LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Security (http://www.linuxquestions.org/questions/linux-security-4/)
-   -   99% Rejected mail (http://www.linuxquestions.org/questions/linux-security-4/99-rejected-mail-404278/)

sulee 01-16-2006 10:57 PM

99% Rejected mail
 
Hi all,

first of all - have a pleasant day!

running slackware 10.1, postfix, courier-imap
virtual hosting - hosting 7 domains

Now, the trouble:
I have maillogs rotating daily.
They are approx. 20MB per day.

It's one domain receiving loads of mails (which are rejected!) - but put a lot of load on the postfix mail server. Therefor, this is not about spam - it's about madness ;-) The email address look like this:

267_lihjiuan@xxxxx.com
267_lschennechart@xxxxx.com
267_mbreccia@xxxxx.com
267_mysticks1@xxxxx.com
267_ogataku@xxxxx.com
267_robinba@xxxxx.com
267offdwall@xxxxx.com
267rsct@xxxxx.com
267shirui@xxxxx.com
267shotgun66@xxxxx.com
267sivika@xxxxx.com
26_logirl@xxxxx.com
26_maxmara@xxxxx.com
26_mjkadel@xxxxx.com
26_not_interested@xxxxx.com
26_raymonddanner@xxxxx.com
26_rbijklrb-jaz@xxxxx.com
26_rdka@xxxxx.com
26_rutorres@xxxxx.com
shoeboy722@xxxxx.com
shoeboy_288@xxxxx.com
shoklo_282@xxxxx.com
shooter7357@xxxxx.com
shorei18_117@xxxxx.com
short_stuff_4679@xxxxx.com
short_y719@xxxxx.com
shortie1982376@xxxxx.com
shortie1982_636@xxxxx.com
231.shortyharris@xxxxx.com
showcasebooks_294@xxxxx.com
showcasebooks_594@xxxxx.com
shsclassof48_327@xxxxx.com
shubidu172@xxxxx.com
shubidu469@xxxxx.com
shugs_mitchell_606@xxxxx.com
shuhail1335@xxxxx.com
shygger531@xxxxx.com
shygger_81@xxxxx.com
shygger_858@xxxxx.com

(where xxxxx.com is this domain mentioned on top) There come hundreds, thousands a day. 99% of all mail send to my server have email addresses like this...

I'm using watch-maillog.pl to add multiple rejects to iptables.
I use greylisting. I use all available "reject_" types in postfix.

However, my QUESTIONS are:

1. What is the purpose of this?
(they don't relay / they don't hit my inbox)

2. What do folks sending them _gain_ from this?

3. What could be a more efficient way to stop this?
(it's about the postfix load - means that I'd like to reject
them before they reach the mail server)

Answers to these 3 questions or any hints/advices are most appreciated.

Thanks.

tangle 01-16-2006 11:07 PM

Have you tried to contact the owner of the domain or the ISP that they are coming from? I have resolved the only 3 spam issues I have had this way this way on my mail server. At work I have had some success too using this method.

I personally do not know why people do things that cause other probelms. My guess is they are unhappy people and want others to be unhappy too. Kinda pathetic, but misery loves company.


All times are GMT -5. The time now is 04:45 AM.