RE: [cobalt-users] Trash mails to nonexistent users?

["Dan Kriwitsky" <list3@xxxxxxxxxxxxxxxxxxxx>]

> The mail is being accepted for delivery as if it were a valid 
> user.  In other words, the server thinks this came from a 
> valid user and therefore tries to send on the mail (relay).  
> We see this with customers that have a static or semi-static 
> IP address, mainly businesses with large internal networks.  
> A valid user authenticates through the server creating a 
> valid IP for realying (popauth).  Then, anyone from that IP 
> can send for however wide the POPAuth window is set for.  
> Usually the customer has a virus or hacked computer that is 
> acting as a SPAMbot.
> 
> Unfortunately, because they trash the header and it all comes 
> from the same IP, it's hard to track down where it originated from.
> 
> The mail is destined for a non-existant domain.  It sits on 
> the server as the server tries to send and re-send the same 
> junk email over and over. Worse yet is when it is a valid 
> domain name and the "reply to" is someone on your server.  
> Then that person receives all the responses, bounces and 
> angry replies.

If this is a RaQ4 you could look in /var/spool/mqueue for q1 - q4 and do
an ls and then remove the offending meesages from the queue by their ID
number. rm /var/spool/mqueue/q*/xxxxxxx q* being the number and xxxxxxx
being the ID number you find in the ls.

A lot of the bounce messages your customers are seeing would be coming
from virus email that has forged your customer email address. Not much
you can do about that unless you use Procmail or check subjects in
Sendmail to block some of the "Your system sent a virus" messages.

If you have an infected user connecting to your SMTP that would be
another problem you need to address and block that user until they are
clean.
-- 
C2003 Dan Kriwitsky

Please reply to the list only. Off list replies are not read.