From owner-freebsd-questions@FreeBSD.ORG Thu Jun 16 19:07:06 2005 Return-Path: X-Original-To: freebsd-questions@freebsd.org Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 355E416A41C for ; Thu, 16 Jun 2005 19:07:06 +0000 (GMT) (envelope-from Allan_Ross@gov.nt.ca) Received: from igloo3.gov.nt.ca (igloo3.gov.nt.ca [216.108.160.30]) by mx1.FreeBSD.org (Postfix) with ESMTP id ADEB843D48 for ; Thu, 16 Jun 2005 19:07:05 +0000 (GMT) (envelope-from Allan_Ross@gov.nt.ca) Received: from igloo3.gov.nt.ca (igloo3.gov.nt.ca [127.0.0.1]) by localhost (Postfix) with ESMTP id 6AA868D018 for ; Thu, 16 Jun 2005 13:06:30 -0600 (MDT) Received: from minus41.gov.nt.ca (minus41.gov.nt.ca [216.108.100.10])by igloo3.gov.nt.ca (Postfix) with ESMTP id 4FCB28D00Afor ; Thu, 16 Jun 2005 13:06:30 -0600 (MDT) Received: from mailhub.gov.nt.ca (localhost.localdomain [127.0.0.1])by minus41.gov.nt.ca (8.11.6/8.11.6) with ESMTP id j5GJ73x09169for ; Thu, 16 Jun 2005 13:07:03 -0600 Received: from arctic42.gov.nt.ca (arctic42.gov.nt.ca [216.108.32.82])by mailhub.gov.nt.ca (8.11.6/8.11.6) with ESMTP id j5GJ73209161for ; Thu, 16 Jun 2005 13:07:03 -0600 Received: from localhost (root@localhost)by arctic42.gov.nt.ca (8.9.3 (PHNE_29773)/8.9.3) with ESMTP id NAA12225for ; Thu, 16 Jun 2005 13:07:02 -0600 (MDT) X-OpenMail-Hops: 1 Date: Thu, 16 Jun 2005 13:07:01 -0600 Message-Id: MIME-Version: 1.0 From: Allan_Ross@gov.nt.ca To: freebsd-questions@freebsd.org Content-Type: text/plain; charset=US-ASCII Content-Disposition: inline; filename=BDY.TXT; Creation-Date="Thu, 16 Jun 2005 13:07:01 -0600" Content-Transfer-Encoding: 7bit X-imss-version: 2.025 X-imss-result: Passed X-imss-approveListMatch: *@gov.nt.ca Subject: Spam sender using domain name as spoofed source X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 16 Jun 2005 19:07:06 -0000 I have a FreeBSD machine that I set up, mostly to learn more about the ins and outs of *nix based servers. As such I run sendmail on it and Apache to host a small web site. I registered a domain name as well. Things have gone fairly smoothly and without incident until recently. The server is suddenly receiving thousands of email a day, from postmasters! It appears that some spam lord has decided that my domain would bea good one for spoofing as the sender address of his garbage. Every one of his spam messages that generates an error message (user does not exist, mailbox full, spam blocking programs, etc) sends the reply to MY SERVER. Now this would normally not be a big deal as I could simply filter for this stuff and toss it to /dev/null as it comes in, but I am on a broadband connection with a 10GB monthly limit and this traffic added onto my regular monthly traffic, is pushing me well over the 10GB mark and it is costing me money. For now, I have shut down sendmail externally just to stem the flow, but is there a solution for this? How can I prevent the delivery of these messages so that I don't get a traffic at all? Or am I pretty much stuck with either tossing my domain name or shutting down mail services? Any help or guidance appreciated!