Knowledgebase: All Things Email
I am getting bounces from spam I did not send!
Posted by SITEWORKS SYS on 26 April 2008 11:46 PM
From time to time, spammers might use your legitimate address as a from address on their spam. They are not using the server or our network to originate and process this spam. You are not likely to be spam blocked as a result because examination of the mail header shows that it did not flow through our network.

If you are getting bombarded after a spammer fraudulently used your address as a from address you might wish to implement this .procmailrc for a short time to deal with the unwanted bounce messages. Note that valid bounces will be discarded as well as the spam bounces. Create a file named .procmailrc and place it into the home directory of the user in question. If it is NOT the main POP box, this goes as /home/popuser/.procmailrc and chown user:owner. Ask for help as needed.

##CUT AND PASTE .. START HERE##
##Our example chooses to DELETE all bounces, returns and failures
##If you want logging, you would uncomment the next 2 lines - beware of large log files that will be created - replace user with actual name ##
#VERBOSE=on/off
#LOGFILE=/home/user/proclog

:0
* ^From:.*MAILER-DAEMON@insert-server-hostname
/dev/null

:0
* ^From:.*MAILER-DAEMON
/dev/null

:0
* ^From:.*Mail Delivery Subsystem
/dev/null

:0
* ^Subject:.*returned
/dev/null

:0
* ^Subject:.*undeliverable
/dev/null

:0
* ^Subject:.*failed
/dev/null

:0
* ^Subject:.*failure
/dev/null

:0
* ^Subject:.*status notification
/dev/null

:0
* ^Subject:.*bulk email
/dev/null

##END##
(866 vote(s))
Helpful
Not helpful

Comments (0)