Category: 
April 17, 2007Bloody spammers! I really, really, loath spammers. Today I noticed an unusually high amount of rejection, 550, codes in my mailserver logs (I reject all e-mail at MTA level if the mailbox is invalid, all ‘valid’ mail then gets passed through MailScanner)
Apr 17 11:17:29 localhost postfix/smtpd[10268]: NOQUEUE: reject: RCPT from vmail01.ic.net[152.160.12.234]: 550 5.1.1 powcjbuckleydeq @mydomain.net: Recipient address rejected: User unknown in virtual mailbox table; from=powcjbuckleydeq powcjbuckleydeq
So, after many many hours of seeing these, I created an alias for this address, intrigued as to what the e-mail would contain. To my anger, it was a failure notice from a spam e-mail that has been globally sent - from my domain name! Here’s just one of the failure notices:
Your message to: REMOVED@priorlake-savage.k12.mn.REMOVED
was blocked by our Spam Firewall. The email you sent with the following subject has NOT BEEN DELIVERED:Subject: Stop the painful craving for more food
Reporting-MTA: dns; barracuda.priorlake-savage.k12.mn.REMOVED
Received-From-MTA: smtp; barracuda.priorlake-savage.k12.mn.REMOVED ([127.0.0.1])
Arrival-Date: Tue, 17 Apr 2007 15:58:41 -0500 (CDT)
Here’s an MRTG graph for today showing the spam flooding back to my domain name..
So, if anyone is coming to this blog please be assured these mails did not originate from my mailservers. I’m now going to delete the alias from which the spam originated and count down the remaining 4 days until the MTAs give up attempting to send me bounces.
Sorry, no comments yet.