From owner-freebsd-questions@FreeBSD.ORG Mon Jun 23 07:48:40 2003 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id EFAD737B437 for ; Mon, 23 Jun 2003 07:48:40 -0700 (PDT) Received: from lariat.org (lariat.org [63.229.157.2]) by mx1.FreeBSD.org (Postfix) with ESMTP id EE3AD43F93 for ; Mon, 23 Jun 2003 07:48:39 -0700 (PDT) (envelope-from brett@lariat.org) Received: from mustang.lariat.org (IDENT:ppp1000.lariat.org@lariat.org [63.229.157.2]) by lariat.org (8.9.3/8.9.3) with ESMTP id IAA14168 for ; Mon, 23 Jun 2003 08:48:35 -0600 (MDT) X-message-flag: Warning! Use of Microsoft Outlook renders your system susceptible to Internet worms. Message-Id: <4.3.2.7.2.20030623083909.02be3c50@localhost> X-Sender: brett@localhost X-Mailer: QUALCOMM Windows Eudora Version 4.3.2 Date: Mon, 23 Jun 2003 08:48:31 -0600 To: questions@freebsd.org From: Brett Glass Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii"; format=flowed Subject: Eliminating "noise" from secondary MX X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 23 Jun 2003 14:48:41 -0000 We have a FreeBSD machine, running Sendmail, that's set up as a secondary MX for several domains. Lately, as the tide of spam continues to increase, this machine is sending large volumes of messages to "Postmaster", and this is interfering with normal monitoring of the server. Here's more detail. A spammer sends to a nonexistent address in a domain for which the host is a secondary mail exchanger. Many spammers' software is actually set up to use secondary mail exchangers rather than primaries, because they're less likely to have effective antispam software running. (Even if they use public blacklists, they rarely use a blacklist or whitelist provided by the domain for which they're a secondary.) The secondary mail exchanger tries to send the message on to its destination, but the mail is bounced by the primary mail host (either as spam or because it has been sent to an invalid address). So, the secondary dutifully tries to notify the sender that the message didn't get through. Of course, the "From:" and "Reply-to:" headers of the spam contain either a completely bogus address or one that has quickly been shut down due to spamming. So, the host, not knowing what else to do, sends a notice to Postmaster, saying that the notice to the sender could not be delivered. What's the easiest way to suppress this resource-consuming, mailbox clogging chain reaction? --Brett Glass