[nflug] Forged mail header bounces up exponentially

Roelant Ossewaarde rao3 at buffalo.edu
Tue Apr 29 10:01:03 EDT 2008


Same problem. These are legit emails, so they should actually be  
delivered.

You don't know if the outbound mail went through the same server -  
the SMTP server may be different than the mail destination for a  
domain. I send my email through the SMTP-server of wherever I am, but  
receive it on a different server altogether.

I do greylisting, but because these mailer daemon messages come from  
legit sources, they actually go through.

I get a ton of them on my personal account, and I just suck it up.  
They all go straight to my junk mail box, and once in a while I scan  
over them before their promotion to /dev/null. Since they come in  
batches, it is usually very easy to detect them for the human eye.  
But this might not be acceptible for other users. And it sucks that  
they clog up my mailer logs too.

On Apr 29, 2008, at 8:06 AM, Eric Benoit wrote:

> I'm having the same problem here.
> I'm using sendmail, procmail, spamassassin lemme no about the  
> procmail ninja ;)
>
> Christopher Hawkins wrote:
>> Me three. I use sendmail, though. I wonder if there isn't a way to  
>> use a
>> procmail recipe to call a script that greps the maillog for a  
>> matching
>> outbound email at some earlier point? And if it doesn't find a  
>> match, it
>> knows it can throw away the bogus undeliverable receipt? I'm not a  
>> procmail
>> ninja but if anyone else is, does this sound plausible? If no  
>> ninjas are
>> among us I will take a peek and see if something could be cobbled  
>> together.
>> Chris
>>
>>
>>> -----Original Message-----
>>> From: nflug-bounces at nflug.org [mailto:nflug-bounces at nflug.org] On  
>>> Behalf Of Richard Hubbard
>>> Sent: Monday, April 28, 2008 6:32 PM
>>> To: nflug at nflug.org
>>> Subject: Re: [nflug] Forged mail header bounces up exponentially
>>>
>>> I'll throw in a "me too" to this.  It's been rotating through the  
>>> users in my network. We're using Lotus Domino with Symantec (yes,  
>>> I know) Anti-Spam.  It seems that symantec hasn't figured out how  
>>> to scan these things yet.
>>>
>>> Anyone know if spamasassin can stop these things?
>>>
>>> Cyber Source wrote:
>>>
>>>> Hey Erek,
>>>>  Glad to hear I'm not the only one seeing this. Started
>>> seeing in like
>>>
>>>> 2 weeks ago. I had one client get like 1000 emails in one day,  
>>>> all bounces from email servers and the like. This is a very good  
>>>> reason why email admins should NOT allow this behavior, as it's  
>>>> now being used as a round about way to send spam. Fortunately this
>>> stopped for
>>>> that client and I've seen it for some others, including my own.
>>>> If anyone has a remedy, I'd love to hear it. Thanks, Peter
>>>>
>>
>> _______________________________________________
>> nflug mailing list
>> nflug at nflug.org
>> http://www.nflug.org/mailman/listinfo/nflug
>>
>
> _______________________________________________
> nflug mailing list
> nflug at nflug.org
> http://www.nflug.org/mailman/listinfo/nflug
>



More information about the nflug mailing list