Your observation is correct, the text I pasted is an incoming message. The
point is, the only reason it bounced and is being sent back to the user (and
me, the postmaster) is because the address got messed up with control
characters. There are probably many others with correct addresses going out
through my system.
I *do* want to receive these bounce messages. But I want to find a way to
stop the culprit from sending all this junk through my system. To me it
looks like the "from" address that shows in the outgoing messages is
[EMAIL PROTECTED], how can I block messages with this originating address
(or subject line) from going through the system?
Thanks,
Brian
> -----Original Message-----
> From: Harald Hanche-Olsen [mailto:[EMAIL PROTECTED]]
> Sent: Saturday, January 06, 2001 5:42 PM
> To: [EMAIL PROTECTED]
> Subject: Re: spam filter
>
>
> + "Brian Longwe" <[EMAIL PROTECTED]>:
>
> | Hi,
> |
> | I want to filter out messages with the following header from being
> | sent out by a user on my system:
> | ---------------------------------------------
> | Hi. This is the qmail-send program at relay.ispkenya.com.
> | I tried to deliver a bounce message to this address, but the
> bounce bounced!
> |
> | <[EMAIL PROTECTED]</=>:
> | Sorry, I couldn't find any host named compuserve.com</=. (#5.1.2)
> |
> | --- Below this line is the original bounce.
> [ ...]
> | ---------------------------------------------
> |
> | I have tried putting some portions of the above in the
> badmailfrom control
> | file to no avail. Any tips?
>
> That doesn't work because not only is the above text not in the header
> - it is in the body of the incoming message - but the badmailfrom file
> only controls messages based on the envelope from, which is not even
> in the header, it's outside the message itself. (Read the
> envelopes(5) man page to see what I mean.)
>
> In this case, the message is a doublebounce, so the envelope sender
> will be <#@[]> (it will be in the Return-Path header field after the
> message is finally delivered).
>
> Here is what you can do:
>
> # cat > /var/qmail/alias/.qmail-doublebounce << 'EOT'
> |if grep '[EMAIL PROTECTED]'; then exit 99; else exit 0; fi
> &postmaster
> EOT
> # echo doublebounce > /var/qmail/control/doublebounceto
>
> Then restart qmail.
>
> To understand what this all means, read the dot-qmail, qmail-command
> and qmail-send manual pages. Read them before you do anything; the
> above advice is just off the top of my head and untested, and you
> should understand the solution and its consequences yourself before
> implementing it.
>
> - Harald
>
