> > > 2) can qmail reject email based on "Received: " envelope?
> > > I want it not to bounce a message back,
> > > if there is the bad.host.com listed in the Received line.
> >
> > You can only purge them automaticly, I'm not sure that's to smart. The
> > best is to reject based on envelope sender or recipient, that way you
> > can tell the "offening" server that you rejected the message. (This is
> > done throug the files control/badmailfrom and control/badrcptto.)
>
> badmailfrom doesn't help as all the incoming messages are
> bounces, MAIL FROM:<>
>
> badrcptto might help, together with some heurestics. (There were
> way-too-many forms of [EMAIL PROTECTED]) goodrcptto might
> help better :-)
Badrcptto does not look at the 'Received:' lines, does it?
A good solution might be to patch qmail so that it will not bounce a
message back if it sees a suspicious 'Received:' line in the header. What
is the best way to do this?
>
> I just changed my ~alias/.qmail-default to
> |fastforward -d /etc/aliases.cdb; exit 0
> to keep my mailbox clean (and my old harddisk from suffering,
> queue from growing, and the load never was more than 4.55 :-) -
> most of the load coming (probably) from SYN cookies).
This is simple and efficient. Thanks!
> > BTW: would it be possible to see one COMPLETE
> > bounce message you are having trouble with.
>
> I have stored about five thousand of them. The basic pattern is
> simple: Some faked Received line, then someone at
> saturn.bbn.com (a DSL? dial-up?), then some open relay in .cn, .jp
> or .kr domains (I have seen quite a few of them) and then the
> recipient, bouncing the message back. I can post one of the
> messages, but which one? Don't want to be unfair to the remaining
> open relays :-)
Yes, this is the same guy. All emails' source looks like
PPPa14-ResaleKansasCity1-4R7102.saturn.bbn.com
> A few people suggested to sue the spammer for misusing
> antek.cz's name. Can anyone suggest how? I am not US-based
> and our company is not US-based. Is it a crime to fake the return
> address (meaning I can mail my evidence to the authorities) or am I
> on my own to sue the spammer? If the latter, I can see no chance
> of that happening...
Usually you would contact people responsible for the domain
saturn.bbn.com. No responses so far.
Petr
