Hi folks,
I got a shock when I browsed the mail logs today: huge amounts of mails
are landing on my machine to users which don't exist (usernames
composed of random letters). These mails are mainly "user doesn't
exist" messages, and they are landing on my machine because the
REPLY-TO and FROM addresses have been set to my domain.
This is causing an large increase in traffic, which I have to pay for :-(
Having a default user for the domain collects these mails, and not
having a default user responds with a bounce, and a log entry:
"discarding triple bounce". Which uses more bandwidth ??
I could delete the MX entry, but then legitimate users wouldn't get
any mails.
I've looked in the archives, but there is only a mention of adding the
domain to "badrcptto". Which doesn't help my legitimate users.
This could go on for ever - has anyone any ideas what I can do?
Are there any free services which would accept being entered as a
MX and which would filter out the sh*t and forward the rest?
There doesn't seem to be anything in the mails which would point
towards the ISP of the spammer: "smtpav", "MailClients",
"Mailserver" and "Mailhub" are all very vague, as can be seen here in
the header of the original SPAM mail (which couldn't be delivered):
Received: from dfw-smtpin3.email.verio.net ([129.250.38.53]) by
dfw-spool2.email.verio.net (Netscape Messaging Server 4.15) with
ESMTP id GEVPA001.JT4 for <[EMAIL PROTECTED]>; Wed, 13 Jun 2001
17:15:36 +0000
Received: from [200.205.108.34] (helo=eddie.int.acaosp.com) by
dfw-smtpin3.email.verio.net with smtp id 15AEEv-0006yS-00 for [EMAIL PROTECTED]; Wed,
13 Jun 2001 17:15:34 +0000
Received: from Mailhub by eddie.int.acaosp.com id AA25878; Mon, 17 Jan 1994 02:41:15
-0300
Received: from MailClients by Mailserver id NAA124008; Wed, 13 Jun 2001 13:23:51 -0200
Received: FROM 192.168.1.8 BY smtpav ; Wed Jun 13 03:09:36 2001 -0300
HELP!
Best regards,
Barry
