On Fri, Sep 10, 2004 at 05:34:07PM +0000, Gerrit Pape wrote: > On Fri, Sep 10, 2004 at 09:49:27AM +0200, Adrian 'Dagurashibanipal' von Bidder wrote: > > Herre is what happens: A spammer uses my email address as the sender address > > in spam frequently. > > > So, I sometimes suddenly have 2000 new mails in my inbox :-( > > > So, that's my plea to everybody with big mail installations: make your > > frontend machines aware of what mail they are supposed to accept, so that > > you never need to bounce. (Ok, some cases will still bounce: disk full, > > procmail script errors etc., but these are a very small proportion.) And > > the other plea is, of course, get rid of qmail and other products which > > accept all mail by default. > > As far as my experience goes, pleas or complaints against other people > doesn't help much if you want to see something changed. Better help > yourself. > > I suggest to instruct your mail user agent to make use of the > (apparently almost forgotten) fact that the sender's addresses in the > envelope and in the header can be different. Most today's mail transfer > agents should support address extensions. > > If your address is used as envelope sender in unsolicited mail, it's > your public one. Use a non-public address as envelope sender of mail > you send, and simply change it in case it gets abused; only bouncers > should send mail to this address, and they usually do within two weeks. > Now you can configure your MTA to outright reject delivery notifications > solely based on the information in the envelope. > > $ mconnect a.mx.smarden.org > 220 smarden.org ESMTP > mail from:<> > 250 Sender accepted. > rcpt to:<[EMAIL PROTECTED]> > 553 This address cannot get bounces, either you are not bouncing to the envelope > sender, or the envelope of the mail you bounce is forged. > quit > 221 Good bye. > $ > > I'm doing this for about ten months now, and don't see most of the > unwanted delivery notifications, including delivery confirmation > requests for unsolicited mail with forged envelope.
Sorry to reopen such an old thread. I'd saved this mail for reference as I too get a lot of bounces for spam with forged mail headers. A fresh run of spam that some wanker has initiated in my name has made my inbox unbearable this last few days so I need to do something about it. Would it be possible for you, Gerrit, to expand a little on your setup? I currently use fetchmail to get my mail from a catchall mailbox at my ISP. Can I use the envelope sender trick in this case as I can't see an easy way to differentiate between bounces and normal email once the messages reach my box? Cheers John -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
