[thelist] Failure messages spam

Tue Aug 21 03:11:14 CDT 2007

*On Tue, Aug 21, 2007 at 11:16:00AM +0100 John Allsopp <john at johnallsopp.co.uk> wrote:

> I've got an inbox full of 'undelivered' messages, and a client has too, 
> and I just advised him that a) it will pass, and b) he hasn't been virus 
> infected, and c) not to get too wound up, it's like buying petrol, 
> no-one wants to do it (clear out your in-tray every morning) but you 
> just have to.
> 
I've spent quite a bit of time working on this one.  Some things that
have helped.

	- SPF @ DNS level
	- Set mail server to drop unqualified domains, and anything not from a
	  fully qualified domain name.
	- Configure mail server to drop anything destined to users not on
	  the system.
	- Create white-lists for use with you MTA, I use procmail
	- Configure your mail server to use RBL - Black Lists
	- Lose any catch-all email addresses you've set up

	Lastly, check your server.  Our webserver was compromised once and
it was being used to send out phishing attacks.  It was easy enough to
diable but the damage had occured.  Mail servers were rejecting our
mail, and I had an inbox full of mail being returned to a system
account.
	
	My first approach was to filter it on the client side.  I sent these
to a rejected-mail folder.  Then I decided that the number of these were
too great to allow to continue.  It caused a lot of work on the server
as well as the bandwidth it consumed.  Once I understood the changes,
they were not hard to implement.  I do still have the filter set up
locally.  I would really spend some time on the server, watch the mail
logs, and figure out a way to deal with it there.  HTH.

-- 
Jon Molesa
rjmolesa at consoltec.net
if you're bored or curious
http://rjmolesa.com