I am getting bounces from spam I did not send!
Article Details
URL:
https://siteworks.com/support/index.php?_m=knowledgebase&_a=viewarticle&kbarticleid=69
Article ID:
69
Created On:
Apr 26 2008 07:46 PM
Answer
From time to time, spammers might use your legitimate address as a from address on their spam. They are not using the server or our network to originate and process this spam. You are not likely to be spam blocked as a result because examination of the mail header shows that it did not flow through our network.
If you are getting bombarded after a spammer fraudulently used your address as a from address you might wish to implement this .procmailrc for a short time to deal with the unwanted bounce messages. Note that valid bounces will be discarded as well as the spam bounces. Create a file named .procmailrc and place it into the home directory of the user in question. If it is NOT the main POP box, this goes as /home/popuser/.procmailrc and chown user:owner. Ask for help as needed.
##CUT AND PASTE .. START HERE##
##Our example chooses to DELETE all bounces, returns and failures
##If you want logging, you would uncomment the next 2 lines - beware of large log files that will be created - replace user with actual name ##
#VERBOSE=on/off
#LOGFILE=/home/user/proclog
:0
* ^From:.*MAILER-DAEMON@insert-server-hostname
/dev/null
:0
* ^From:.*MAILER-DAEMON
/dev/null
:0
* ^From:.*Mail Delivery Subsystem
/dev/null
:0
* ^Subject:.*returned
/dev/null
:0
* ^Subject:.*undeliverable
/dev/null
:0
* ^Subject:.*failed
/dev/null
:0
* ^Subject:.*failure
/dev/null
:0
* ^Subject:.*status notification
/dev/null
:0
* ^Subject:.*bulk email
/dev/null
##END##