Anybody have ideas on how to use the mail filters or other tools to defeat the sleaze spammers who use your recipient address as the from address so that when your filters catch and bounce it the darn thing bounces back to you - after - perhaps - timing out?

There is a ton of this garbage I'm seeing these days! :mad:

I'd love to stop it at "helo"!

Thanks!

Wow, the silence is deafening.

:(

Since no one else is jumping in to help, here is what we did when dealing with our forged address bounces (Joe Jobs).

I don't have any real specifics for you, but may be able to give some starting points.

Several years ago We were periodically hit with hundreds of Joe Job bounces each day along with thousands of spams each day. Spam Assassin just didn't do the job, blacklists were too tedious and usually were done "after the fact", Failing abuse@ and postmaster@ helped, but we didn't want that to be a permanent solution.

Finally We installed Mailscanner, RBL set up in EXIM (I think this made a big difference in the bounces and occurs before processing) , made sure each mail account had an SPF record, Fed the Baysian learner regularly for a couple months, set the Sweep account to :Fail:
Incoming e-mail traffic went from 15,000 per day to 2000 per day. All BEFORE it gets to Mailscanner. After mailscanner about 800 get delivered.

Downside - The Mailscanner, Clam-Av, Mailwatch, Spam Assassin combo uses lots of Memory. We were able to do some tweaking in Mailscanner and Calm-av configuration that gets it down some. We are running 704k and it does fine.

Hope some of this may help you, it did it for us in a big way.

Charlie

Thank you for the helpful post Charlie!

If anyone ever figures out how to completely defeat spammers, please do let me know! SPAM really bothers me!

According to Symantec, 90% of all email they scan is SPAM.

I'm hoping that the mail RFCs will someday be rewritten/revised to make spamming harder, and to make email more secure (something like TLS required by default and plaintext transmission of email becoming non-compliant). I don't plan on that happening, but a man can dream right?

-David Pape

Charlie,

Thanks for your reply - I sincerely appreciate it.

I'm afraid my issue is not the classic joe job -> where our address is used as a from to send spam to others.

In this case it is spam sent to us and the reply to our very same account.

Thus when we catch and bounce using the techniques you listed it goes into the mail que until it times out and fails back to - yes - our legit box. Sigh.

So many ways spammers make life miserable for us.
Make sure your RBL is turned on in Exim. I hesitated for a long time, but NO legitimate mail has ever been blocked.

IF the spammers IP is listed in an RBL nothing bounces. It never makes it to processing.

If they are not in an RBL then we wait for antispam technology to catch up, again.

Good luck,