Spam bounce from myself

Here is the situation.

    I am blocking all emails from my own domain on my relay server, since no
email from my organization will originate from the outside.

    I think this is what is happening.  Spammers are sending emails to my
ISP smtp backup server like this:

from: me@mydomain.com
to: me@mydomain.com

    My relay server is rejecting them.  The ISP smtp server is receiving the
smtp rejection and creating a postmaster bounce to me, since my email was in
the from: field.  The bounced message has the original spam email attached.  This means the
spammer was successful in getting me the email.  I.E. one of my users could
open the attachment and allow whatever is in the email to happen. (tojan,
phishing, etc.)


    My question is:  how do I stop this from happening?

    Here is the bounce message.

-----Original Message-----
From: System Administrator [mailto:postmaster@mydomain.com]
Sent: June 26, 2006 9:00 PM
To: ME
Subject: Undeliverable: Roolex for you

Your message

  To:      ME
  Subject: Roolex for you
  Sent:    Mon, 26 Jun 2006 20:59:07 -0400

did not reach the following recipient(s):

ME on Mon, 26 Jun 2006 21:00:22 -0400
    The e-mail system was unable to deliver the message, but did not report
a specific reason.  Check the address and try again.  If it still fails,
contact your system administrator.
    < smtp.myisp.com #5.0.0 X-Postfix;
host smtp.mydomain.com[xxx.xxx.xxx.xxx] said:
550    5.7.1 Message rejected. (in reply to end of DATA command)>
dauyeungAsked:
Who is Participating?

Improve company productivity with a Business Account.Sign Up

x
 
upul007Connect With a Mentor Commented:
I disagree with PsiCop. If you have set up email servers to check and reject emails based on the sending domains spf records, there is hope. Perhaps your back up servers are not set to do this. Some servers do not even accept emails from domains without reverse dns records. You should check further and seek a solution through your isp.
0
 
war1Commented:
Greetings, dauyeung !

Instead of your relay server rejecting the spam emails, have it delete them.  Then there will be nothing to bounce.

Best wishes!
0
 
dauyeungAuthor Commented:
I'm not sure if this would work.

Wouldn't the relay server still send an NDR to the sender, which is one of my users?

DAve
0
Keep up with what's happening at Experts Exchange!

Sign up to receive Decoded, a new monthly digest with product updates, feature release info, continuing education opportunities, and more.

 
PsiCopCommented:
First, you can't stop spammers from sending E-Mails claiming to be from you.

Second, you can't stop mailservers the world over from accepting E-Mail claiming to be from your Domain but clearly originating from elsewhere.

Third, you can't stop those mailservers - which are accepting E-Mail with detectable bogosity - from generating an NDR back to the faked FROM address and thus annoying your users.

About the only way to shield your users would be to construct a mail filter that examined incoming NDRs for plausability, perhaps by checking the mail server logs for recently transmitted messages to the same Domain.
0
 
dauyeungAuthor Commented:
Good idea upul007.

Hadn't thought of ISP filtering.  As for SPF, I wonder how many servers actually use it.  I do have an spf record for our domains.

Anyone have other ideas?

DAve
0
 
upul007Commented:
SPF is supported by Exchange 2003 SP 2 and Alt-N's MDeamon. Here in Sri Lanka certain ISP's actually use this facility to promote their services.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.