Hello all. In the last year, I have removed a user from
my server. However, I see ALOT of attempts by various machines to send mail to this defunct user. Yesterday
I counted 111 attempts! This user is gone and I really
would like to cleanup the mess . I am running spamassasin and sendmail-8.13.7. Anyone have an Idea on how to squelch this ? It's probably something stupid, it usually is

Hey rwilcher,

It could be 'spam by backscatter', try turning off bounce messages temporarily to see if it clears up

cheers

How to do this ? in the sendmail.mc file ?
in the client? I use thunderbird email client
on a windows box i know it's a bit disgusting
but this is what users like to use.

Sorry, I use postfix, I haven't subjected myself to sendmail other than configuring a smart host, sendmail anybody ?

...

I would suggest reading the headers on the messages that are trying
to be delivered. That will let you know what hosts have mail queued
up for this user.

Next, go to each of those machines and run mailq. That will tell you
what all messages are spooled for delivery. If you find a lot, you
may need to search through the cronjobs to see what is sending the
messages.

Sounds like a logical approach . However this stuff is
coming from machines across the internet. I don't
have accounts on these hosts. My suspicion is the
hosts are bots.

Yes, in that case we're talking about garden variety spam. As you
implied, there isn't anything you can do to prevent the delivery
attempts. However there are a few options about how you handle
them.

Personally I use ASSP to filter incoming email. It takes a little
time to learn and configure, but it's worth it. It will prevent
the delivery of email that is not wanted. And you can configure
it to accept and tag email that is deemed inappropriate.

I don't know a lot about spamassassin, but I'll bet that you could
identify the defunct user's email address as a spam word. That
would mean the email would be received and treated like spam.

You could also remove (or rename) the user's account. Most mail
systems are configured to not accept email for non-existant
accounts.

And I just re-read the original message. You wrote that this
user has already been removed. In that case ASSP or a combnation
of greylisting and blacklisting would be required to block incoming
connections.

Thanks for your reply. I will look into
ASSP and spamassasin blacklisting/graylisting
config. This is an annoying problem to be sure.
Also I will go through sendmail config/mc
setup . There ought to be a way to nip this at
the SMTP level other then using iptables to block
out the many hosts that are sending me this filth.
I had to do this to block a couple of hosts that
were sending me virus emails that windows
machines were pulling down from the pop server.
yacc I really don't care for Windows because of
this virus crap. Wife and kids like it though.

Yeah, I know what you mean about the Windows thing. A few months
ago I installed Linux on my last Windows box. It felt great. Now
I just have two virtual machines running Windows, one for work and
one for games.

You're right about nipping the spam problem at the smtp level. I
used to manually update the /etc/access file, but that takes a lot
of time. Since installing ASSP, I'd never go back.

You are making too much sense.
I am now checking if the perl I have installed
is equal to the job. Spamassasin isn't doing it
for me unfortunately, Thanks for the
insight, and my forehead thanks you