how to prevent mail manage que from filling up with spoofed bounces?

[joehark]

The mail manager on my HostGator server is being drowned in bounce back spam that claims to be coming from certain domains on the server. The outgoing address are spoofed versions of domains on the server. Even my own email address is is being spoofed.

Is there anything I can do in Exim Config to stop these bounce backs from filling up my mail que?


Also, I'm concerned about the negative effect these spoofed addresses will have on the spam reputation of the domains. How can they be protected?

[Spiral]

There is nothing you can do about spammers sending out mail with
false headers showing addresses from your domain and in fact,
it is the "bounce back" they typically use to get servers to forward
spam back from non-existent addresses.

With that said ...

I would say update your DNS zones and templates to create SPF records
for all domains on your server so that any mail server receiving mail
from anywhere claiming to be from one of your domains can quickly
identify if the sending server is a legitimate server you authorize
to be sending mail for your domain or some bogus spammer with
a false header sent from a non-authorized server. Domains with
proper SPF records generally don't get anywhere near as much
bounced back bogus mail as the vast majority of mail servers
operating these days do at least check SPF records.

The second thing I would do is set the wildcard address for all
domains to ":fail:" and only setup those addresses you actually
legitimately use. This way, you won't get spammed with every
dictionary name in the book with hundreds of messages for
accounts that don't even exist on your domain.

Third, configure your own server to drop non-verified mail
connections. Performing your own SPF check, using either
passive or active verification callouts to check to make
sure senders are legitimate and sending where they are
supposed to be sending from, and checking sending sending
IPs against GOOD RBL databases such as SpamCop
will help drastically reduce the amount of bogus mail as well.

If you are a little more technically inclined, you can also go
much deeper and add custom ACL configurations to further
protect you from masquerading, dictionary broadcasts, rules
checking, and other measures to much further limit spam.

Properly configured though, your mail server really shouldn't
see any bogus bounced back messages whatsoever.

(Does that mean that spammers won't try to use your domain? --
not at all! It does mean that all the other mail servers will know
when spammers try, probably won't accept mail from them either, and
won't send you, the innocent 3rd party, all the bounce back messages )