[lug] Lots o' email bounces

David Morris lists at morris-clan.net
Thu Jun 26 08:34:54 MDT 2008


On Wed, Jun 25, 2008 at 12:36 PM, Dave Pitts <dpitts at cozx.com> wrote:
> Hello:
>
> It seems that we have a new scourge, I'm getting hundreds of apparent
> bounced email messages. It seems that the spammers send stuff to the
> recipient systems with a forged return address that points to my system. I
> catch most of the stuff with Spamassassin; but it chews up so much CPU it is
> almost a denial of service attack. Has anyone else seen these types of
> errors? How do we get rid of this crap? I'm running CentOS 5 using the
> default sendmail and Spamassassin.

You can limit the volume to some extent by setting up "Sender Policy
Framework" (SPF) records in your DNS server.  These records basically
allow other servers to determine which computer systems are authorized
to send mail from your domain.

This won't stop spammers from using your address, but will give other
email servers a hint that this might not actually be from you and thus
help them detect messages as spam.

When setting up SPF records in DNS, include both TXT and SPF DNS
records.  The content will be identical...the TXT records are needed
for older mail servers which don't yet support the new SPF record
type.  A search on the web will bring up lots of resources on how to
format the record content.  You can also use dig to view other's
records (e.g. "dig TXT some-domain.com").

--David



More information about the LUG mailing list