Topic: No user: Spam Forgery

[Paul Howard]

I have been searching for 2 days trying to find a solution for the following, if I didn't spot it sorry!

The situation is we rent a pop box on a catch all basis from a provider. We have our own internal email server (SME Server 7.3) which then collects and distributes email to the relevant users.

The problem is incorrectly addressed email is routed through to the admin account (not bounce messages but the actual incorrectly addressed email) and now a spammer is forging  sender addresses from our domain using none existant usernames, i.e randomuser@domain.com. Therefore we are receiving bounce messages, spam interception messages, out of the office messages, message confirmation from anti spam systems, etc. I have given up filtering with Thunderbird since it is not getting me very far and is completely impractical.

At the moment I have setup a "dead user" mailbox with a 1mb quoter and changed the "E-mail to unknown users " from "reject" to send to the dead user account.

I'm not entirely happy with this but it's an attempt to keep the admin account free from spam blowback. The ideal situation is simply that all incorrectly addressed email is dropped (sent to null) since we take the view it's not our fault if a sender incorrectly addresses an email.

I'm not able to find how to or whether it is possible to drop entirely incorrectly addressed email and any help would be appreciated.

[mercyh]

I am not sure how the mail front end for SME works in your setting. I am sure you have a good reason for using the pop box and then redistributing with SME but a lot of SPAM busting power is probably going to waste on the SME server by doing it this way.

Are your reasons for the POP box good enough to loose control of your own SPAM filtering?

Following are the techniques some have used:
http://forums.contribs.org/index.php?topic=40709.0

I think retrieving your mail from another server bypasses most of these tests.

[Paul Howard]

Sadly the pop box was rented 6+ years ago when the (non IT aware) Bosses decided they would try and deal with IT matters before it fell into my lap.

Spam filtering works very well with the current setup having implemented spam assassin, learn as spam, bayes and awl). The only niggling problem is mail being received for non existant users and routed to valid user account such as admin rather than dropped completely.

I would like to see the pop box dropped but IT is not my sole role and there is always that issue of time and whether it is worth changing a system which works 98% as you want.

Having thought on it, I am guessing it's the multidrop which is allowing incorrectly addressed email to be delivered(?)

[mercyh]

Spam filtering works very well with the current setup having implemented spam assassin, learn as spam, bayes and awl).

Interesting.

(from myself)
I think retrieving your mail from another server bypasses most of these tests.

I need to be more careful with untested assumptions 

[Paul Howard]

Interesting.

I need to be more careful with untested assumptions 

Forgot to put the RBL is in place as well. I was a little nervous the spam filtering wasn't going to be up to speed prior to setting up SME Server but it works