how to stop bounced spam to non-existant users

[matt621]

What happens is that several of our customers have changed their email addresses due to their primary one being overwhelmed by spam.

But the spam just keeps coming.

And when it does not find an account on our clients domain, it bounced to our mail queue, which fills up very fast.

they are from spammer, to "X-Failed-Recipients:"

They are usually to either

[email protected] or [email protected]

we also have some sent to [email protected]

how do we get rid of this junk?

Also, spam assissinator files up the mail queue. For some reason, mail that it identifies as spam doens't make it to the user.. that's great, but instead it goes to the mail queue. how do we just get rid of them?

Thanks.

 

[dadman]

":blackhole:"

Use WHM to set any mail to an unknown recipiant to :blackhole: and it's deleted.

Andy

 

[matt621]

I already have nobody and mailman set to :blackhole:

These are not those types of emails. They are emails that bounced due to users not setting up an account. They are going to [email protected] or [email protected]

 

[icanectc]

if you set the email address with @domain.com to :blackhole:
then all email at :blackholeyourdomain.com that does not have a POP3 email account will be removed.

example spam email sent to mailbox [email protected]
if @domain.com has a blackhole setup and blah does not exist it will not sit in the mail list it will be removed.

Basically its your EU's. They have to setup there default email as :blackhole:

if they dont do that they will cont to get spam thats sent to false email addresses on there domain.

example 2

if blackhole is setup and setup correctly and your getting spam from a valid email address (one that actually exists)

you can have cPanel block out whole headers.

just goto Mail Manager then to Block Email address then goto Add Filter.

and you can block out headers of these spam messages.

Hope this info helps.

 

[matt621]

Sorry, but it doesn't help.

This sever is known as server.ourdomain.com (this is our 3rd server)

but the site ourdomain.com is on another server. (our 2nd server.)

The problem is there is no account "server.ourdomain.com" to set default addresses for.

 

[dadman]

It Still has Exim runnibg!

Set the emails to blackhole and it should remove them anyway. If not, block the IP they are coming from or filter it with Exim.

Andy

 

[matt621]

blocking IPs is impossible. there are thousands of them.

"Filtering?" Like what. Like how?


I appreciate the help, but none of these answers go the root of the problem.

 

[dadman]

A few options on filters!

Set up Spamassisin with WHM and enable it via Cpanel for the domains. Client side will need to config their mail client to filter the messages with the spamassisin headers.

You can edit some of the operations directly in Exim, a little trickeir, but very effective, see www.exim.org for more info.

You said most of the email had similar delivery addresses, client side configs for those will effectively filter the spam as well.

I hope this helps.

My guess is that you are missing something in the setup for the blackhole directive or you wouldn't be having the problem!

Andy