on a larger scale.)
>
> Has anyone found a fix for this issue? Please don't suggest to track
> down the spammers and get them to stop forging because that
> is a cat and
> mouse game, I need to curb the entire bounced email issue. Even
> something like a badmailto that would immediately just drop
> the message
> if the To: address matched would be great if anyone has
> hacked qmail to
> do so.
>
> Open to any suggestions,
> Scott R
>
>
>
>
