Spammmer

[Codeguy]

I had a problem with a spammer using an over quota email account to bounce back spam to other users. I blocked this specific spammer by setting the account to :fail: and blocking his IP address but I expect that this can and will happen again.

I am going to ban all use of catch-all addresses on our servers but that doesn't stop someone from using another full email account to bounce back spam. It just makes them harder to find.

Here's a suggestion on how to reject mail for users over quota instead of bouncing it. Has anyone tried this?

http://www.timj.co.uk/linux/rcpt-time-quota-maildir.php

Does cpanel create a list of users over quota that I could scan for this purpose?

Thanks.

 

[RandyO]

I had a problem with a spammer using an over quota email account to bounce back spam to other users..

Huh? not making any sense to me... perhaps someone could explain?

 

[Codeguy]

A spammer from russia was using a mailbox that was over quota to send spam. My server bounces messages when the user is over quota so he was using that bounce to send his spam to others by using forged email headers. When my server bounces them, the messages get sent to the forged address instead of the real sender. It's called backscatter. Viruses do this a lot because tons of antivirus software will just bounce viruses instead of dropping them.