At 09:28 AM 1/9/2005 -0500, Chris Drake <christopher(_at_)pobox(_dot_)com>
wrote:
Hi All,
I'm just wondering if it's a hacker targeting me, or a virus hitting
everyone - someone's using "broken" MTAs to "bounce" millions of
emails at all my servers for the last month or so.
****************** REPLY SEPARATER ******************
See previous thread [spf-discuss] Mailserver Question. The MTA's are not
really broken. They are simply using background processing to attempt to
return detected spam; a process that I abhor because it punishes innocent
victims such as ourselves. If they were using SPF, they would reject it
before DATA and would not have to resort to background processing.
I eventually resorted to simply collecting the garbage in a different
account. Because the forged address was using our FQDN, I could not refuse
the connection without creating a "Loops Back to Me" error. Since our
server is using it's own independent DNS, I simply removed the "A" record
for the non-existent FQDN domain. Now the bounces are being received as if
they belonged to a sub-domain without creating the error. I get the
"unable-to-deliver" notice, but I simply created a new double bounce
address to collect them.
I just wish I could find a way to inform the offending servers that their
bounces are not appreciated.
J.A. Coutts