[BUGS] incoming mail since about begining of april

Tue Apr 8 15:58:59 EST 2008

Andrew Reilly wrote:
> Hi Jonathan,
>
> On Tue, Apr 08, 2008 at 03:03:26PM +1000, jonathan michaels wrote:
>   
>> i have noticed an increase of incoming "spam" reports, stuff
>> addressed to mailer-deamon, postmaster etc, etc, a whole lot of
>> similar type 'admin' addresses.
>>
>> it is like somebody turned on a mains faucet, many, many, hundreds
>> per day .. grrr.
>>
>> is anybody else seeing something like this ?? it started as a
>> small trickle on teh 1st april and by teh 3rd/4th it was
>> flooding in.
>>     
>
> Yep, me too.  My spam has bumped up to about 10000/day, and most
> annoyingly, about five or six an hour are getting past my spam
> filter and into my inbox.
>
> Most of it that I'm seeing seems to be bounce messages from
> badly configured (even though it would have been "correctly
> configured" ten years ago) MTAs, to spam messages with one of my
> e-mail addresses as the forged sender and/or From address.
>
> It's very annoying.  In the past, this sort of thing just went
> away by itself after a while, but it doesn't seem to be slowing
> down this time.
>
>   
>> it looks like i'm going to have to find a decent bit of
>> hardware that is freebsd v7 compliant and enough grunt to run
>> some sort of a spam trap/stutering/rfc-2??? to stop this from
>> getting here at all.
>>     
>
> Your current mail system isn't up to it?
>
>   
>> comments/ideas/pointers appreciated.
>>     
>
> I'm open to suggestions myself, but I don't fancy changing my
> mail addresses and domain names just to get off someone's spam
> list.  That's not a long-term solution.
>
> Cheers,
>
>   
My two cents,

While I've not yet experienced this storm on my own mail server, the 
server at work copped a wash of it and is only just beginning to settle 
down again.

On the rare occasion I do receive such E-mail on my own server they 
rarely manage to get through my filter. I will check when I next receive 
some regarding which filtering rules/techniques are preventing them. In 
the interest of helping is there a method by which a 
mailer-daemon/failure message can be cross checked to sent E-mails? The 
biggest complication with this is that an E-mail can be sent via any 
server(s) and (most often) the POP3 server for the sending address is 
*not* the SMTP server for the same as SMTP is generally configured as 
the user's ISP.

As a temporary measure, blocking all failure-like E-mails would prevent 
the 1000+ messages you unfortunate souls are receiving, but is hardly 
practical long term.

SPF needs to be configured on *all* servers involved in the transmission 
and so isn't really an option in your case either.

I guess I don't really have much to suggest until I can provide 
information on why such E-mails are blocked at my filter, yet the 
legitimate bounces still flow in.

Reading back over the original message, perhaps you're not referring to 
bounce-back notifications, rather false reports sent to theoretical 
Admin personnel - a type of Spam I've not yet experienced.

Kind Regards,

Sh4d03