From owner-freebsd-questions@FreeBSD.ORG Wed May 28 22:58:05 2003 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 638BD37B401 for ; Wed, 28 May 2003 22:58:05 -0700 (PDT) Received: from out006.verizon.net (out006pub.verizon.net [206.46.170.106]) by mx1.FreeBSD.org (Postfix) with ESMTP id 626A743FA3 for ; Wed, 28 May 2003 22:58:04 -0700 (PDT) (envelope-from cswiger@mac.com) Received: from mac.com ([129.44.60.214]) by out006.verizon.net (InterMail vM.5.01.05.33 201-253-122-126-133-20030313) with ESMTP id <20030529055803.ZCYT25800.out006.verizon.net@mac.com>; Thu, 29 May 2003 00:58:03 -0500 Message-ID: <3ED5A16D.8050909@mac.com> Date: Thu, 29 May 2003 01:58:05 -0400 From: Chuck Swiger Organization: The Courts of Chaos User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.4b) Gecko/20030507 X-Accept-Language: en-us, en MIME-Version: 1.0 To: Kirk Strauser References: <87el2ixt2v.fsf@pooh.honeypot.net> In-Reply-To: <87el2ixt2v.fsf@pooh.honeypot.net> X-Enigmail-Version: 0.75.0.0 X-Enigmail-Supports: pgp-inline, pgp-mime Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit X-Authentication-Info: Submitted using SMTP AUTH at out006.verizon.net from [129.44.60.214] at Thu, 29 May 2003 00:58:03 -0500 cc: freebsd-questions@freebsd.org Subject: Re: Spammers forged my address - help unbury me from bounces? X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 29 May 2003 05:58:05 -0000 Kirk Strauser wrote: > Some jackass(es) sent a bunch of spam with forged From: headers referring to > non-existent accounts on one of my domains. Consequently, I've been getting > about 20,000 bounce messages per day to Erin@honeypot.net, > Michelle@honeypot.net, etc. What's a good way to handle these? Don't accept the messages in the first place; that way, your machines won't have responsibility for trying to bounce the messages later on. [ ... ] > if ($user == 'Erin' or $user == 'Michelle') > { > send 550 to remote server > do nothing else at all > } You don't mention which mail server you are using, but if you haven't changed the default FreeBSD MTA, add something like: erin@honeypot.net 550 I don't want this mail! michelle@honeypot.net 550 I don't want this mail! ...to /etc/mail/access and do a "make" in /etc/mail. [ ...slightly disordered, but hey... ] > If I don't set up any aliases for those users, then I get bounce messages > from my own mailserver telling me that it couldn't deliver the original > bounce messages to the fake usernames. You could also add something like this to your .mc file: define(`confDOUBLE_BOUNCE_ADDRESS', `nobody')dnl ...to suppress the double-bounce mail being generated. -Chuck