On Mon, Sep 10, 2007 at 12:05:12PM +0200, Brian Foster wrote:
> since sometime last night some twit is sending out
> enormous quantities of spam with e-mail “From:” address
> that refer to my (main!) e-inbox. some of this spam
> bounces, with the end result I've currently being
> flooded with bogus e-mailing errors (multiple hundreds
> of the fscking things, probably approaching c.1000 of
> them now!). I believe this is known as “backscatter”.
> and in addition to such e-mail,
> (4) what else should I do?
I'm not sure theres much you can do, what I do when this happens (and
its regular enough) is to look for a distinguishing property of the
bounced mail and reject (5xx) on that.
For example, the most recent time this happened to me, all the mail was
forged with a subdomain I never use to send mail, so adding this to
exims recipient acl rejected the bounces with a message:
deny domains = sub.domain.com
message = I didnt send this mail to you please fix your
Of course I was lucky it was so easy to pick them out, other times its
not so easy, or (and I'm guessing this is what your situation is) you
dont have control over the mailserver, you just pull the mail down via
pop or some such - in which case, none of the above is useful.
I'm not sure who you would complain to in your case, the people hosting
the compromised machines sending the spam, or the clueless admins who
send mail back to forged From: addresses.
Maintained by the ILUG website team. The aim of Linux.ie is to
support and help commercial and private users of Linux in Ireland. You can
display ILUG news in your own webpages, read backend
information to find out how. Networking services kindly provided by HEAnet, server kindly donated by
Dell. Linux is a trademark of Linus Torvalds,
used with permission. No penguins were harmed in the production or maintenance
of this highly praised website. Looking for the
Indian Linux Users' Group? Try here. If you've read all this and aren't a lawyer: you should be!