The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

how to prevent mail manage que from filling up with spoofed bounces?

Discussion in 'E-mail Discussions' started by joehark, Jul 6, 2009.

  1. joehark

    joehark Member

    Sep 22, 2004
    Likes Received:
    Trophy Points:
    The mail manager on my HostGator server is being drowned in bounce back spam that claims to be coming from certain domains on the server. The outgoing address are spoofed versions of domains on the server. Even my own email address is is being spoofed.

    Is there anything I can do in Exim Config to stop these bounce backs from filling up my mail que?

    Also, I'm concerned about the negative effect these spoofed addresses will have on the spam reputation of the domains. How can they be protected?
  2. Spiral

    Spiral BANNED

    Jun 24, 2005
    Likes Received:
    Trophy Points:
    There is nothing you can do about spammers sending out mail with
    false headers showing addresses from your domain and in fact,
    it is the "bounce back" they typically use to get servers to forward
    spam back from non-existent addresses.

    With that said ...

    I would say update your DNS zones and templates to create SPF records
    for all domains on your server so that any mail server receiving mail
    from anywhere claiming to be from one of your domains can quickly
    identify if the sending server is a legitimate server you authorize
    to be sending mail for your domain or some bogus spammer with
    a false header sent from a non-authorized server. Domains with
    proper SPF records generally don't get anywhere near as much
    bounced back bogus mail as the vast majority of mail servers
    operating these days do at least check SPF records.

    The second thing I would do is set the wildcard address for all
    domains to ":fail:" and only setup those addresses you actually
    legitimately use. This way, you won't get spammed with every
    dictionary name in the book with hundreds of messages for
    accounts that don't even exist on your domain.

    Third, configure your own server to drop non-verified mail
    connections. Performing your own SPF check, using either
    passive or active verification callouts to check to make
    sure senders are legitimate and sending where they are
    supposed to be sending from, and checking sending sending
    IPs against GOOD RBL databases such as SpamCop
    will help drastically reduce the amount of bogus mail as well.

    If you are a little more technically inclined, you can also go
    much deeper and add custom ACL configurations to further
    protect you from masquerading, dictionary broadcasts, rules
    checking, and other measures to much further limit spam.

    Properly configured though, your mail server really shouldn't
    see any bogus bounced back messages whatsoever.

    (Does that mean that spammers won't try to use your domain? --
    not at all! It does mean that all the other mail servers will know
    when spammers try, probably won't accept mail from them either, and
    won't send you, the innocent 3rd party, all the bounce back messages ;) )

Share This Page