> I am receiving many log entries in /var/log/maillog that indicate it has
> been sent from admin@localhost to addresses at AOL. (I am admin and am not
> sending email from the localhost!) Just to be returned to admin mail box
as
> no user found. The admin email on the RaQ3 is filling at a phenominal
rate.
> Any clues who/how to stop this? I did reject all aol for the time being
but
> sendmail is continuously being started from an aol email server...
> Here is an entry from the log....
>
<SNIP>
I had a situation on a site this past winter where, for reasons unknown to
me, one or more spammers used non-existent addresses at a domain I managed
as the <FROM> on their mass mailings. While not exploiting/compromising my
system, it created a HUGE amount of mail. At first there was a defined
catch-all so that account was getting 20k messages/day. Once that was
deleted, there was still a traffic penalty with all the garbage trying to
come back. Since the messages were bounce messages, they came from mail
servers all over, not the spammers! I inspected messages and notified
admins where I could trace the original message back via the headers, as
well as contacting the companies in the content of the messages (who
generally hire someone to do their dirty work) and provided the
response-code embedded in the links to give credit to the spammer for a
successful hit. After about a week, they moved on...maybe snuffed, maybe
satisfied with the havoc they had caused, maybe just moved on before I began
a crusade...AFAIK there is no way to stop this type of mischief. Piping to
/dev/null still takes a bandwidth penalty on your site...
________________________________